The AddHeader method adds an HTML header with a specified value. This method always adds a new HTTP header to the response. It will not replace an existing header of the same name. Once a header has been added, it cannot be removed.
If another Response method will provide the functionality you require, it is recommended that you use that method instead.
Response.AddHeader name, value
To avoid name ambiguity, name should not contain any underscore (_) characters. The ServerVariables collection interprets underscores as dashes in the header name. For example, the following script causes the server to search for a header named MY-HEADER.
<% Request.ServerVariables("HTTP_MY_HEADER") %>
Because the HTTP protocol requires that all headers be sent before content, in general you must modify all outgoing headers before your ASP script generates any output. In IIS 4.0, this meant that you had to call AddHeader in your script before any output (such as that generated by HTML code or the Write method) was sent to the client.
However, with IIS 5.0, response buffering (enabled by the metabase property AspBufferingOn) is on by default. Therefore, you can call the AddHeader method at any point in the script, as long as it precedes any calls to Flush.
The following .asp file illustrates this point.
<HTML>
Here's some text on your Web page.
<% Response.AddHeader "WARNING", "Error Message Text" %> Here's some more interesting and illuminating text.
<% Response.Flush %>
<% Response.Write("some string") %>
</HTML>
In the preceding example, because the page is buffered by default, the server will not send output to the client until all the scripts on the ASP page have been processed or until the Flush method is called. With buffered output, calls to AddHeader can appear anywhere the script, so long as they precede any calls to Flush. If the call to AddHeader appeared below the call to Flush in the preceding example, the script would generate a run-time error.
You can use this method to send multiple copies of the same header with different values, as with WWW-Authenticate headers.
The following example uses the AddHeader method to request that the client use Basic authentication.
<% Response.Addheader "WWW-Authenticate", "BASIC" %>
Note The preceding script merely informs the client browser which authentication to use. If you use this script in your Web applications, you should ensure that the Web server has Basic authentication enabled.