cfheader

Generates custom HTTP response headers to return to the client.

<cfheader>

cfheader();

Attribute Reference

name string

Header name
Required if statusCode not specified

value string

HTTP header value

charset string

The character encoding in which to encode the header value.

For more information on character encodings, see:
www.w3.org/International/O-charset.html.

Values:

utf-8
iso-8859-1
windows-1252
us-ascii
shift_jis
iso-2022-jp
euc-jp
euc-kr
big5
euc-cn
utf-16

statuscode numeric

HTTP status code
Required if name not specified

statustext string

Explains status code
Removed in CF2025 as it's also removed in Tomcat.

Compatibility

ColdFusion:

CF11+ Added script-based cfheader()

Links more information about cfheader

List of HTTP Header Fields - Wikipedia page listing standard HTTP headers. This page lists both HTTP request headers and HTTP response headers. You can only set HTTP Response headers with cfheader, request headers are sent by the user agent (the browser).
HTTP Status Code Listing - Status code definitions from RFC 2616

Examples
Sample code using the cfheader tag

Set a HTTP Response Header

Use cfheader to return a Content-Security-Policy HTTP response header.

<cfheader name="Content-Security-Policy" value="default-src 'self'">

Return a Custom Status Code and Status Text

Uses cfheader to return a 405 Method Not Allowed status when method is not POST.

<cfif uCase(cgi.request_method) IS NOT "POST">
    <cfheader statuscode="405" statustext="Method Not Allowed">
    Sorry POST only.<cfabort>
</cfif>

Content-Type header in CFScript

CFScript syntax to return a JSON content type header.

cfheader( name="Content-Type", value="application/json" )

Signup for cfbreak to stay updated on the latest news from the ColdFusion / CFML community. One email, every friday.

Fork me on GitHub