HTTP Response

Nette encapsulates the HTTP response into objects with an understandable API while providing a sanitization filter.


composer require nette/http

An HTTP response is an Nette\Http\Response object, which you get by passing it using dependency injection. In presenters simply call $httpResponse = $this->getHttpResponse().


Unlike Nette\Http\Request, this object is mutable, so you can use setters to change the state, ie to send headers. Remember that all setters must be called before any actual output is sent. The isSent() method tells if output have been sent. If it returns true, each attempt to send a header throws an Nette\InvalidStateException exception.

setCode(int $code, string $reason=null)

Changes a status response code. For better source code readability it is recommended to use predefined constants instead of actual numbers.


getCode(): int

Returns the status code of the response.

isSent(): bool

Returns whether headers have already been sent from the server to the browser, so it is no longer possible to send headers or change the status code.

setHeader(string $name, string $value)

Sends an HTTP header and overwrites previously sent header of the same name.

$httpResponse->setHeader('Pragma', 'no-cache');

addHeader(string $name, string $value)

Sends an HTTP header and doesn't overwrite previously sent header of the same name.

$httpResponse->addHeader('Accept', 'application/json');
$httpResponse->addHeader('Accept', 'application/xml');

deleteHeader(string $name)

Deletes a previously sent HTTP header.

getHeader(string $header): ?string

Returns the sent HTTP header, or null if it does not exist. The parameter is case-insensitive.

$pragma = $httpResponse->getHeader('Pragma');

getHeaders(): array

Returns all sent HTTP headers as associative array.

$headers = $httpResponse->getHeaders();
echo $headers['Pragma'];

setContentType(string $type, string $charset=null)

Sends the header Content-Type.

$httpResponse->setContentType('text/plain', 'UTF-8');

redirect(string $url, int $code=self::S302_FOUND)void

Redirects to another URL. Don't forget to quit the script then.


setExpiration(?string $time)

Sets the expiration of the HTTP document using the Cache-Control and Expires headers. The parameter is either a time interval (as text or number of seconds) or null, which disables caching.

// browser cache expires in one hour
$httpResponse->setExpiration('1 hour');

setCookie(string $name, string $value, $time, string $path=null, string $domain=null, bool $secure=null, bool $httpOnly=null, string $sameSite=null)

Sends a cookie. Default parameter values:

$path '/' with scope to all paths on (sub)domain
$domain null with scope of the current (sub)domain, but not its subdomains
$secure   affected by the settings in configuration
$httpOnly true cookie is inaccessible to JavaScript
$sameSite null flag is not specified (see SameSite cookie)

The time can be specified as number of seconds or a string:

$httpResponse->setCookie('lang', 'en', '100 days');

The $domain option determines which domains (origins) can accept cookies. If not specified, the cookie is accepted by the same (sub)domain as is set by it, excluding their subdomains. If $domain is specified, then subdomains are also included. Therefore, specifying $domain is less restrictive than omitting. For example, if $domain = '', cookie is also available on all subdomains like

deleteCookie(string $name, string $path=null, string $domain=null, bool $secure=null)void

Deletes a cookie. The default values ​​of the parameters are:

  • $path with scope to all directories ('/')
  • $domain with scope of the current (sub)domain, but not its subdomains
  • $secure is affected by the settings in configuration
version: 4.0 3.x 2.x