请选择
Edge Acceleration
  • Site Acceleration
    • Overview
    • Access Control
      • Token Authentication
    • File Optimization
      • Smart Compression
    • Network Optimization
      • HTTP/2
      • HTTP/3(QUIC)
        • Overview
        • Enable HTTP/3
        • QUIC SDK
          • SDK Overview
          • SDK Download and Integration
          • Sample Code
            • Android
            • iOS
          • API Documentation
            • Android
            • iOS
      • IPv6 Access
      • Maximum Upload Size
      • WebSocket
      • Client IP Geolocation Header
      • Client IP Geographical Location
      • gRPC
    • URL Rewrite
      • Access URL Redirection
      • Origin-Pull URL Rewrite
    • Modifying Header
      • Modifying HTTP Response Headers
      • Modifying HTTP Request Headers
    • Custom Error Page
    • Request and Response Actions
      • Processing order
      • Default HTTP Headers of Origin-Pull Requests
      • Default HTTP Response Headers
  • Smart Acceleration
  • L4 Proxy
    • Overview
    • Creating an L4 Proxy Instance
    • Modifying an L4 Proxy Instance
    • Disabling or Deleting an L4 Proxy Instance
    • Batch Configuring Forwarding Rules
    • Obtaining Real Client IPs
      • Obtaining Real TCP Client IPs via TOA
      • Obtaining Real Client IPs Through Protocol V1/V2
        • Overview
        • Method 1: Obtaining Real Client IPs Through Nginx
        • Method 2: Parsing Real Client IPs on Application Server
        • Format of Real Client IPs Obtained Through Proxy Protocol V1/V2
      • Transmitting Client Real IP via SPP Protocol
  • Edge DNS
    • Hosting DNS Records
      • Modifying DNS Servers
      • Configuring DNS Records
      • Advanced DNS Configuration
    • Domain Connection
      • Adding A Domain Name for Acceleration
      • Ownership Verification
      • Modifying CNAME Records
    • Domain alias
      • Overview
      • Configuration Guide
      • Batch Connecting SaaS Domain Names
      • Configuring Alias Domain Names for Disaster Recovery
    • Traffic Scheduling
      • Traffic Scheduling Management
    • Origin Configuration
      • Load Balancing
        • Overview
        • Quickly Create Load Balancers
        • Health Check Policies
        • Viewing the Health Status of Origin Server
        • Related References
          • Load Balancing-Related Concepts
          • Introduction to Request Retry Strategy
      • Origin Group Configuration
      • Origin-pull configuration
        • Configuring Origin-Pull HTTPS
        • Host Header Rewrite
        • Controlling Origin-pull Requests
        • Redirect Following During Origin-Pull
        • HTTP/2 Origin-Pull
        • Range GETs
      • Related References
        • ld Version Origin Group Compatible Related Issues
        • VOD Origin Server Details
      • Collect EdgeOne origin-pull node IP
  • Edge Cache
    • Overview
    • EdgeOne Cache Rules
      • Content Cache Rules
      • Cache Key Introduction
      • Vary Feature
    • Cache Configuration
      • Custom Cache Key
      • Node Cache TTL
      • Status Code Cache TTL
      • Browser Cache TTL
      • Offline Caching
      • Cache Prefresh
    • Clear and Preheat Cach
      • Cache Purge
      • URL Pre-Warming
    • How to improve the Cache Hit Rate of EdgeOne
  • Rules Engine
    • Overview
    • Supported Matching Types and Actions
    • Rule Management
    • variables
  • Image Processing

Modifying HTTP Response Headers

Overview

Support customization/adding/deleting HTTP node response headers (responding to the customer's direction), modifying HTTP node response headers will not affect the node cache.

Note:
EdgeOne has automatically carried some response headers by default, and you don't need to configure them. For details, please refer to: Default HTTP Response Headers.

Scenario 1: Cross-Domain Header Response Only Allows Specified Domain Names to Access Page Resources

If your business scenario involves cross-domain access and the resources of the current business domain name www.example.com only allow the pages from example.com and site.com to access the acceleration domain name, you can refer to the following steps.
1. Log in to the EdgeOne console, click Site List in the left sidebar, and then click the site you want to configure in the site list.
2. On the site details page, click Site Acceleration to enter the global configuration page. Then click the Rule Engine tab.
3. On the rule engine page, click Create rule and select Add blank rule.
4. On the rule editing page, select the matching type as HOST equals www.example.com.
At the same time, select the matching type as HTTP request header Origin equals *.example.com and *.site.com.
5. Click the Action checkbox and select Modify HTTP nodes response header in the pop-up operation list.
6. Select the type as Set and the header name as Access-Control-Allow-Origin, and set the header value to ${http.request.headers["Origin"]}.

7. Click Save and publish to complete the rule configuration.

Scenario 2: Cross-Domain Header Response Supports All Domain Names to Access Page Resources

If your business scenario involves cross-domain access and the resources of the current business domain name www.example.com allow all pages to access the acceleration domain name, you can refer to the following steps.
1. Log in to the EdgeOne console, click Site List in the left sidebar, and then click the site you want to configure in the site list.
2. On the site details page, click Site Acceleration to enter the global configuration page. Then click the Rule Engine tab.
3. On the rule engine page, click Create rule and select Add blank rule.
4. On the rule editing page, select the matching type as HOST equals www.example.com.
5. Click the operation, and in the pop-up operation list, select the operation to modify the HTTP node response header.
6. Select the type as set, and set the Access-Control-Allow-Origin as * .

7. Click Save and publish to complete the rule configuration.

Related References

Supported Types Description:
Type
Description
Set
Change the value of the specified header parameter to the set value, and the header is unique. Note: If the specified header does not exist, the header will be added.
Add
Add the specified header. Note: If the header already exists, it will still be added and will not overwrite the existing header.
Delete
Delete the specified header.
Supported Header Types Description:
Header Type
Description
Custom
Supports modifying custom header content, fill in the description as follows:
Name: 1 - 100 characters, consisting of numbers 0 - 9, characters a - z, A - Z, and special symbols -.
Value: Supports 1 - 1000 characters, does not support Chinese.
Specify Header
Supports modifying the following specified headers:
Access-Control-Allow-Origin: Used to specify the source (domain name) allowed to access resources, must contain http:// or https://. Supports setting Wildcard * , i.e., allowing all domain requests.
Access-Control-Allow-Methods: Used to set the HTTP request methods allowed for cross-domain access, such as POST, GET, OPTIONS.
Access-Control-Max-Age: Specifies how many seconds the preflight request result is valid, in seconds.
Content-Disposition: Activates the browser's download pop-up window and can set the default download file name. For example: Content-Disposition: attachment;filename=FileName.txt
Content-Language: Defines the language code used by the page. For example: Content-Language: zh-CN

Limitations

In the same Modify HTTP Request Header operation, multiple different types of operations can be added, up to 30, and the execution order is from top to bottom.
Some standard headers are not supported for modification, as follows:
Accept-Ranges
Age
Allow
Authentication-Info
Cache-Control
Connection
Content-Encoding
Content-Length
Content-Location
Content-MD5
Content-Range
Content-Type
Date
Error
ETag
Expires
If-Modified-Since
Last-Modified
Meter
Proxy-Authenticate
Retry-After
Set-Cookie
Transfer-Encoding
Vary
WWW-Authenticate