Class Response

TopLevel.Object
- dw.system.Response

Represents an HTTP response in Commerce Cloud Digital. An instance of this class is implicitly available within Digital script under the variable "response". The Response object can be used to set cookies and specific HTTP headers, for directly accessing the output stream or for sending redirects.

Constant	Description
ACCESS_CONTROL_ALLOW_CREDENTIALS: String = "Access-Control-Allow-Credentials"	An allowed header name constant for Access-Control-Allow-Credentials
ACCESS_CONTROL_ALLOW_HEADERS: String = "Access-Control-Allow-Headers"	An allowed header name constant for Access-Control-Allow-Headers
ACCESS_CONTROL_ALLOW_METHODS: String = "Access-Control-Allow-Methods"	An allowed header name constant for Access-Control-Allow-Methods
ACCESS_CONTROL_ALLOW_ORIGIN: String = "Access-Control-Allow-Origin"	An allowed header name constant for Access-Control-Allow-Origin
ACCESS_CONTROL_EXPOSE_HEADERS: String = "Access-Control-Expose-Headers"	An allowed header name constant for Access-Control-Expose-Headers
ALLOW: String = "Allow"	An allowed header name constant for Allow
CONTENT_DISPOSITION: String = "Content-Disposition"	An allowed header name constant for Content-Disposition
CONTENT_LANGUAGE: String = "Content-Language"	An allowed header name constant for Content-Language
CONTENT_LOCATION: String = "Content-Location"	An allowed header name constant for Content-Location
CONTENT_MD5: String = "Content-MD5"	An allowed header name constant for Content-MD5
CONTENT_SECURITY_POLICY: String = "Content-Security-Policy"	An allowed header name constant for Content-Security-Policy.
CONTENT_SECURITY_POLICY_REPORT_ONLY: String = "Content-Security-Policy-Report-Only"	An allowed header name constant for Content-Security-Policy-Report-Only.
CONTENT_TYPE: String = "Content-Type"	An allowed header name constant for Content-Type
CROSS_ORIGIN_EMBEDDER_POLICY: String = "Cross-Origin-Embedder-Policy"	An allowed header name constant for Cross-Origin-Embedder-Policy
CROSS_ORIGIN_EMBEDDER_POLICY_REPORT_ONLY: String = "Cross-Origin-Embedder-Policy-Report-Only"	An allowed header name constant for Cross-Origin-Embedder-Policy-Report-Only.
CROSS_ORIGIN_OPENER_POLICY: String = "Cross-Origin-Opener-Policy"	An allowed header name constant for Cross-Origin-Opener-Policy
CROSS_ORIGIN_OPENER_POLICY_REPORT_ONLY: String = "Cross-Origin-Opener-Policy-Report-Only"	An allowed header name constant for Cross-Origin-Opener-Policy-Report-Only.
CROSS_ORIGIN_RESOURCE_POLICY: String = "Cross-Origin-Resource-Policy"	An allowed header name constant for Cross-Origin-Resource-Policy
LINK: String = "Link"	An allowed header name constant for Link
LOCATION: String = "Location"	An allowed header name constant for Location
PERMISSIONS_POLICY: String = "Permissions-Policy"	An allowed header name constant for Permissions-Policy
PLATFORM_FOR_PRIVACY_PREFERENCES_PROJECT: String = "P3P"	An allowed header name constant for Platform for Privacy Preferences Project
REFERRER_POLICY: String = "Referrer-Policy"	An allowed header name constant for Referrer-Policy
REFRESH: String = "Refresh"	An allowed header name constant for Refresh
RETRY_AFTER: String = "Retry-After"	An allowed header name constant for Retry-After
SERVICE_WORKER_ALLOWED: String = "service-worker-allowed"	An allowed header name constant for service-worker-allowed
VARY: String = "Vary"	An allowed header name constant for Vary
X_CONTENT_TYPE_OPTIONS: String = "X-Content-Type-Options"	An allowed header name constant for X-Content-Type-Options
X_FRAME_OPTIONS: String = "X-FRAME-OPTIONS"	An allowed header name constant for X-FRAME-OPTIONS.
X_FRAME_OPTIONS_ALLOW_FROM: String = "ALLOW-FROM"	An allowed value ALLOW-FROM for X-FRAME-OPTIONS
X_FRAME_OPTIONS_DENY_VALUE: String = "DENY"	An allowed value DENY for X-FRAME-OPTIONS
X_FRAME_OPTIONS_SAMEORIGIN_VALUE: String = "SAMEORIGIN"	An allowed value SAME-ORIGIN value for X-FRAME-OPTIONS
X_ROBOTS_TAG: String = "X-Robots-Tag"	An allowed header name constant for X-Robots-Tag
X_XSS_PROTECTION: String = "X-XSS-Protection"	An allowed header name constant for X-XSS-Protection

