Updated on 2024-05-21 GMT+08:00

Origin Request Headers

You can configure HTTP headers in origin pull URLs.

Background

If the requested content is not cached on CDN PoPs, CDN PoPs pull that content from an origin server. You can configure HTTP headers on the CDN console to rewrite header details in origin pull URLs.

HTTP headers are part of an HTTP request or response message that define the operating parameters of an HTTP transaction.

Precautions

  • This setting only modifies HTTP messages for origin pull through CDN. It does not modify those in an HTTP message that CDN PoPs return to users.
  • A request header cannot have two different values at the same time.
  • If your domain name has special configurations, the origin request headers cannot be configured.

Procedure

  1. Log in to Huawei Cloud console. Choose Service List > Content Delivery & Edge Computing > Content Delivery Network.

    The CDN console is displayed.

  2. In the navigation pane, choose Domains.
  3. In the domain list, click the target domain name or click Configure in the Operation column.
  4. Click the Origin Settings tab.
  5. In the Origin Request Headers area, click Add.
  6. Configure the header details.
    • Add: Add a header to CDN to rewrite HTTP headers in user request URLs.
    Figure 1 Adding an origin request header

    Table 1 Parameter description

    Parameter

    Example

    Description

    Request Header Operation

    Set

    Add a specific header to an HTTP request of origin pull.

    • If a request URL contains the X-test header and its value is 111, CDN will set X-test to aaa during origin pull.
    • If a request URL does not contain the X-test header, CDN will add X-test and set its value to aaa during origin pull.

    Delete

    Delete the HTTP header that exists in a user request URL.

    • If a request URL contains the X-test header, it will be deleted during origin pull.

    Name

    X-test

    • Enter 1 to 64 characters.
    • Enter only letters, digits, or hyphens (-).

    Value

    aaa

    • Enter 1 to 1,000 characters. When the header is Content-Disposition or Content-Language, the value contains up to 128 characters
    • Enter letters, digits, and the following special characters: .-_*#!&+|^~'"/:;,=@?<>
    • Variables, such as $client_ip and $remote_port, are not allowed.
    • Edit: Modify the value or operation of a header during origin pull. Click Edit in the Operation column next to a header.
    Figure 2 Editing an origin request header

    Parameter

    Example

    Description

    Request Header Operation

    Set

    Add a specific header to an HTTP request of origin pull.

    • If a request URL contains the X-test header and its value is 111, CDN will set X-test to aaa during origin pull.
    • If a request URL does not contain the X-test header, CDN will add X-test and set its value to aaa during origin pull.

    Delete

    Delete the HTTP header that exists in a user request URL.

    • If a request URL contains the X-test header, it will be deleted during origin pull.

    Name

    X-test

    This parameter cannot be modified.

    Value

    aaa

    • Enter 1 to 1,000 characters. When the header is Content-Disposition or Content-Language, the value contains up to 128 characters
    • Enter letters, digits, and the following special characters: .-_*#!&+|^~'"/:;,=@?<>
    • Variables, such as $client_ip and $remote_port, are not allowed.
    • Delete: Delete the header settings. Click Delete in the Operation column of the request header to be deleted. In the displayed dialog box, select other domain names with the same header to be deleted and click OK.
  7. Click OK.

Example

Assume that you have configured the following origin request headers for domain name www.example.com:

When a user requests the http://www.example.com/abc.jpg file, the file is not cached on CDN, and CDN pulls that file from the origin server. The X-cdn header will be added and the X-test header will be deleted during origin pull.

Restrictions

  • If your domain name has special configurations, Content-Type, Cache-Control, and Expires cannot be configured.
  • The following request headers can be modified but cannot be deleted.

    Content-Base

    Content-Disposition

    Server

    Content-Language

    Cache-Control

    Expires

    Content-Type

    -

  • The following standard headers cannot be added, deleted, or modified.

