Custom headers will never come to V7 ? | Community
Skip to main content
Z
ZakariaHa1
Level 2
March 18, 2026
Question

Custom headers will never come to V7 ?

  • March 18, 2026
  • 2 replies
  • 45 views

Hi,

I'm surprised to see that the custom header feature has still not been delivered in the latest build upgrade, especially since it was announced nearly two years ago.

This is a key security feature for integrations with third-party tools, as it enables standard authentication via custom headers.

Could anyone provide some visibility on this topic? At this point, should we assume that Adobe has no plans to implement this in V7?

Any update would be greatly appreciated.

 

2 replies

ccg1706
Community Advisor
ccg1706Community Advisor
Community Advisor
March 21, 2026

Hi ​@ZakariaHa1,

 

I have checked official documentation and I don’t see any evidence  that custom inbound headers support has been delivered in Campaign Classic v7. I don’t see neither anything in the current v8 release notes that would indicate this capability is currently available

 

The only related point I could find i that v8 supports header-based authentication for APIs, but that is not the same as passing custom request header through JavaScript or custom pages.

Attached documentation: API access

 

Hope it clarifies

 

Best,

Celia

Z
ZakariaHa1Author
Level 2
March 21, 2026

Hello @ccg1706,

Yes, I couldn't find any official commitment from Adobe on this as well. So it's not yet supported, even though it should have been for a while now based on this post.

Adobe support had actually mentioned it to me as planned for V7.4.3, but nothing confirmed so far. 

That’s why I came here to have more information.

Thanks

 

    ccg1706
    Community Advisor
    ccg1706Community Advisor
    Community Advisor
    March 21, 2026

    Hello ​@ZakariaHa1

     

    Even if support indicated to you that it is planned, at this point the safest assumption is that the feature is still not available and there is no confirmed timeline for its delivery.

     

    If this is something you would like to see implemented, my recommendation is to post it under ideas inside the community so the moderators can raise it with the product team if relevant.

     

    Best regards, 

    Celia 

     

    AmitVishwakarma
    Community Advisor
    AmitVishwakarmaCommunity Advisor
    Community Advisor
    March 22, 2026

    Hi ​@ZakariaHa1 

    In Adobe Campaign Classic v7, custom HTTP request headers that pass through the Apache nlsrvmod module are stripped and cannot be whitelisted. This is hard‑coded behavior; there is no supported switch or "custom headers" feature coming to v7.

    So you should assume: no product-level fix in v7; plan around it.

    If you must use custom headers (for auth, correlation IDs, etc.), the only reliable pattern on v7 is:

    1. Bypass Apache and hit Tomcat directly

    Put your auth in headers as required (e.g. X-Client-Id, X-SignatureThis pattern is in production use and is the only way to get guaranteed delivery of custom headers on v7 today.etc.), and consume them in your JSSPs / SOAP handlers as usual.

    If you can't bypass Apache

    If Tomcat direct access is not allowed in your environment:

    • Use standard headers (e.g. Authorization) instead of custom ones, if your third‑party can accept that.
    • Or move the custom data into the body or query parameters, where nlsrvmod does not interfere.
    • For new projects requiring richer/API-key style auth, consider v8 + REST / Adobe I/O fronting, not v7.
    Amit Vishwakarma - Adobe Commerce Champion 2025 | 16x Adobe certified | 4x Adobe SME
    Z
    ZakariaHa1Author
    Level 2
    March 23, 2026

    Hi ​@AmitVishwakarma ,

     

    Thanks for this explaination. However, I’m in a service managed mode.

    Why Adobe can’t do that directly ?

     

    Thanks,

     

     

    Terms & ConditionsAccessibility statement

    Loading footer...