Generates custom HTTP response headers to return to the client.



Attribute Reference

name string

Header name
Required if statusCode not specified

value string

HTTP header value

charset string

The character encoding in which to encode the header value.

For more information on character encodings, see:
  • utf-8
  • iso-8859-1
  • windows-1252
  • us-ascii
  • shift_jis
  • iso-2022-jp
  • euc-jp
  • euc-kr
  • big5
  • euc-cn
  • utf-16

statuscode numeric

HTTP status code
Required if name not specified

statustext string

Explains status code



CF11+ Added script-based cfheader()

Links more information about cfheader

Sample code using the cfheader tag

Use cfheader to return a Content-Security-Policy HTTP response header.

<cfheader name="Content-Security-Policy" value="default-src 'self'">

Uses cfheader to return a 405 Method Not Allowed status when method is not POST.

<cfif uCase(cgi.request_method) IS NOT "POST">
    <cfheader statuscode="405" statustext="Method Not Allowed">
    Sorry POST only.<cfabort>

CFScript syntax to return a JSON content type header.

cfheader( name="Content-Type", value="application/json" )

Fork me on GitHub