Origin Request Headers
You can configure HTTP headers in origin pull URLs.
Background
If the requested content is not cached on CDN PoPs, CDN PoPs pull that content from an origin server. You can configure HTTP headers on the CDN console to rewrite header details in origin pull URLs.
HTTP headers are part of an HTTP request or response message that define the operating parameters of an HTTP transaction.
Precautions
- This setting only modifies HTTP messages for origin pull through CDN. It does not modify those in an HTTP message that CDN PoPs return to users.
- A request header cannot have two different values at the same time.
- If your domain name has special configurations, the origin request headers cannot be configured.
- You can add up to 10 headers.
Procedure
- Log in to Huawei Cloud console. Choose .
The CDN console is displayed.
- In the navigation pane, choose .
- In the domain list, click the target domain name or click Configure in the Operation column.
- Click the Origin Settings tab.
- In the Origin Request Headers area, click Add.
- Configure the header details.
- Add: Add a header to CDN to rewrite HTTP headers in user request URLs.
Figure 1 Adding an origin request header
Table 1 Parameter description Parameter
Example
Description
Request Header Operation
Set
Add a specific header to an HTTP request of origin pull.
- If a request URL contains the X-test header and its value is 111, CDN will set X-test to aaa during origin pull.
- If a request URL does not contain the X-test header, CDN will add X-test and set its value to aaa during origin pull.
Delete
Delete the HTTP header that exists in a user request URL.
- If a request URL contains the X-test header, it will be deleted during origin pull.
Name
X-test
- Enter 1 to 100 characters.
- Start with a letter and use only letters, digits, or hyphens (-).
Value
aaa
- Enter 1 to 1,000 characters.
- Enter letters, digits, and the following special characters: .-_*#!&+|^~'"/:;,=@?<>
- Variables, such as $client_ip and $remote_port, are not allowed.
- Edit: Modify the value or operation of a header during origin pull. Click Edit in the Operation column next to a header.
Figure 2 Editing an origin request header
Parameter
Example
Description
Request Header Operation
Set
Add a specific header to an HTTP request of origin pull.
- If a request URL contains the X-test header and its value is 111, CDN will set X-test to aaa during origin pull.
- If a request URL does not contain the X-test header, CDN will add X-test and set its value to aaa during origin pull.
Delete
Delete the HTTP header that exists in a user request URL.
- If a request URL contains the X-test header, it will be deleted during origin pull.
Name
X-test
This parameter cannot be modified.
Value
aaa
- Enter 1 to 1,000 characters.
- Enter letters, digits, and the following special characters: .-_*#!&+|^~'"/:;,=@?<>
- Variables, such as $client_ip and $remote_port, are not allowed.
- Delete: Delete the header settings. Click Delete in the Operation column of the request header to be deleted. In the displayed dialog box, select other domain names with the same header to be deleted and click OK.
- Click OK.
Example
Assume that you have configured the following origin request headers for domain name www.example.com:
When a user requests the http://www.example.com/abc.jpg file that is not cached on CDN, CDN pulls that file from the origin server. The X-cdn header will be added and the X-test header will be deleted during origin pull.
Constraints
- If your domain name has special configurations, Content-Type, Cache-Control, and Expires cannot be configured.
- The following request headers can only be modified. You cannot set Request Header Operation to Delete for them.
Expires
Content-Disposition
Content-Type
Content-Language
Cache-Control
-
- The following standard headers cannot be added, deleted, or modified.
a_dynamic |
cross-origin-embedder-policy |
origin |
strict-transport-security |
accept |
cross-origin-opener-policy |
ping-from |
te |
accept-ch |
cross-origin-resource-policy |
ping-to |
timing-allow-origin |
accept-charset |
date |
pragma |
tk |
accept-ch-lifetime |
device-memory |
proxy-authenticate |
trailer |
accept-push-policy |
dnt |
proxy-authorization |
transfer-encoding |
accept-ranges |
dpr |
public-key-pins |
upgrade |
accept-signature |
early-data |
public-key-pins-report-only |
upgrade-insecure-requests |
access-control-allow-credentials |
etag |
push-policy |
vary |
access-control-allow-headers |
expect |
range |
via |
access-control-allow-methods |
expect-ct |
referer-policy |
viewport-width |
access-control-allow-origin |
feature-policy |
report-to |
warning |
access-control-expose-headers |
forwarded |
retry-after |
width |
access-control-max-age |
from |
save-data |
www-authenticate |
access-control-request-headers |
host |
sec-fetch-dest |
x-client-ip |
access-control-request-method |
if-match |
sec-fetch-mode |
x-content-type-options |
age |
if-modified-since |
sec-fetch-site |
x-dns-prefetch-control |
allow |
if-none-match |
sec-fetch-user |
x-download-options |
alt-svc |
if-range |
sec-websocket-accept |
x-firefox-spdy |
authorization |
if-unmodified-since |
sec-websocket-extensions |
x-forwarded-for |
clear-site-data |
keep-alive |
sec-websocket-key |
x-forwarded-host |
connection |
large-allocation |
sec-websocket-protocol |
x-frame-options(xfo) |
content-dpr |
last-event-id |
sec-websocket-version |
x-permitted-cross-domain-policies |
content-encoding |
last-modified |
server |
x-pingback |
content-length |
link |
server-timing |
x-powered-by |
content-location |
location |
service-worker-allowed |
x-requested-with |
content-range |
max-age |
signature |
x-robots-tag |
content-security-policy |
max-forwards |
signed-headers |
x-ua-compatible |
content-security-policy-report-only |
nel |
sourcemap |
x-xss-protection |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.