Use this tag to set a custom HTTP response header.
Syntax
{% set_header header1:value [header2:'etc...'] %}
You may also include reference variables, which will be dereferenced to their header names before setting the header values.
Disallowed Headers
Note that while this tag gives you impressive control over the headers that are returned in the HTTP response, there are a number of headers that you are not allowed to set and which will be ignored if you try. The list of disallowed headers is:
- Accept-Ranges
- Access-Control headers-Allow-Credentials
- Access-Control-Allow-Headers
- Access-Control-Allow-Methods
- Access-Control-Allow-Origin
- Access-Control-Expose-Headers
- Access-Control-Max-Age
- Age
- Allow
- Authorization
- Cache-Control
- Connection
- Content-Disposition
- Content-Encoding
- Content-Language
- Content-Length
- Content-Location
- Content-Range
- Content-Security-Policy
- Content-Security-Policy-Report-Only
- Content-Type
- Date
- ETag
- Expect-CT
- Expires
- Keep-Alive
- Large-Allocation
- Last-Modified
- Location
- Origin
- Pragma
- Proxy-Authenticate
- Public-Key-Pins
- Public-Key-Pins-Report-Only
- Referrer-Policy
- Retry-After
- Server
- Set-Cookie
- Set-Cookie2
- SourceMap
- Strict-Transport-Security
- Timing-Allow-Origin
- Tk
- Trailer
- Transfer-Encoding
- Vary
- Via
- WWW-Authenticate
- Warning
- X-Content-Type-Options
Examples
{% var customHeader = "do refresh in 5" %}
{% set_header Refresh:"5; url=http://www.example.com" X-Custom-Header:customHeader %}
{% var headername = 'X-Custom-Username' %}
{% set_header &headername:session[headername] %}