Set the HTTP Headers for your template.
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


HTTP Header

Set the HTTP Headers for your template.


  • status - set an HTTP Status code
  • location - set a location for redirection
  • content_type - set a Content-Type header
  • charset - set a charset in the Content-Type header
  • content_disposition - set a Content-Disposition header (ex: attachment) with a filename
  • content_language - set a Content-Language header
  • cache_seconds - set to a non-zero number to set caching headers; set to 0 to force no-cache
  • terminate - set to "yes" to prevent any other output from the template
  • vary - set a Vary header
  • access_control_allow_origin - set a Access-Control-Allow-Origin header
  • x_frame_options - set X-Frame-Options header to protect from clickjacking (control usage in iFrames)


Do a 301 redirect

{exp:http_header status="301" location="{path=site/something}" terminate="yes"}

Set a 404 Status header

{exp:http_header status="404"}

Set the Content-Type header to application/json

{exp:http_header content_type="application/json"}

Set Content-Disposition to force the download

{exp:http_header content_disposition="attachment" filename="myfile.xml"}

Set the Pragma, Cache-control, and Expires headers to set a 5 minute (300 second) cache

{exp:http_header cache_seconds="300"}

Set the Content-Language header to "en"

{exp:http_header content_language="en"}

Set the Vary header to User-Agent

{exp:http_header vary="User-Agent"}

Set the Access-Control-Allow-Origin header to allow all

{exp:http_header access_control_allow_origin="*"}

Set the X-Frame-Options header to a same website origin

{exp:http_header x_frame_options="SAMEORIGIN"}

Options available for x_frame_options: DENY, SAMEORIGIN or ALLOW-FROM uri (replace uri for valid uri)