Property	Description
writer: PrintWriter `(read-only)`	Returns a print writer which can be used to print content directly to the response.

This class does not have a constructor, so you cannot create it directly.

Method	Description
addHttpCookie(Cookie)	Adds the specified cookie to the outgoing response.
addHttpHeader(String, String)	Adds a response header with the given name and value.
containsHttpHeader(String)	Checks whether the response message header has a field with the specified name.
getWriter()	Returns a print writer which can be used to print content directly to the response.
redirect(URL)	Sends a temporary redirect response (HTTP status 302) to the client for the specified redirect location URL.
redirect(URL, Number)	Sends a redirect response with the given status to the client for the specified redirect location URL.
redirect(URLRedirect)	Sends a redirect response with the given status to the client for the specified redirect location URL.
redirect(String)	Sends a temporary redirect response (HTTP status 302) to the client for the specified redirect location URL.
redirect(String, Number)	Sends a redirect response with the given status to the client for the specified redirect location URL.
setBuffered(Boolean)	Sets whether the output should be buffered or streamed directly to the client.
setContentType(String)	Sets the content type for this response.
setExpires(Date)	Convenience method for setExpires(Number) which takes a Date object.
setExpires(Number)	Sets the cache expiration time for the response.
setHttpHeader(String, String)	Adds a response header with the given name and value.
setStatus(Number)	Sets the HTTP response code.
setVaryBy(String)	Marks the response as personalized with the given variant identifier.

assign, create, create, defineProperties, defineProperty, entries, freeze, fromEntries, getOwnPropertyDescriptor, getOwnPropertyNames, getOwnPropertySymbols, getPrototypeOf, hasOwnProperty, is, isExtensible, isFrozen, isPrototypeOf, isSealed, keys, preventExtensions, propertyIsEnumerable, seal, setPrototypeOf, toLocaleString, toString, valueOf, values

ACCESS_CONTROL_ALLOW_CREDENTIALS: String = "Access-Control-Allow-Credentials": An allowed header name constant for Access-Control-Allow-Credentials

ACCESS_CONTROL_ALLOW_HEADERS: String = "Access-Control-Allow-Headers": An allowed header name constant for Access-Control-Allow-Headers

ACCESS_CONTROL_ALLOW_METHODS: String = "Access-Control-Allow-Methods": An allowed header name constant for Access-Control-Allow-Methods

ACCESS_CONTROL_ALLOW_ORIGIN: String = "Access-Control-Allow-Origin": An allowed header name constant for Access-Control-Allow-Origin

ACCESS_CONTROL_EXPOSE_HEADERS: String = "Access-Control-Expose-Headers": An allowed header name constant for Access-Control-Expose-Headers

ALLOW: String = "Allow": An allowed header name constant for Allow

CONTENT_DISPOSITION: String = "Content-Disposition": An allowed header name constant for Content-Disposition

CONTENT_LANGUAGE: String = "Content-Language": An allowed header name constant for Content-Language

CONTENT_LOCATION: String = "Content-Location": An allowed header name constant for Content-Location

CONTENT_MD5: String = "Content-MD5": An allowed header name constant for Content-MD5

CONTENT_SECURITY_POLICY: String = "Content-Security-Policy"

An allowed header name constant for Content-Security-Policy.

Note: The Commerce Cloud platform can override this header for tools like the Storefront Toolkit.

CONTENT_SECURITY_POLICY_REPORT_ONLY: String = "Content-Security-Policy-Report-Only"

An allowed header name constant for Content-Security-Policy-Report-Only.

