Class Response
dw.system
Class Response
Object
dw.system.Response
Represents an HTTP response in Commerce Cloud Digital. An instance of this class is implicitly available within Digital script under the variable "response". The Response object can be used to set cookies and specific HTTP headers, for directly accessing the output stream or for sending redirects.
Constants
ACCESS_CONTROL_ALLOW_CREDENTIALS  :  String = "Access-Control-Allow-Credentials"
An allowed header name constant for Access-Control-Allow-Credentials
ACCESS_CONTROL_ALLOW_HEADERS  :  String = "Access-Control-Allow-Headers"
An allowed header name constant for Access-Control-Allow-Headers
ACCESS_CONTROL_ALLOW_METHODS  :  String = "Access-Control-Allow-Methods"
An allowed header name constant for Access-Control-Allow-Methods
ACCESS_CONTROL_ALLOW_ORIGIN  :  String = "Access-Control-Allow-Origin"
An allowed header name constant for Access-Control-Allow-Origin
ACCESS_CONTROL_EXPOSE_HEADERS  :  String = "Access-Control-Expose-Headers"
An allowed header name constant for Access-Control-Expose-Headers
ALLOW  :  String = "Allow"
An allowed header name constant for Allow
CONTENT_DISPOSITION  :  String = "Content-Disposition"
An allowed header name constant for Content-Disposition
CONTENT_LANGUAGE  :  String = "Content-Language"
An allowed header name constant for Content-Language
CONTENT_LOCATION  :  String = "Content-Location"
An allowed header name constant for Content-Location
CONTENT_MD5  :  String = "Content-MD5"
An allowed header name constant for Content-MD5
CONTENT_SECURITY_POLICY  :  String = "Content-Security-Policy"
An allowed header name constant for Content-Security-Policy.

Note: The Commerce Cloud platform can override this header for tools like the Storefront Toolkit.
CONTENT_SECURITY_POLICY_REPORT_ONLY  :  String = "Content-Security-Policy-Report-Only"
An allowed header name constant for Content-Security-Policy-Report-Only.

You can set this response header only for storefront requests. Report recipient can't be a B2C Commerce system.
CONTENT_TYPE  :  String = "Content-Type"
An allowed header name constant for Content-Type
CROSS_ORIGIN_EMBEDDER_POLICY  :  String = "Cross-Origin-Embedder-Policy"
An allowed header name constant for Cross-Origin-Embedder-Policy
CROSS_ORIGIN_EMBEDDER_POLICY_REPORT_ONLY  :  String = "Cross-Origin-Embedder-Policy-Report-Only"
An allowed header name constant for Cross-Origin-Embedder-Policy-Report-Only.

You can set this response header only for storefront requests. Report recipient can't be a B2C Commerce system.
CROSS_ORIGIN_OPENER_POLICY  :  String = "Cross-Origin-Opener-Policy"
An allowed header name constant for Cross-Origin-Opener-Policy
CROSS_ORIGIN_OPENER_POLICY_REPORT_ONLY  :  String = "Cross-Origin-Opener-Policy-Report-Only"
An allowed header name constant for Cross-Origin-Opener-Policy-Report-Only.

You can set this response header only for storefront requests. Report recipient can't be a B2C Commerce system.
CROSS_ORIGIN_RESOURCE_POLICY  :  String = "Cross-Origin-Resource-Policy"
An allowed header name constant for Cross-Origin-Resource-Policy
LOCATION  :  String = "Location"
An allowed header name constant for Location
PERMISSIONS_POLICY  :  String = "Permissions-Policy"
An allowed header name constant for Permissions-Policy
PLATFORM_FOR_PRIVACY_PREFERENCES_PROJECT  :  String = "P3P"
An allowed header name constant for Platform for Privacy Preferences Project
REFERRER_POLICY  :  String = "Referrer-Policy"
An allowed header name constant for Referrer-Policy
REFRESH  :  String = "Refresh"
An allowed header name constant for Refresh
RETRY_AFTER  :  String = "Retry-After"
An allowed header name constant for Retry-After
SERVICE_WORKER_ALLOWED  :  String = "service-worker-allowed"
An allowed header name constant for service-worker-allowed
VARY  :  String = "Vary"
An allowed header name constant for Vary
X_CONTENT_TYPE_OPTIONS  :  String = "X-Content-Type-Options"
An allowed header name constant for X-Content-Type-Options
X_FRAME_OPTIONS  :  String = "X-FRAME-OPTIONS"
An allowed header name constant for X-FRAME-OPTIONS.

