How-to Add Custom Headers To Dispatcher

Practical AEM Series How-to Add Custom Headers To Dispatcher
Practical AEM Series How-to Add Custom Headers To Dispatcher

This post details the process to add custom headers to Response and Request sections for all web pages on AEM. In this i’m adding “X-Forwarded-Proto”, “Pragma” and “Cache-Control” to Dispatcher.

Step-by-step guide

The below file names and directories are used by default if the environment is setup by AMS.

  1. SSH to Dispatcher (e.g: ssh user@ip)
  2. Go to /etc/httpd/conf folder and open the file clientheaders.any file to edit (e.g: sudo vim clientheaders.any)
    1. Append your headers to this file. As an example i’m adding “X-Forwarded-Proto“, “Pragma” and “Cache-Control
    2. Save and close the file
    3. My file looks like this
  3.  Change directory to /etc/httpd/conf.d and open the dispatcher_vhosts.config file
    1. Add the below line to the end of the file:NameVirtualHost *:443
      <VirtualHost *:443>
      Header always append Pragma “no-Cache”
      Header always append Cache-Control “no-Cache, no-Store”
      RequestHeader set X-Forward-Proto “https”
      RequestHeader set Pragma “no-cache”
      RequestHeader set Cache-Control “no-Cache, no-Store”
    2. I added this under “443” because the AEM url is always accessed through “https”. That is how it was configured by AMS
  4. Restart Apache. (e.g: sudo /usr/sbin/apachectl restart )
  5. To test if the above headers appearing on the browser
    1. Open the site Chrome
    2. Right click and open Inspect > Network > Under View, choose “Use small request rows” and refresh the browser.
    3. You will see activity on the “inspect window. Choose the html page from that, then you will see all the headers. Like below.



  1. Header attribue above sets the values for Response Headers and RequestHeader are set for Request Headers.  If  you expand the above screenshot you can see the values separately under Response Header and Request Headers.

While the requirement to show headers under Response Headers and Request Headers is met, i have not elaborately tested how these would effect Dispatcher’s ability to function normally, caching content etc. Please be aware of this.

I have done this as a requirement by one of our customers to have these headers for every page. These were required to be set on every page by Hailstorm Security Scan, otherwise the scan would mark these as “Warnings” to the AEM Platforms as not being secure.1