diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h
index e4e7142d..a6e0f5bb 100644
--- a/lib/libwebsockets.h
+++ b/lib/libwebsockets.h
@@ -1284,9 +1284,26 @@ enum lws_callback_reasons {
 	LWS_CALLBACK_ADD_HEADERS				= 53,
 	/**< This gives your user code a chance to add headers to a
 	 * transaction bound to your protocol.  `in` points to a
-	 * `struct lws_process_html_args` you can add headers into
-	 * using the normal lws apis.  See generic sessions for an
-	 * example of how to use with cookies. */
+	 * `struct lws_process_html_args` describing a buffer and length
+	 * you can add headers into using the normal lws apis.
+	 *
+	 * Only `args->p` and `args->len` are valid, and `args->p` should
+	 * be moved on by the amount of bytes written, if any.  Eg
+	 *
+	 * 	case LWS_CALLBACK_ADD_HEADERS:
+	 *
+	 *          struct lws_process_html_args *args =
+	 *          		(struct lws_process_html_args *)in;
+	 *
+	 *	    if (lws_add_http_header_by_name(wsi,
+	 *			(unsigned char *)"set-cookie:",
+	 *			(unsigned char *)cookie, cookie_len,
+	 *			(unsigned char **)&args->p,
+	 *			(unsigned char *)args->p + args->max_len))
+	 *		return 1;
+	 *
+	 *          break;
+	 */
 	LWS_CALLBACK_SESSION_INFO				= 54,
 	/**< This is only generated by user code using generic sessions.
 	 * It's used to get a `struct lws_session_info` filled in by
diff --git a/lib/server-handshake.c b/lib/server-handshake.c
index 2e9563c5..3d319c35 100644
--- a/lib/server-handshake.c
+++ b/lib/server-handshake.c
@@ -228,6 +228,7 @@ int
 handshake_0405(struct lws_context *context, struct lws *wsi)
 {
 	struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi];
+	struct lws_process_html_args args;
 	unsigned char hash[20];
 	int n, accept_len;
 	char *response;
@@ -299,12 +300,20 @@ handshake_0405(struct lws_context *context, struct lws *wsi)
 	if (lws_extension_server_handshake(wsi, &p, 192))
 		goto bail;
 #endif
+	LWS_CPYAPP(p, "\x0d\x0a");
 
-	//LWS_CPYAPP(p, "\x0d\x0a""An-unknown-header: blah");
+	args.p = p;
+	args.max_len = ((char *)pt->serv_buf + context->pt_serv_buf_size) - p;
+	if (user_callback_handle_rxflow(wsi->protocol->callback, wsi,
+					LWS_CALLBACK_ADD_HEADERS,
+					wsi->user_space, &args, 0))
+		goto bail;
+
+	p = args.p;
 
 	/* end of response packet */
 
-	LWS_CPYAPP(p, "\x0d\x0a\x0d\x0a");
+	LWS_CPYAPP(p, "\x0d\x0a");
 
 	if (!lws_any_extension_handled(wsi, LWS_EXT_CB_HANDSHAKE_REPLY_TX,
 				       response, p - response)) {