php - HTTP Response Header is being overwritten. Where all can HTTP Response headers be set in apache? -

i have php application conditionally set access-control-allow-origin header. see change reflected on local setup , on dev environment, on live site, header set else. other headers set along keep values, leads me believe access-control-allow-origin header being overwritten somewhere else.

i've checked .htaccess files in project , apache virtual host configuration file possible places header overwritten. being set in virtual host config file, commented out , restarted apache, header still being overwritten.

is there other place can check see if header being overwritten?

thanks in advance help!

here requested php code snippet:

    $origin=$front->getrequest()->getheader('origin');     if($origin && (preg_match('/http[s]{0,1}:\/\/' . $front->getrequest()->gethttphost() . '$/', $origin))){         $front->getresponse()->setheader('access-control-allow-origin', $origin);         $front->getresponse()->setheader('access-control-allow-credentials', 'true');     }else{         //leave current value if there no match         $front->getresponse()->setheader('access-control-allow-origin', '*');     } 

i'm pretty sure header being overwritten else because can see access-control-allow-credentials:true come through expected, access-control-allow-origin has value of *.

i did more digging , found this link same in .htaccess. ended adding following:

setenvif origin "^http(s)?://(.+\.)?(www.example.com)$" origin_is=$0 header set access-control-allow-origin %{origin_is}e env=origin_is header set access-control-allow-credentials true env=origin_is