Generates custom HTTP response headers to return to the client.



cfheader Attribute Reference


Header name
Required if statusCode not specified


HTTP header value


The character encoding in which to encode the header value.

For more information on character encodings, see: Values:
  • utf-8
  • iso-8859-1
  • windows-1252
  • us-ascii
  • shift_jis
  • iso-2022-jp
  • euc-jp
  • euc-kr
  • big5
  • euc-cn
  • utf-16


HTTP status code
Required if name not specified


Explains status code

Links more information about cfheader

Examples sample code using the cfheader tag

Set a HTTP Response Header

Use cfheader to return a Content-Security-Policy HTTP response header.

<cfheader name="Content-Security-Policy" value="default-src 'self'">

Return a Custom Status Code and Status Text

Uses cfheader to return a 405 Method Not Allowed status when method is not POST.

<cfif uCase(cgi.request_method) IS NOT "POST">
    <cfheader statuscode="405" statustext="Method Not Allowed">
    Sorry POST only.<cfabort>

Fork me on GitHub