///

## Add custom headers

There are some situations in where it's useful to be able to add custom headers to the HTTP error. For example, for some types of security.

You probably won't need to use it directly in your code.

But in case you needed it for an advanced scenario, you can add custom headers:

```Python hl_lines="14"
{!../../docs_src/handling_errors/tutorial002.py!}

  // contain duplicate certificates, or that use PEM block headers.
  //
  // Users of ClusterTrustBundles, including Kubelet, are free to reorder and
  // deduplicate certificate blocks in this file according to their own logic,
  // as well as to drop PEM block headers and inter-block data.
  optional string trustBundle = 2;

object OkHttp {
  /**
   * This is a string like "4.5.0-RC1", "4.5.0", or "4.6.0-SNAPSHOT" indicating the version of
   * OkHttp in the current runtime. Use this to include the OkHttp version in custom `User-Agent`
   * headers.
   *
   * Official OkHttp releases follow [semantic versioning][semver]. Versions with the `-SNAPSHOT`
   * qualifier are not unique and should only be used in development environments. If you create

<div class="wrapper">
    <jsp:include page="/WEB-INF/view/common/admin/header.jsp"></jsp:include>
    <jsp:include page="/WEB-INF/view/common/admin/sidebar.jsp">
        <jsp:param name="menuCategoryType" value="system"/>
        <jsp:param name="menuType" value="dict"/>
    </jsp:include>
    <div class="content-wrapper">
        <div class="content-header">
            <div class="container-fluid">
                <div class="row mb-2">

<div class="wrapper">
    <jsp:include page="/WEB-INF/view/common/admin/header.jsp"></jsp:include>
    <jsp:include page="/WEB-INF/view/common/admin/sidebar.jsp">
        <jsp:param name="menuCategoryType" value="system"/>
        <jsp:param name="menuType" value="dict"/>
    </jsp:include>
    <div class="content-wrapper">
        <div class="content-header">
            <div class="container-fluid">
                <div class="row mb-2">

It might also help avoid confusion for new developers that see an unused parameter in your code and could think it's unnecessary.

///

/// info

In this example we use invented custom headers `X-Key` and `X-Token`.

But in real cases, when implementing security, you would get more benefits from using the integrated [Security utilities (the next chapter)](../security/index.md){.internal-link target=_blank}.

///

		statusCode: 400,
		cause:      err,
	}
}

func errMissingHeaders(err error) *s3Error {
	return &s3Error{
		code:       "MissingHeaders",
		message:    "Some headers in the query are missing from the file. Check the file and try again.",
		statusCode: 400,
		cause:      err,
	}
}

func errUnrecognizedFormatException(err error) *s3Error {
	return &s3Error{

    )
    if not (is_correct_username and is_correct_password):
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Incorrect username or password",
            headers={"WWW-Authenticate": "Basic"},
        )
    return credentials.username


@app.get("/users/me")
def read_current_user(username: Annotated[str, Depends(get_current_username)]):

async def read_items():
    return {"id": "foo"}


client = TestClient(app)


def test_swagger_ui():
    response = client.get("/docs")
    assert response.status_code == 200, response.text
    assert response.headers["content-type"] == "text/html; charset=utf-8"
    assert "swagger-ui-dist" in response.text
    print(client.base_url)
    assert "oauth2RedirectUrl" not in response.text


def test_swagger_ui_no_oauth2_redirect():

    traceparent: str | None = None
    x_tag: list[str] = []


@app.get("/items/")
async def read_items(headers: Annotated[CommonHeaders, Header()]):
    return headers
```

Read the new docs: [Header Parameter Models](https://fastapi.tiangolo.com/tutorial/header-param-models/).

#### `Cookie` Parameter Models

Use Pydantic models for `Cookie` parameters:

```python