You can set this response header only for storefront requests. Report recipient can't be a B2C Commerce system.

CONTENT_TYPE: String = "Content-Type": An allowed header name constant for Content-Type

CROSS_ORIGIN_EMBEDDER_POLICY: String = "Cross-Origin-Embedder-Policy": An allowed header name constant for Cross-Origin-Embedder-Policy

CROSS_ORIGIN_EMBEDDER_POLICY_REPORT_ONLY: String = "Cross-Origin-Embedder-Policy-Report-Only"

An allowed header name constant for Cross-Origin-Embedder-Policy-Report-Only.

You can set this response header only for storefront requests. Report recipient can't be a B2C Commerce system.

CROSS_ORIGIN_OPENER_POLICY: String = "Cross-Origin-Opener-Policy": An allowed header name constant for Cross-Origin-Opener-Policy

CROSS_ORIGIN_OPENER_POLICY_REPORT_ONLY: String = "Cross-Origin-Opener-Policy-Report-Only"

An allowed header name constant for Cross-Origin-Opener-Policy-Report-Only.

You can set this response header only for storefront requests. Report recipient can't be a B2C Commerce system.

CROSS_ORIGIN_RESOURCE_POLICY: String = "Cross-Origin-Resource-Policy": An allowed header name constant for Cross-Origin-Resource-Policy

LINK: String = "Link": An allowed header name constant for Link

LOCATION: String = "Location": An allowed header name constant for Location

PERMISSIONS_POLICY: String = "Permissions-Policy": An allowed header name constant for Permissions-Policy

PLATFORM_FOR_PRIVACY_PREFERENCES_PROJECT: String = "P3P": An allowed header name constant for Platform for Privacy Preferences Project

REFERRER_POLICY: String = "Referrer-Policy": An allowed header name constant for Referrer-Policy

REFRESH: String = "Refresh": An allowed header name constant for Refresh

RETRY_AFTER: String = "Retry-After": An allowed header name constant for Retry-After

SERVICE_WORKER_ALLOWED: String = "service-worker-allowed": An allowed header name constant for service-worker-allowed

VARY: String = "Vary": An allowed header name constant for Vary

X_CONTENT_TYPE_OPTIONS: String = "X-Content-Type-Options": An allowed header name constant for X-Content-Type-Options

X_FRAME_OPTIONS: String = "X-FRAME-OPTIONS"

An allowed header name constant for X-FRAME-OPTIONS.

Note: The Commerce Cloud platform can override this header for tools like the Storefront Toolkit.

X_FRAME_OPTIONS_ALLOW_FROM: String = "ALLOW-FROM": An allowed value ALLOW-FROM for X-FRAME-OPTIONS

X_FRAME_OPTIONS_DENY_VALUE: String = "DENY": An allowed value DENY for X-FRAME-OPTIONS

X_FRAME_OPTIONS_SAMEORIGIN_VALUE: String = "SAMEORIGIN": An allowed value SAME-ORIGIN value for X-FRAME-OPTIONS

X_ROBOTS_TAG: String = "X-Robots-Tag": An allowed header name constant for X-Robots-Tag

X_XSS_PROTECTION: String = "X-XSS-Protection": An allowed header name constant for X-XSS-Protection

writer: PrintWriter (read-only): Returns a print writer which can be used to print content directly to the response.

addHttpCookie(cookie: Cookie): void

Adds the specified cookie to the outgoing response. This method can be called multiple times to set more than one cookie. If a cookie with the same cookie name, domain and path is set multiple times for the same response, only the last set cookie with this name is sent to the client. This method can be used to set, update or delete cookies at the client. If the cookie doesn't exist at the client, it is set initially. If a cookie with the same name, domain and path already exists at the client, it is updated. A cookie can be deleted at the client by submitting a cookie with the maxAge attribute set to 0 (see Cookie.setMaxAge() for more information).

You can't set a cookie's SameSite attribute using the API. The server sets SameSite to None if either the developer sets the cookie's Secure flag or the global security preference Enforce HTTPS is enabled, in which case the Secure flag is also set. Otherwise, the server doesn't set the SameSite attribute and the browser uses its own default SameSite setting. The SameSite attribute is not sent with a cookie if the server detects that the client doesn't correctly interpret the attribute.

