Request Headers

The headers object is available on every page, and contains information regarding the headers sent with the request that may be useful for serving and rendering the page.

Name	Type	Description
is_valid	Boolean	Will always be true
keys	list	The list of header names sent in the request
count	Integer	The number of header names sent in the request
*	String	Specific headers may be accessed using {{ request.headers.headername }} or {{ request.headers['header-name'] }}
output	String	JSON representation of the request headers, similar to {{ headers \| inspect: 3, false }}

The headers object is copyable, and when copied using {% copy_to_dictionary %} the keys will be the header names and the values will be the corresponding string header values.

You may also treat this object as a list containing all of the header names which may be iterated using a {% for %} loop.

{% set_header %}

Sets one or more headers in the HTTP response.

There are a number of reserved and invalid headers that may not be set using this method - mostly including headers with predefined meanings such as HTTP connection headers, CORS headers, content and security headers, etc...

If you attempt to set an invalid or disallowed HTTP response header, it will simply be ignored rather than outputting an error message.

Examples

{% for key in request.headers.keys %} {{ key }}: {{ request.headers[key] }} {% endfor %}

{% var customHeader = "do refresh in 5" %} {% set_header Refresh:"5; url=http://www.example.com" X-Custom-Header:customHeader %}

{% for header in request.headers %} {{ header }}: {{ request.headers[header] }} {% endfor %}

{% var headername = 'X-Custom-Username' %} {% set_header &headername:session[headername] %}

Origin: {{ request.headers.origin }}

{% if request.headers.origin == 'https://specifically-allowed-domain.com' %} {% allow_cors %} {% endif %}

Request Headers

Request Headers

{{ headers }}

{% set_header %}

Examples