Skip to main content
Reads an HTTP header with the given name from the current request.

Signature

sqlpage.header(name TEXT) -> TEXT

Parameters

name
TEXT
required
The name of the HTTP header to read (case-insensitive)

Return Value

return
TEXT
The value of the header as text, or NULL if the header is not present

Description

The header() function allows you to read HTTP headers from the incoming request. Header names are case-insensitive, so 'User-Agent' and 'user-agent' are equivalent.

Examples

Log User Agent

Record the browser’s User-Agent string in the database: 
INSERT INTO user_agent_log (user_agent, visited_at) 
VALUES (
    sqlpage.header('user-agent'),
    CURRENT_TIMESTAMP
);

Check Request Origin

Verify that a request comes from an allowed origin: 
SELECT 'redirect' as component,
    '/error?msg=invalid_origin' as link
WHERE sqlpage.header('origin') NOT IN ('https://example.com', 'https://www.example.com');

Content Type Detection

Check if the client is requesting JSON: 
SET accept_header = sqlpage.header('accept');

SELECT 'json' as component
WHERE $accept_header LIKE '%application/json%';

SELECT 'html' as component
WHERE $accept_header NOT LIKE '%application/json%';

Get Real Client IP Behind Proxy

When running behind a reverse proxy: 
SET client_ip = COALESCE(
    sqlpage.header('x-forwarded-for'),
    sqlpage.header('x-real-ip'),
    sqlpage.client_ip()
);

INSERT INTO connection_log (ip_address) VALUES ($client_ip);

Common Headers

  • User-Agent - Browser and OS information
  • Accept - Content types the client can handle
  • Accept-Language - Preferred languages
  • Referer - The page that linked to this page
  • Authorization - Authentication credentials
  • Content-Type - Type of request body (for POST/PUT)
  • Origin - Origin of cross-site requests
  • X-Forwarded-For - Real client IP when behind a proxy
  • X-Real-IP - Alternative header for client IP

See Also

Build docs developers (and LLMs) love

Get started for freeTalk to us