Skip to content

Custom HTTP Headers

SWS allows customizing the server HTTP Response headers on demand.


The Server HTTP response headers should be defined mainly as an Array of Tables.

Each table entry should have two key/value pairs:

  • One source key containing a string glob pattern.
  • One headers key containing a set or hash table describing plain HTTP headers to apply.

A particular set of HTTP headers can only be applied when a source matches against the request URI.

Custom HTTP headers take precedence over existing ones

Whatever custom HTTP header could replace an existing one if it was previously defined (e.g. server default headers) and matches its source.

The header's order is important because determines its precedence.

Example: If the feature --cache-control-headers=true is enabled but also a custom cache-control header was defined then the custom header will have priority.


The source is a Glob pattern that should match against the URI that is requesting a resource file.


A set of valid plain HTTP headers to be applied.


Below are some examples of how to customize server HTTP headers in three variants.

One-line version


source = "**/*.{js,css}"
headers = { Access-Control-Allow-Origin = "*" }

Multiline version


source = "*.html"
Cache-Control = "public, max-age=36000"
Content-Security-Policy = "frame-ancestors 'self'"
Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"

Multiline version with explicit header key (dotted)


source = "**/*.{jpg,jpeg,png,ico,gif}"
headers.Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"