Set Header Policy

The <set-header> policy adds a new HTTP header or overwrites an existing one in the request or response. It is commonly used to inject authentication tokens, control caching, or pass custom metadata between services.

Syntax

<set-header name="header-name" exists-action="override|skip">
    <value>header-value</value>
</set-header>

Attributes

• name – Name of the HTTP header.
• exists-action – override (default) to replace an existing header, or skip to leave it unchanged.

Example: Add Authorization Header

This example adds an Authorization header to every inbound request using a static token.

<inbound>
    <base>
        <set-header name="Authorization" exists-action="override">
            <value>Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...</value>
        </set-header>
    </base>
</inbound>

Dynamic Values

Headers can be set using expressions, variables, or policy transformations.

<set-header name="X-Request-ID" exists-action="override">
    <value>@(Guid.NewGuid().ToString())</value>
</set-header>

Usage Notes

• Place the <set-header> policy in the <inbound> or <outbound> sections as needed.
• Multiple <set-header> policies can be chained to add several headers.
• When using exists-action="skip", the header is added only if it does not already exist.

See Also

• Add Header Policy
• Remove Header Policy
• Transform URL Policy