| title | Azure API Management policy reference - validate-headers | Microsoft Docs |
|---|---|
| description | Reference for the validate-headers policy available for use in Azure API Management. Provides policy usage, settings, and examples. |
| services | api-management |
| author | dlepow |
| ms.service | azure-api-management |
| ms.topic | reference |
| ms.date | 07/23/2024 |
| ms.author | danlep |
[!INCLUDE api-management-availability-all-tiers]
The validate-headers policy validates the response headers against the API schema.
Important
If you imported an API using a management API version prior to 2021-01-01-preview, the validate-headers policy might not work. You may need to reimport your API using management API version 2021-01-01-preview or later.
[!INCLUDE api-management-validation-policy-schema-size-note]
[!INCLUDE api-management-policy-form-alert]
<validate-headers specified-header-action="ignore | prevent | detect" unspecified-header-action="ignore | prevent | detect" errors-variable-name="variable name">
<header name="header name" action="ignore | prevent | detect" />
</validate-headers>| Attribute | Description | Required | Default |
|---|---|---|---|
| specified-header-action | Action to perform for response headers specified in the API schema. Policy expressions are allowed. | Yes | N/A |
| unspecified-header-action | Action to perform for response headers that aren’t specified in the API schema. Policy expressions are allowed. | Yes | N/A |
| errors-variable-name | Name of the variable in context.Variables to log validation errors to. Policy expressions aren't allowed. |
No | N/A |
| Name | Description | Required |
|---|---|---|
| header | Add one or more elements for named headers to override the default validation actions for headers in responses. | No |
[!INCLUDE api-management-validation-policy-actions]
- Policy sections: outbound, on-error
- Policy scopes: global, workspace, product, API, operation
- Gateways: classic, v2, consumption, self-hosted, workspace
- This policy can only be used once in a policy section.
[!INCLUDE api-management-validation-policy-common]
<validate-headers specified-header-action="ignore" unspecified-header-action="prevent" errors-variable-name="responseHeadersValidation" />[!INCLUDE api-management-validation-policy-error-reference]
[!INCLUDE api-management-policy-ref-next-steps]