Overview
Menu

Modifying HTTP Response Headers

Overview

Support customization/adding/deleting HTTP node response headers (responding to the customer's direction), modifying HTTP node response headers will not affect the node cache.



Note:
EdgeOne has automatically carried some response headers by default, and you don't need to configure them. For details, please refer to: Default HTTP Response Headers.

Scenario: Cross-domain header response only allows specified domain names to access page resources

Example Scenario

If your business scenario involves cross-domain access, and the resources of the current business domain name www.example.com only allow pages from https://www.example.com to access the acceleration domain name, you can refer to the following steps.

Directions

1. Log in to the EdgeOne console, click on the site list in the left menu bar, and click on the site to be configured in the site list.
2. On the site details page, click on the rule engine.
3. On the rule engine management page, click Create Rule to enter the new rule editing page.
3.1 On the rule editing page, select the matching type as HOST equals www.example.com.
3.2 Click on the operation, and in the pop-up operation list, select the operation to modify the HTTP node response header.
3.3 Select the type as set, and set the Access-Control-Allow-Origin as https://www.example.com.


4. Click Save and Publish to complete the rule configuration.

Related References

Supported Types Description:
Type
Description
Set
Change the value of the specified header parameter to the set value, and the header is unique. Note: If the specified header does not exist, the header will be added.
Add
Add the specified header. Note: If the header already exists, it will still be added and will not overwrite the existing header.
Delete
Delete the specified header.
Supported Header Types Description:
Header Type
Description
Custom
Supports modifying custom header content, fill in the description as follows:
Name: 1 - 100 characters, consisting of numbers 0 - 9, characters a - z, A - Z, and special symbols -.
Value: Supports 1 - 1000 characters, does not support Chinese.
Specify Header
Supports modifying the following specified headers:
Access-Control-Allow-Origin: Used to specify the source (domain name) allowed to access resources, must contain http:// or https://. Supports setting Wildcard *, i.e., allowing all domain requests.
Access-Control-Allow-Methods: Used to set the HTTP request methods allowed for cross-domain access, such as POST, GET, OPTIONS.
Access-Control-Max-Age: Specifies how many seconds the preflight request result is valid, in seconds.
Content-Disposition: Activates the browser's download pop-up window and can set the default download file name. For example: Content-Disposition: attachment;filename=FileName.txt
Content-Language: Defines the language code used by the page. For example: Content-Language: zh-CN

Limitations

In the same Modify HTTP Request Header operation, multiple different types of operations can be added, up to 30, and the execution order is from top to bottom.
Some standard headers are not supported for modification, as follows:
Accept-Ranges
Age
Allow
Authentication-Info
Cache-Control
Connection
Content-Encoding
Content-Length
Content-Location
Content-MD5
Content-Range
Content-Type
Date
Error
ETag
Expires
If-Modified-Since
Last-Modified
Meter
Proxy-Authenticate
Retry-After
Set-Cookie
Transfer-Encoding
Vary
WWW-Authenticate