Generates custom HTTP response headers to return to the client.
<cfheader>
cfheader();
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| name | string | No | Header name Required if statusCode not specified |
|
| value | string | No | HTTP header value | |
| charset | string | No | The character encoding in which to encode the header value. For more information on character encodings, see: www.w3.org/International/O-charset.html. |
|
| statuscode | numeric | No | HTTP status code Required if name not specified |
|
| statustext | string | No | Explains status code Removed in CF2025 as it’s also removed in Tomcat. |
Use cfheader to return a Content-Security-Policy HTTP response header.
<cfheader name="Content-Security-Policy" value="default-src 'self'">
Uses cfheader to return a 405 Method Not Allowed status when method is not POST.
<cfif uCase(cgi.request_method) IS NOT "POST">
<cfheader statuscode="405" statustext="Method Not Allowed">
Sorry POST only.<cfabort>
</cfif>
CFScript syntax to return a JSON content type header.
cfheader( name="Content-Type", value="application/json" )