Note: The Commerce Cloud platform can override this header for tools like the Storefront Toolkit.
X_FRAME_OPTIONS_ALLOW_FROM  :  String = "ALLOW-FROM"
An allowed value ALLOW-FROM for X-FRAME-OPTIONS
X_FRAME_OPTIONS_DENY_VALUE  :  String = "DENY"
An allowed value DENY for X-FRAME-OPTIONS
X_FRAME_OPTIONS_SAMEORIGIN_VALUE  :  String = "SAMEORIGIN"
An allowed value SAME-ORIGIN value for X-FRAME-OPTIONS
X_ROBOTS_TAG  :  String = "X-Robots-Tag"
An allowed header name constant for X-Robots-Tag
X_XSS_PROTECTION  :  String = "X-XSS-Protection"
An allowed header name constant for X-XSS-Protection
Properties
writer  :  PrintWriter  (Read Only)
A print writer which can be used to print content directly to the response.
Constructor Summary
This class does not have a constructor, so you cannot create it directly.
Method Summary
addHttpCookie(cookie : Cookie) : void
Adds the specified cookie to the outgoing response.
addHttpHeader(name : String, value : String) : void
Adds a response header with the given name and value.
containsHttpHeader(name : String) : boolean
Checks whether the response message header has a field with the specified name.
getWriter() : PrintWriter
Returns a print writer which can be used to print content directly to the response.
redirect(url : URL) : void
Sends a temporary redirect response (HTTP status 302) to the client for the specified redirect location URL.
redirect(url : URL, status : Number) : void
Sends a redirect response with the given status to the client for the specified redirect location URL.
redirect(location : String) : void
Sends a temporary redirect response (HTTP status 302) to the client for the specified redirect location URL.
redirect(location : String, status : Number) : void
Sends a redirect response with the given status to the client for the specified redirect location URL.
redirect(redirect : URLRedirect) : void
Sends a redirect response with the given status to the client for the specified redirect location URL.
setBuffered(buffered : boolean) : void
Sets whether the output should be buffered or streamed directly to the client.
setContentType(contentType : String) : void
Sets the content type for this response.
setExpires(expires : Number) : void
Sets the cache expiration time for the response.
setExpires(expires : Date) : void
Convenience method for setExpires(Number) which takes a Date object.
setHttpHeader(name : String, value : String) : void
Adds a response header with the given name and value.
setStatus(status : Number) : void
Sets the HTTP response code.
setVaryBy(varyBy : String) : void
Marks the response as personalized with the given variant identifier.
Methods inherited from class Object
assign, create, create, defineProperties, defineProperty, entries, freeze, fromEntries, getOwnPropertyDescriptor, getOwnPropertyNames, getOwnPropertySymbols, getPrototypeOf, hasOwnProperty, is, isExtensible, isFrozen, isPrototypeOf, isSealed, keys, preventExtensions, propertyIsEnumerable, seal, setPrototypeOf, toLocaleString, toString, valueOf, values
Method Detail
addHttpCookie
addHttpCookie(cookie : Cookie) : void
Adds the specified cookie to the outgoing response. This method can be called multiple times to set more than one cookie. If a cookie with the same cookie name, domain and path is set multiple times for the same response, only the last set cookie with this name is sent to the client. This method can be used to set, update or delete cookies at the client. If the cookie doesn't exist at the client, it is set initially. If a cookie with the same name, domain and path already exists at the client, it is updated. A cookie can be deleted at the client by submitting a cookie with the maxAge attribute set to 0 (see Cookie.setMaxAge() for more information). 
 Example, how a cookie can be deleted at the client:

 var cookie : Cookie = new Cookie("SomeName", "Simple Value");

 cookie.setMaxAge(0);

 response.addHttpCookie(cookie);
You can't set a cookie's SameSite attribute using the API. The server sets SameSite to None if either the developer sets the cookie's Secure flag or the global security preference Enforce HTTPS is enabled, in which case the Secure flag is also set. Otherwise, the server doesn't set the SameSite attribute and the browser uses its own default SameSite setting. The SameSite attribute is not sent with a cookie if the server detects that the client doesn't correctly interpret the attribute.
Parameters:
cookie - a Cookie object
addHttpHeader
addHttpHeader(name : String, value : String) : void
Adds a response header with the given name and value. This method allows response headers to have multiple values.

