Hello, I encountered strange behavior during HTTP response. I need to set custom header Access-Control-Allow-Origin:*. To do that I am using custom response. Following code is working and set required header: declare %rest:POST("{$json}") %rest:path("/ping") function drpg:ping( $json as xs:string ) as element()* { <rest:response> <http:response status="200" message="OK"> <http:header name="Access-Control-Allow-Origin" value="*"/> <http:header name="Content-Type" value="text/html"/> </http:response> </rest:response>, let $p := json:parse($json) return ($p/json/data/_/_/_)[last()] }; Response header: Access-Control-Allow-Origin * Content-Length 11 Content-Type text/html;charset=utf-8 Date Sat, 14 Jul 2018 09:17:18 GMT Server Jetty(9.4.9.v20180320) I want to return plain text, so when I change return parameter to xs:string* and add data function header from <rest:response> is overwritten. Response header: Content-Length 6 Content-Type application/xml; charset=UTF-8 Date Sat, 14 Jul 2018 09:26:59 GMT Server Jetty(9.4.9.v20180320) Example code: declare %rest:POST("{$json}") %rest:path("/drpg/ping") function drpg:ping( $json as xs:string ) as xs:string* { <rest:response> <http:response status="200" message="OK"> <http:header name="Access-Control-Allow-Origin" value="*"/> <http:header name="Content-Type" value="text/html"/> </http:response> </rest:response>, let $p := json:parse($json) return data(($p/json/data/_/_/_)[last()]) }; Why does header is overwritten ? I think if header is set explicitly it shouldn't be overwritten. Best Regards Bogdan Bogucki