Request Headers

Request Headers

{{ headers }}

The headers object is available on every page, and contains information regarding the headers sent with the request that may be useful for serving and rendering the page.

Properties of {{ headers }} objects
Name Type Description
is_valid Boolean Will always be true
keys list The list of header names sent in the request
count Integer The number of header names sent in the request
* String Specific headers may be accessed using {{ request.headers.headername }} or {{ request.headers['header-name'] }}
output String JSON representation of the request headers, similar to {{ headers | inspect: 3, false }}

The headers object is copyable, and when copied using {% copy_to_dictionary %} the keys will be the header names and the values will be the corresponding string header values. You may also treat this object as a list containing all of the header names which may be iterated using a {% for %} loop.

Related

{{ request }}

The request object is available on every page, and contains information regarding the HTTP request that may be useful for serving and rendering the page.

string

Can be any text, from the empty string ("") to the full HTML output of the template. When used alone in a conditional, all strings evaluates as true - even if they are empty or a value such as "0" or "false".

number

Can be any number, including integers, decimals, or the value 0. Any value - including 0 - evaluates as true when used alone in a conditional.

integer

A whole (non-fractional, non-decimal) number. May be 0. Any value - including 0 - evaluates as true when used alone in a conditional.

list

An enumerable list containing zero or more objects. Lists may contain many different object types, although most lists only contain a single object type. There are a large number of other complex object types that are also lists (ag: an articlelist is a complex object but is also a list of article objects).

{% set_header %}

Sets one or more headers in the HTTP response.

{% set_header attributes %}

{% set_header
attributes
 
Key:value pairs with unique keys. May use the variable arguments syntax. The names and values of the headers to set in the HTTP response
%}

There are a number of reserved and invalid headers that may not be set using this method - mostly including headers with predefined meanings such as HTTP connection headers, CORS headers, and content and security headers. If you attempt to set an invalid or disallowed HTTP response header, it will simply be ignored rather than outputting an error message.

Related

{% set_title %}

Sets the page title.

{% set_description %}

Sets the meta description for the current page, which is output by default as part of an HTML page's {{ automatic_markup }}.

{% set_session %}

Saves custom properties on the session. Note that this doesn't mean much unless the user (or the developer) has granted permission for sessions.

{% set_timezone %}

Sets the default timezone to use when rendering dates and times on the page that do not already have a separate timezone configured.

{% set_content_type %}

Sets the Content-Type header for the HTTP response.

{% set_robots %}

Sets the robots meta directive.

{% set_client %}

Saves custom properties on the client that will survive across multiple sessions until they are changed, unset, or the "session" permission expires. Note that this doesn't mean much unless the user (or the developer) has granted permission for sessions.

{% set_favicon %}

Sets the URL to the favicon for the current page, which is output by default as part of an HTML page's {{ automatic_markup }}.

{% set_profile_setting %}

Saves custom values to predefined profile settings that will be accessible whenever the current profile is logged in. Note that this is meaningless unless the user is logged in. Profile settings may include validation, in which case all settings will be validated before being set and any validation error will prevent the setting(s) from being set. Validation errors may optionally be output to a variable.

{% set %}

Replaces a value on the nearest scope where it has already been defined. If it has not been defined yet, it is stored on the root scope.

{% set_client_permission %}

Defines whether the client has granted or deined permission for a particular feature (eg: sessions). The only permission defined by default is the session permission (configurable in the site properties). However, the template developer may use this mechanism for their own purposes as well. The permissions defined by this method will be stored in the permissions cookie, which may be read and/or modified by client-side javascript.

{% set_dictionary %}

Sets properties on an editable dictionary object. If the dictionary does not exist it will be created and stored on the current scope. If the dictionary exists but is not editable this will throw an error.

{% set_cookie %}

Sets a cookie in the HTTP response.

{% set_canonical_url %}

Sets the canonical URL for the current page, which is output by default as part of an HTML page's {{ automatic_markup }}.

{% set_response_code %}

Sets the HTTP response status code.

{% set_profile %}

Saves custom properties on the profile that will be accessible whenever the current profile is logged in. The properties will be saved to the profile's attribute dictionary. Note that this is meaningless unless the user is logged in.

Examples

How to use the set_header method

Copy

Set a header to refresh

{% var customHeader = "do refresh in 5" %}
{% set_header Refresh:"5; url=https://www.example.com" X-Custom-Header:customHeader %}
This example demonstrates the use of the set_header method to set 2 headers to refresh the page in 5 seconds and include a custom header with a value.

Set dynamic header by reference variable

{% var fieldname = 'Username' %}
{% var headername = fieldname | prepend: 'X-Custom-' %}
{% set_header &headername:session[fieldname] %}
This example dynamically defines a header name based on the value of a fieldname variable, and then sets the header to the value of the matching session variable.

How to use the request.headers object

Copy

Get the origin

You are coming from {{ request.headers.origin }}
This example demonstrates how to get and output the origin of the request.

Get a custom header

{% var headername = "X-Custom-Username" %}
Are you really {{ request.headers[headername] }}?
This example demonstrates how to get and output a custom header from the request.

List all headers

<ul>
{% for header in request.headers %}
<li><strong>{{ header }}</strong>: {{ request.headers[header] }}</li>
{% endfor %}
</ul>
Output an unordered list containing all of the headers and their values from the request.

List all headers with keys

<ul>
{% for header in request.headers.keys %}
<li><strong>{{ header }}</strong>: {{ request.headers[header] }}</li>
{% endfor %}
</ul>
Enumerating request.headers.keys is the same as enumerating request.headers, so this example is functionally identical to the previous example.

Demonstrates how to allow cross-origin requests from a specific domain.

Allow cross-origin requests from a specific domain

Copy
{% if request.headers.origin == 'https://specifically-allowed-domain.com' %}
{% allow_cors %}
{% endif %}