Origin

accept-ch

clear-site-data

push-policy

WsTag

Tcp-Retrans

access-control-allow-methods

access-control-max-age

vary

Date

X-Forward-Type

width

Age

ETag

Purge-Extra

X-Cacheable

access-control-allow-headers

Front-End-Https

ping-to

content-range

cross-origin-opener-policy

Location

viewport-width

Mime-Version

Proxy-Support

X-Resp-Time

If-Range

sec-fetch-dest

device-memory

X-Mem-Url

Cdn-Src-Ip

ping-from

Allow

X-Url-Blackwhite-List

early-data

Sec-WebSocket-Extensions

if-unmodified-since

X-Forward-Uri

Conf-File

x-download-options

X-Error-Status

Negotiate

x-permitted-cross-domain-policies

service-worker-allowed

X-Appa

x-firefox-spdy

content-dpr

X-Miss-Times-Limit

X-Bwctrl-Limit

X-Bwctrl-Para

X-Max-Conns

nel

public-key-pins-report-only

X-MAA-Alias

Sec-WebSocket-Location

X-Cache-2

Authorization

Expect

last-event-id

Sec-WebSocket-Key

X-Refresh-Pattern

forwarded

X-Local-Ip

Sec-WebSocket-Protocol

feature-policy

cross-origin-resource-policy

Request-Range

Conf-Other

strict-transport-security

signed-headers

Cdn-Server-Ip

Sec-WebSocket-Version

accept

X-Black-List

content-location

sourcemap

Partition-Block-Size

Proxy-Authentication-Info

cross-origin-embedder-policy

X-Request-Id

x-dns-prefetch-control

if-none-match

If-Non-Match

Public

X-White-List

x-ua-compatible

Keep-Alive

Transfer-Encoding

alt-svc

max-age

Last-Modified

x-xss-protection

Sec-WebSocket-Nonce

dnt

Link

x-robots-tag

Key

expect-ct

sec-fetch-site

access-control-request-headers

X-Error-URL

X-Log-Url

content-encoding

X-Times-Limit

X-Appa-Origin

X-Miss-Rate-Limit

X-IP-Region

Dynamic

X-Squid-Error

From

accept-ch-lifetime

X-MAA-Auth

Connection

X-Via-CDN

Max-Forwards

Upgrade

sec-fetch-user

content-security-policy-report-only

Pragma

save-data

X-Client-Ip

Cdn-Qos

x-powered-by

X-Forward-Measured

accept-push-policy

server

large-allocation

X-Request-Uri

X-Forward-Ip

Host

Proxy-Authenticate

X-Request-Url

X-Cache-Lookup

Conf-Option

X-Forward-Host

upgrade-insecure-requests

X-Accelerator-Vary

signature

X-Ip-Blackwhite-List

X-Cdn-Src-Port

Sec-WebSocket-Draft

Sec-WebSocket-Origin

X-IP-Region-CN

public-key-pins

Ws-Hdr

If-Match

Proxy-Authorization

X-Rate-Limit

sec-fetch-mode

trailer

X-Rewrite-Url

Via

X-Cache

X-Mgr-Traffic

accept-signature

Warning

dpr

If-Modified-Since

Authentication-Info

access-control-request-method

Content-Length

x-frame-options(xfo)

Range

A_Dynamic

te

x-forwarded-host

Title

WWW-Authenticate

tk

X-Query-Key

accept-charset

access-control-allow-origin

accept-ranges

report-to

access-control-expose-headers

x-content-type-options

Proxy-Connection

server-timing

Retry-After

x-requested-with

X-No-Referer

X-Forward-Peer

Sec-WebSocket-Accept

X-Forwarded-For

Conf-Err-Host

Sec-WebSocket-Key2

access-control-allow-credentials

X-Denyattack-Dynconf

referer-policy

Sec-WebSocket-Key1

content-security-policy

timing-allow-origin

X-DNS-Time

Conf-File-List

X-expireURL

x-pingback

Purge-Domain

-

-

-