The AddHeader method adds a new HTML header and value to the response sent to the client. It does not replace an existing header of the same name. After a header has been added, it cannot be removed.
PICS was originally designed to help parents and teachers control what children access on the Internet, but it also facilitates other uses for labels, including code signing and privacy. Other rating services and filtering software have been built to use PICS. For more information, see Platform for Internet Content Selection (PICS) on the World Wide Web Consortium Web site.
If a client is configured to return response headers to the server on a subsequent request, you can use Request.ServerVariables to retrieve the custom header value. "HTTP_" is added to the beginning of the custom header name. For example, if you add a header with this code:
<% Response.AddHeader "CustomHeader", "CustomValue" %>
You can retrieve the header if a special client returns it to the server on the next request with the following code:
<% ReturnedValue = Request.ServerVariables("HTTP_CustomHeader") %>
To avoid name ambiguity, HeaderName should not contain any underscore (_) characters. The ServerVariables collection interprets underscores as dashes in the header name. For example, the following script causes the server to search for a header named MY-HEADER:
<% Request.ServerVariables("HTTP_MY_HEADER") %>
If a different Response method can provide the functionality you require, it is recommended that you use that method instead. For example, to send a custom value and have it returned to your Web application on a subsequent request without relying on the configuration of the client, you can use Response.Cookies and Request.Cookies. Or to set cache control for a response, you can use Response.CacheControl.
Because the HTTP protocol requires that all headers be sent before the page content, you must modify all outgoing headers before your ASP script generates any output. In IIS 4.0, this meant that you had to call the AddHeader method in your script before any output was sent to the client, such as output generated by HTML code or the Response.Write method. In IIS versions 5.0 or later, response buffering is on by default. Therefore, you can call the AddHeader method at any point in the script, as long as it precedes any calls to the Response.Flush method. You can enable or disable response buffering by setting the metabase property AspBufferingOn or by using Response.Buffer in an ASP script.
The following .asp file illustrates this point.
<HTML> Here's some text on your Web page. ' This header tells proxy servers using HTTP/1.0 not to cache this request. <% Response.AddHeader "Pragma", "no-cache" %> <% Response.Flush %> <% Response.Write("Pragma is set to no-cache") %> </HTML>
In the preceding example, because the page is buffered by default, the server will not send output to the client until all the scripts on the ASP page have been processed or until the Response.Flush method is called. If the call to AddHeader appeared after the call to Flush in the preceding example, the script would generate a run-time error.
You can use the AddHeader method to send multiple copies of the same header with different values, as with the WWW-Authenticate headers. The following example uses the AddHeader method to request that the client use Basic authentication:
<% Response.Addheader "WWW-Authenticate", "BASIC" %>
The preceding script only informs the client browser of which type of authentication to use; it does not specify that the Web server enable Basic authentication for the application.
Client: Requires Windows XP Professional, Windows 2000 Professional, or Windows NT Workstation 4.0.
Server: Requires Windows Server 2003, Windows 2000 Server, or Windows NT Server 4.0.