Parameters:

cookie - a Cookie object

addHttpHeader(name: String, value: String): void

Adds a response header with the given name and value. This method allows response headers to have multiple values.

For public headers, only the names listed in the "Constants" section are allowed. Custom header names must begin with the prefix "X-SF-CC-" and can contain only alphanumeric characters, dash, and underscore.

Parameters:

name - the name to use for the response header.
value - the value to use.

containsHttpHeader(name: String): Boolean

Checks whether the response message header has a field with the specified name.

Parameters:

name - the name to use.

getWriter(): PrintWriter: Returns a print writer which can be used to print content directly to the response.

redirect(url: URL): void

Sends a temporary redirect response (HTTP status 302) to the client for the specified redirect location URL.

Parameters:

url - the URL object for the target location, must be not null

redirect(url: URL, status: Number): void

Sends a redirect response with the given status to the client for the specified redirect location URL.

Parameters:

url - the URL object with the redirect location, must be not null
status - the status code for this redirect, must be 301, 302 or 307

redirect(redirect: URLRedirect): void

Sends a redirect response with the given status to the client for the specified redirect location URL.

Parameters:

redirect - the URLRedirect object with the location and status, must be not null

redirect(location: String): void

Sends a temporary redirect response (HTTP status 302) to the client for the specified redirect location URL. The target location must be a relative or an absolute URL.

Parameters:

location - the target location as a string, must be not empty

redirect(location: String, status: Number): void

Sends a redirect response with the given status to the client for the specified redirect location URL.

Parameters:

location - the redirect location, must be not empty
status - the status code for this redirect, must be 301, 302 or 307

setBuffered(buffered: Boolean): void

Sets whether the output should be buffered or streamed directly to the client. By default, buffering is enabled. The mode can only be changed before anything has been written to the response. Switching buffering off and using streaming mode is recommended for sending large responses.

Parameters:

buffered - if true, buffering is used, if false the response will be streamed

setContentType(contentType: String): void

Sets the content type for this response. This method may only be called before any output is written to the response.

Parameters:

contentType - the MIME type of the content, like "text/html", "application/json" etc.

setExpires(expires: Date): void

Convenience method for setExpires(Number) which takes a Date object.

Parameters:

expires - a Date object.

setExpires(expires: Number): void

Sets the cache expiration time for the response. The response will only be cached if caching was not disabled previously. By default, responses are not cached. This method can be called multiple times during request processing. If caching is enabled, the lowest expiration time, resulting from the invocations of the method becomes the cache expiration time. This is only used for HTTP requests. Streamed responses cannot be cached. This method is an alternative for setting the cache time using the <iscache> tag in ISML templates.

Parameters:

expires - the expiration time in milliseconds since January 1, 1970, 00:00:00 GMT

setHttpHeader(name: String, value: String): void

Adds a response header with the given name and value. If one or more value(s) have already been set, the new value overwrites the previous one. The containsHttpHeader(String) method can be used to test for the presence of a header before setting its value.

Parameters:

name - the name to use for the response header.
value - the value to use.

setStatus(status: Number): void

Sets the HTTP response code.

Parameters:

status - a standard-conform HTTP status code, for example 200 for "OK"

setVaryBy(varyBy: String): void

Marks the response as personalized with the given variant identifier. Commerce Cloud Digital identifies unique pages based on a combination of pricebook, promotion, sorting rule and A/B test segments, caches the different variants of the page, and then delivers the correct version to the user. If a page is personalized by means other than pricebook, promotion, sorting rule and A/B test, the page must not be cached, because the wrong variants of the page would be delivered to the user. For performance reasons, a page should only be marked as personalized if it really is. Otherwise, the performance can unnecessarily degrade.

This method has the same effect as using <iscache varyby="price\_promotion" /> tag in an ISML template. Once the vary-by value was set, either using this method or by the <iscache> tag in a template, the entire response is treated as personalized.

Parameters:

varyBy - the variation criteria, currently only "price_promotion" is supported, any other value has no effect