Liquid header tag
On this page
The header Liquid tag sets HTTP response headers directly from your theme templates. When StoreConnect renders a page, it collects all headers set via this tag and includes them in the HTTP response sent to the browser.
Syntax
```liquid
{% header name: “Header-Name”, value: “header-value” %} ```
| Parameter | Required | Description |
|---|---|---|
name |
Yes | The HTTP header name (e.g. Content-Security-Policy, X-Custom-Header) |
value |
Yes | The header value |
Where you can use it
The header tag works in all of the following template contexts:
- Layout templates (
layouts/) - Page templates (
pages/) - Snippets (
snippets/) — including those rendered via{% render %} - Database content blocks (content stored in Salesforce)
Headers set in any of these contexts are merged together into the final HTTP response.
Examples
Set a Content-Security-Policy for one page
```liquid
{% if current_page.identifier == “home” %} {% header name: “Content-Security-Policy”, value: “frame-ancestors ‘self’ example.com;” %} {% endif %} ```
Set a custom header from a layout
```liquid
{% header name: “X-Store-Region”, value: current_store.name %} ```
Set multiple headers
```liquid
{% header name: “X-Frame-Options”, value: “SAMEORIGIN” %} {% header name: “Referrer-Policy”, value: “strict-origin-when-cross-origin” %} ```
When multiple header tags set the same header name, the last value wins.
Notes
- Some core platform headers (such as
Content-TypeandSet-Cookie) are controlled by StoreConnect and cannot be overridden with this tag. - Do not use this tag to expose sensitive information. Header values are visible to clients and intermediaries.
- Dynamic values from Liquid variables are supported in both
nameandvalueparameters.
Was this article helpful?
Thanks for your feedback! It helps us improve our docs.