Response Object

Another important function of Response object is the output of HTTP headers to the client. As part of the HTTP header, these types of response objects should be sent before sending any body content to the client.

Response.PICS Property

Response.PICS property sets the value of PICS label for the pics-label header to specify the content rating. PICS (Platform for Internet Content Selection) was designed to label or to rate the content

Syntax:

Response.PICS (PICSLabel)

 Or in an ASP file. Imply

<% Response.PICS = PICSLabel %>

Parameters:

PICSLabel

The parameter "PICSLabel" is the content rating of a page. The data type of "PICSLabel" is string of the form formatted PICS label.

Remarks:

There is no mechanism to validate whether the specified value represents a valid PICS label or not.

The value of PICSLabel must be enclosed in quotation marks (" ") and therefore the quotes in PICS label must be placed by chr(34)

If there are multiple Response.PICS in the same page, the last instance of Response.PICS in the HTTP header setting of a ASP file will replace all previous Response.PICS Setting?.

Examples:

• Default value with No Response.PICS

  ASP script command:

  <%  %>

  HTTP header response:

  HTTP/1.1 200 OK
  Server: Microsoft-IIS/5.1
  Date: Tue, 31 Jan 2012 15:19:08 GMT
  X-Powered-By: ASP.NET
  Content-Length: 0
  Content-Type: text/html
  Set-Cookie: ASPSESSIONIDPPPP=PPPPPPPP; path=/
  Cache-control: private

• Response.PICS with value "(PICS-1.1 "& chr(34) & "http://www.classify.org/safesurf/" & chr(34) & " l r (SS~~000 1))"

  ASP script command:

  <% Response.PICS("(PICS-1.1 " & chr(34) & "http://www.classify.org/safesurf/" & chr(34) & " l r (SS~~000 1))") %>

  HTTP header response: 

  HTTP/1.1 200 OK
  Server: Microsoft-IIS/5.1
  Date: Tue, 31 Jan 2012 15:19:08 GMT
  X-Powered-By: ASP.NET
  pics-label: (PICS-1.1 "http://www.classify.org/safesurf/" l r (SS~~000 1))
  Content-Length: 0
  Content-Type: text/html
  Set-Cookie: ASPSESSIONIDPPPP=PPPPPPPP; path=/
  Cache-control: private

Response.AddHeader Method

Response.AddHeader Method adds a new HTTP header with name "HeaderName" and sets the value to "HeaderValue".

Syntax:

AddHeader(
    HeaderName,
    HeaderValue
)

 Or in an ASP file. Imply

<% Response.AddHeader "HeaderName", "HeaderValue"  %>

Parameters:

HeaderName

The parameter "HeaderName" is the name of added header. The data type of "HeaderName" is string and the value must be enclosed within quotation signs (" ").

HeaderValue

The parameter "HeaderValue" is the value of added header. The data type of "HeaderValue" is string and the value must be enclosed within quotation signs (" ").

Return Values:

This method has no return values.

Remarks:

The Response.AddHeader Method always append the added header to the HTTP header. The value of the added header does not replace any existing header with the same name.

The values of the parameters must be enclosed in quotation marks (" ").

The customer header value can be retreived by Request.ServerVariables by adding "HTTP_" to the beginning of the custom header name if the client is configured to return response header to the server on a subsequent request. Therefore the retriving of the customer header value is highly depending on the configuration of the client and this method should be avoided if other method can provide the funcionality as required.

Since the ServerVariables collection interprets underscores as dashes in the header name, the HeaderName should not contain any underscore (_) characters to avoid name ambiguity.

As the HTTP header should send before the HTML output, if the response buffer is not enbled in IIS 4.0, all Response.AddHeader method should run before sending any response to client. IN IIS 5.0 or later, the response buffer is enabled by default, all Response.AddHeader method should run before calling Response.Flush method to sent the response to the client.

Examples:

• Default value with No Response.AddHeader

  ASP script command:

  <%  %>

  HTTP header response:

  HTTP/1.1 200 OK
  Server: Microsoft-IIS/5.1
  Date: Tue, 31 Jan 2012 15:19:08 GMT
  X-Powered-By: ASP.NET
  Content-Length: 0
  Content-Type: text/html
  Set-Cookie: ASPSESSIONIDPPPP=PPPPPPPP; path=/
  Cache-control: private

• Response.AddHeader with customer HTTP Header "CustomHeader, CustomerValue"

  ASP script command:

  <% Response.AddHeader "CustomHeader", "CustomerValue"  %>

  HTTP header response: 

  HTTP/1.1 200 OK
  Server: Microsoft-IIS/5.1
  Date: Tue, 31 Jan 2012 15:19:08 GMT
  X-Powered-By: ASP.NET
  CustomHeader: CustomerValue
  Content-Length: 0
  Content-Type: text/html
  Set-Cookie: ASPSESSIONIDPPPP=PPPPPPPP; path=/
  Cache-control: private

• Response.AddHeader with standard HTTP Header "Pragma, no-cache" to specify a cache using HTTP/1.0 not to cache the page

  ASP script command

  <% Response.AddHeader "Pragma", "no-cahce"  %>

  HTTP header response: 

  HTTP/1.1 200 OK
  Server: Microsoft-IIS/5.1
  Date: Tue, 31 Jan 2012 15:19:08 GMT
  X-Powered-By: ASP.NET
  Pragma: no-cache
  Content-Length: 0
  Content-Type: text/html
  Set-Cookie: ASPSESSIONIDPPPP=PPPPPPPP; path=/
  Cache-control: private

• Response.AddHeader with standard HTTP Header "WWW-Authenticate, BASIC" to specify the client use Basic Authentication.

  ASP script command

  <% Response.AddHeader "WWW-Authenticate", "Basic"  %>

  HTTP header response: 

  WWW-Authenticate: Basic
  

  The WWW-Authenticate response header must be included in the 401 Unauthorized response. messages for an unauthorized request.

  CMD commands: 

  telnet sideway.to 80 (CR)
  GET /login.asp HTTP/1.1 (CR)
  Host: sideway.to (CR)
   (CR)
  

  HTTP header response: 

  HTTP/1.1 401 Access Denied
  Server: Microsoft-IIS/5.1
  Date: Tue, 31 Jan 2012 15:19:08 GMT
  X-Powered-By: ASP.NET
  WWW-Authenticate: Negotiate
  WWW-Authenticate: NTLM
  WWW-Authenticate: Basic realm="sideway.to"
  Connection: close
  Content-Length: 4000
  Content-Type: text/html