shopware · Marcus Kreusch (mkreusch) · Apr 10, 2026
diff --git a/guides/plugins/apps/app-scripts/custom-endpoints.md b/guides/plugins/apps/app-scripts/custom-endpoints.md
@@ -9,42 +9,6 @@ nav:
 
 If you want to execute some logic in Shopware and trigger the execution over an HTTP request or need some special data from Shopware over the API, you can create custom API endpoints in your app that allow you to execute a script when a request to that endpoint is made.
 
-## Manipulate HTTP-headers to API responses
-
-::: info
-Note that the `response` hook was added in v6.6.10.4 and is not available in earlier versions.
-:::
-
-There is a specific `response` script hook, that allows you to manipulate the HTTP-headers of the response via app scripts.
-This is especially useful to adjust the security headers to your needs.
-
-To add a custom header to every response, you can do the following:
-
-```twig
-// Resources/scripts/response/response.twig
-{% do hook.setHeader('X-Frame-Options', 'SAMEORIGIN') %}
-```
-
-Additionally, you can check the current value of a given header and adjust it accordingly:
-
-```twig
-// Resources/scripts/response/response.twig
-{% if hook.getHeader('X-Frame-Options') == 'DENY' %}
-    {% do hook.setHeader('X-Frame-Options', 'SAMEORIGIN') %}
-{% endif %}
-```
-
-You also have access to the route name of the current request and to the route scopes to control the headers for specific routes:
-
-```twig
-// Resources/scripts/response/response.twig
-{% if hook.routeName == 'frontend.detail.page' and hook.isInRouteScope('store-api') %}
-    {% do hook.setHeader('X-Frame-Options', 'SAMEORIGIN') %}
-{% endif %}
-```
-
-The possible route scopes are `storefront`, `store-api`, `api` and `administration`.
-
 ## Custom Endpoints
 
 There are specialized script-execution endpoints for the `api`, `store-api` and `storefront` scopes.
@@ -163,6 +127,42 @@ Additionally, it is also possible to redirect to an existing route:
 
 For a complete overview of the available data and services, refer to the [reference documentation](../../../../resources/references/app-reference/script-reference/script-hooks-reference#storefront-hook).
 
+## Manipulate HTTP-headers to API responses
+
+::: info
+Note that the `response` hook was added in v6.6.10.4 and is not available in earlier versions.
+:::
+
+There is a specific `response` script hook, that allows you to manipulate the HTTP-headers of the response via app scripts.
+This is especially useful to adjust the security headers to your needs.
+
+To add a custom header to every response, you can do the following:
+
+```twig
+// Resources/scripts/response/response.twig
+{% do hook.setHeader('X-Frame-Options', 'SAMEORIGIN') %}
+```
+
+Additionally, you can check the current value of a given header and adjust it accordingly:
+
+```twig
+// Resources/scripts/response/response.twig
+{% if hook.getHeader('X-Frame-Options') == 'DENY' %}
+    {% do hook.setHeader('X-Frame-Options', 'SAMEORIGIN') %}
+{% endif %}
+```
+
+You also have access to the route name of the current request and to the route scopes to control the headers for specific routes:
+
+```twig
+// Resources/scripts/response/response.twig
+{% if hook.routeName == 'frontend.detail.page' and hook.isInRouteScope('store-api') %}
+    {% do hook.setHeader('X-Frame-Options', 'SAMEORIGIN') %}
+{% endif %}
+```
+
+The possible route scopes are `storefront`, `store-api`, `api` and `administration`.
+
 ## Caching
 
 To improve the end-user experience and provide a scalable system, the customer-facing APIs (i.e., `store-api` and `storefront`) offer a caching mechanism to cache the response to specific requests and return the response from the cache on further requests instead of computing it again and again on each request.