Centralized Authorization

This behavior forwards every request to the origin server for authorization.

How it works

If the requested object is already in cache, the client request is forwarded to the origin server as an If-Modified-Since request, so that the object doesn't need to be re-acquired if the origin returns an HTTP 304 (Not modified) when the authorization succeeds.
You can optionally choose to pass a Set-Cookie header with the request, which sends a cookie from the server to the user agent, so the user agent can send it back to the server later. You can use this header to set different cookies and their attributes.

This behavior is useful if you need to maintain tight control over content by authorizing client requests at the origin.