For public headers, only the names listed in the "Constants" section are allowed. Custom header names must begin with the prefix "X-SF-CC-" and can contain only alphanumeric characters, dash, and underscore.

Parameters:
name - the name to use for the response header.
value - the value to use.
containsHttpHeader
containsHttpHeader(name : String) : boolean
Checks whether the response message header has a field with the specified name.
Parameters:
name - the name to use.
getWriter
getWriter() : PrintWriter
Returns a print writer which can be used to print content directly to the response.
redirect
redirect(url : URL) : void
Sends a temporary redirect response (HTTP status 302) to the client for the specified redirect location URL.
Parameters:
url - the URL object for the target location, must be not null
redirect
redirect(url : URL, status : Number) : void
Sends a redirect response with the given status to the client for the specified redirect location URL.
Parameters:
url - the URL object with the redirect location, must be not null
status - the status code for this redirect, must be 301, 302 or 307
redirect
redirect(location : String) : void
Sends a temporary redirect response (HTTP status 302) to the client for the specified redirect location URL. The target location must be a relative or an absolute URL.
Parameters:
location - the target location as a string, must be not empty
redirect
redirect(location : String, status : Number) : void
Sends a redirect response with the given status to the client for the specified redirect location URL.
Parameters:
location - the redirect location, must be not empty
status - the status code for this redirect, must be 301, 302 or 307
redirect
redirect(redirect : URLRedirect) : void
Sends a redirect response with the given status to the client for the specified redirect location URL.
Parameters:
redirect - the URLRedirect object with the location and status, must be not null
setBuffered
setBuffered(buffered : boolean) : void
Sets whether the output should be buffered or streamed directly to the client. By default, buffering is enabled. The mode can only be changed before anything has been written to the response. Switching buffering off and using streaming mode is recommended for sending large responses.
Parameters:
buffered - if true, buffering is used, if false the response will be streamed
setContentType
setContentType(contentType : String) : void
Sets the content type for this response. This method may only be called before any output is written to the response.
Parameters:
contentType - the MIME type of the content, like "text/html", "application/json" etc.
setExpires
setExpires(expires : Number) : void
Sets the cache expiration time for the response. The response will only be cached if caching was not disabled previously. By default, responses are not cached. This method can be called multiple times during request processing. If caching is enabled, the lowest expiration time, resulting from the invocations of the method becomes the cache expiration time. This is only used for HTTP requests. Streamed responses cannot be cached. This method is an alternative for setting the cache time using the <iscache> tag in ISML templates.
Parameters:
expires - the expiration time in milliseconds since January 1, 1970, 00:00:00 GMT
setExpires
setExpires(expires : Date) : void
Convenience method for setExpires(Number) which takes a Date object.
Parameters:
expires - a Date object.
setHttpHeader
setHttpHeader(name : String, value : String) : void
Adds a response header with the given name and value. If one or more value(s) have already been set, the new value overwrites the previous one. The containsHttpHeader(String) method can be used to test for the presence of a header before setting its value.

For public headers, only the names listed in the "Constants" section are allowed. Custom header names must begin with the prefix "X-SF-CC-" and can contain only alphanumeric characters, dash, and underscore.

Parameters:
name - the name to use for the response header.
value - the value to use.
setStatus
setStatus(status : Number) : void
Sets the HTTP response code.
Parameters:
status - a standard-conform HTTP status code, for example 200 for "OK"
setVaryBy
setVaryBy(varyBy : String) : void
Marks the response as personalized with the given variant identifier. Commerce Cloud Digital identifies unique pages based on a combination of pricebook, promotion, sorting rule and A/B test segments, caches the different variants of the page, and then delivers the correct version to the user. If a page is personalized by means other than pricebook, promotion, sorting rule and A/B test, the page must not be cached, because the wrong variants of the page would be delivered to the user. For performance reasons, a page should only be marked as personalized if it really is. Otherwise, the performance can unnecessarily degrade.

This method has the same effect as using <iscache varyby="price_promotion" /> tag in an ISML template. Once the vary-by value was set, either using this method or by the <iscache> tag in a template, the entire response is treated as personalized.

Parameters:
varyBy - the variation criteria, currently only "price_promotion" is supported, any other value has no effect