Modify Outgoing Response Header

Modify, add, remove, or pass along specific response headers going downstream towards the client.

Why you need it

Use this behavior to decide how selected request headers going downstream towards the client should be processed. For example, you can add or modify various access control headers to control which headers should be available for the scripts running in the user's browser. By controlling the content of your headers, you can further customize your website visitor's experience and gain insight into how it is used.

How it works

When enabled, this behavior modifies the specified outgoing response header according to set rules. A response header added using this behavior is effectively added after the response is processed by the ​Akamai​ server and retrieved either from the customer origin or from cache, immediately before it is sent to the requesting client. This means that you can add a header that is specific to the user making the request, without affecting the cached object. This is in contrast to the Modify Incoming Response Header behavior, which adds the response header before the object is processed by the ​Akamai​ server, so if the response is cacheable, the header will be stored with the cached object.

Example

If you want serve a response header to the requester telling them their own IP address, you could use this behavior to add a header called Your-IP-Address with the IP address that the ​Akamai​ Server retrieved from the request. In this case, even if the page is cached in ​Akamai​ and is requested by many different end-users, each will get the same cached page, but the header value will represent their IP address:

Features and options

Field

What it does

Sub-options

Action

You may add, remove, modify (equivalent to an add and a remove), or find & replace outgoing HTTP response headers.

  • Add
  • Remove
  • Modify
  • Find & Replace

Select Header Name

Select from standard pre-defined headers to modify.

  • Cache-Control
  • Content-Disposition
  • Content-Type
  • Edge-Control
  • P3P
  • Pragma
  • Access-Control-Allow-Origin
  • Access-Control-Allow-Methods
  • Access-Control-Allow-Header
  • Access-Control-Expose-Headers
  • Access-Control-Allow-Credentials
  • Access-Control-Max-Age
  • Other

Header Value

Enter your HTTP header value.

Variable Support: This option supports variable expression syntax. Typing {{ in the option field triggers variable auto complete. Learn more about variable support.

Custom Header Name

With Select Header Name set to Other..., enter a custom HTTP header name.

Variable Support: This option supports variable expression syntax. Typing {{ in the option field triggers variable auto complete. Learn more about variable support.

New Header Value

With Action set to Modify, enter your new HTTP header value.

Variable Support: This option supports variable expression syntax. Typing {{ in the option field triggers variable auto complete. Learn more about variable support.

Avoid Duplicate Headers

With Action set to Modify, prevent multiple headers with the same name from being created. Note that this applies only to headers added using this behavior - it does not apply to headers added at the origin.

Find What

With Action set to Find & Replace, enter a string to match.

Variable Support: This option supports variable expression syntax. Typing {{ in the option field triggers variable auto complete. Learn more about variable support.

Replace With

With Action set to Find & Replace, enter a string to replace the matched string.

Variable Support: This option supports variable expression syntax. Typing {{ in the option field triggers variable auto complete. Learn more about variable support

Occurrences

With Action set to Find & Replace, select whether to replace only the first instance of the old value, or to replace every occurrence.

**

  • All
  • First occurrence only
**

Products that use this behavior

All products can use this behavior.

πŸ“˜

Adaptive Media Delivery includes several instances of this behavior in its Default CORS Policy rule. Its settings are preconfigured as a best practice.


Did this page help you?