Generates custom HTTP response headers to return to the client.



Attribute Reference for the cfheader tag


Required: No
Header name
Required if statusCode not specified


Required: No
HTTP header value


Required: No
The character encoding in which to encode the header value.

For more information on character encodings, see: Values:
  • utf-8
  • iso-8859-1
  • windows-1252
  • us-ascii
  • shift_jis
  • iso-2022-jp
  • euc-jp
  • euc-kr
  • big5
  • euc-cn
  • utf-16


Required: No
HTTP status code
Required if name not specified


Required: No
Explains status code

Links more information about cfheader

Examples sample code using the cfheader tag

Set a HTTP Response Header

Use cfheader to return a Content-Security-Policy HTTP response header.

<cfheader name="Content-Security-Policy" value="default-src 'self'">

Return a Custom Status Code and Status Text

Uses cfheader to return a 405 Method Not Allowed status when method is not POST.

<cfif uCase(cgi.request_method) IS NOT "POST">
    <cfheader statuscode="405" statustext="Method Not Allowed">
    Sorry POST only.<cfabort>

Fork me on GitHub