modifyOutgoingResponseHeader

Property Manager name: Modify Outgoing Response Header
Behavior version: The v2026-01-09 rule format supports the modifyOutgoingResponseHeader behavior v1.6.
Rule format status: GA, stable
Access: Read/Write
Allowed in includes: Yes

Modify, add, remove, or pass along specific response headers going downstream towards the client.

Depending on the type of action you want to perform, specify the corresponding standard header name, or a customHeaderName if the standard name is set to OTHER. The headerValue serves as a match condition when the action is DELETE or MODIFY, and the newHeaderValue applies when the action is ADD or MODIFY. Whole-text replacements apply when the action is MODIFY, and substitutions apply when set to REGEX.

Option	Type	Description	Requires
`action`	enum	Either `ADD` or `DELETE` outgoing HTTP response headers, `MODIFY` their fixed values, or specify a `REGEX` pattern to transform them.		{"displayType":"enum","options":["ADD","DELETE","MODIFY","REGEX"],"tag":"select"}
	`ADD`	Add the header.
	`DELETE`	Delete the header.
	`MODIFY`	Modify the header.
	`REGEX`	Specify another header to modify.
`standardAddHeaderName`	enum	If the value of `action` is `ADD`, this specifies the name of the field to add.	`action` is `ADD`	{"displayType":"enum","options":["CACHE_CONTROL","CONTENT_DISPOSITION","CONTENT_TYPE","EDGE_CONTROL","P3P","PRAGMA","ACCESS_CONTROL_ALLOW_ORIGIN","ACCESS_CONTROL_ALLOW_METHODS","ACCESS_CONTROL_ALLOW_HEADERS","ACCESS_CONTROL_EXPOSE_HEADERS","ACCESS_CONTROL_ALLOW_CREDENTIALS","ACCESS_CONTROL_MAX_AGE","OTHER"],"tag":"select"} {"if":{"attribute":"action","op":"eq","value":"ADD"}}
	`CACHE_CONTROL`	The `Cache-Control` header.
	`CONTENT_DISPOSITION`	The `Content-Disposition` header.
	`CONTENT_TYPE`	The `Content-Type` header.
	`EDGE_CONTROL`	The `Edge-Control` header.
	`P3P`	Specify another header to add.
	`PRAGMA`	The `Pragma` header.
	`ACCESS_CONTROL_ALLOW_ORIGIN`	The `Access-Control-Allow-Origin` header.
	`ACCESS_CONTROL_ALLOW_METHODS`	The `Access-Control-Allow-Methods` header.
	`ACCESS_CONTROL_ALLOW_HEADERS`	The `Access-Control-Allow-Headers` header.
	`ACCESS_CONTROL_EXPOSE_HEADERS`	The `Access-Control-Expose-Headers` header.
	`ACCESS_CONTROL_ALLOW_CREDENTIALS`	The `Access-Control-Allow-Credentials` header.
	`ACCESS_CONTROL_MAX_AGE`	The `Access-Control-Max-Age` header.
	`OTHER`	Specify another header to add.
`standardDeleteHeaderName`	enum	If the value of `action` is `DELETE`, this specifies the name of the field to remove.	`action` is `DELETE`	{"displayType":"enum","options":["CACHE_CONTROL","CONTENT_DISPOSITION","CONTENT_TYPE","EXPIRES","P3P","PRAGMA","ACCESS_CONTROL_ALLOW_ORIGIN","ACCESS_CONTROL_ALLOW_METHODS","ACCESS_CONTROL_ALLOW_HEADERS","ACCESS_CONTROL_EXPOSE_HEADERS","ACCESS_CONTROL_ALLOW_CREDENTIALS","ACCESS_CONTROL_MAX_AGE","OTHER"],"tag":"select"} {"if":{"attribute":"action","op":"eq","value":"DELETE"}}
	`CACHE_CONTROL`	The `Cache-Control` header.
	`CONTENT_DISPOSITION`	The `Content-Disposition` header.
	`CONTENT_TYPE`	The `Content-Type` header.
	`EXPIRES`	The `Expires` header.
	`P3P`	The `P3P` header.
	`PRAGMA`	The `Pragma` header.
	`ACCESS_CONTROL_ALLOW_ORIGIN`	The `Access-Control-Allow-Origin` header.
	`ACCESS_CONTROL_ALLOW_METHODS`	The `Access-Control-Allow-Methods` header.
	`ACCESS_CONTROL_ALLOW_HEADERS`	The `Access-Control-Allow-Headers` header.
	`ACCESS_CONTROL_EXPOSE_HEADERS`	The `Access-Control-Expose-Headers` header.
	`ACCESS_CONTROL_ALLOW_CREDENTIALS`	The `Access-Control-Allow-Credentials` header.
	`ACCESS_CONTROL_MAX_AGE`	The `Access-Control-Max-Age` header.
	`OTHER`	Specify another header to remove.
`standardModifyHeaderName`	enum	If the value of `action` is `MODIFY` or `REGEX`, this specifies the name of the field to modify.	`action` is `MODIFY` OR `action` is `REGEX`	{"displayType":"enum","options":["CACHE_CONTROL","CONTENT_DISPOSITION","CONTENT_TYPE","P3P","PRAGMA","ACCESS_CONTROL_ALLOW_ORIGIN","ACCESS_CONTROL_ALLOW_METHODS","ACCESS_CONTROL_ALLOW_HEADERS","ACCESS_CONTROL_EXPOSE_HEADERS","ACCESS_CONTROL_ALLOW_CREDENTIALS","ACCESS_CONTROL_MAX_AGE","OTHER"],"tag":"select"} {"if":{"op":"or","params":[{"attribute":"action","op":"eq","value":"MODIFY"},{"attribute":"action","op":"eq","value":"REGEX"}]}}
	`CACHE_CONTROL`	The `Cache-Control` header.
	`CONTENT_DISPOSITION`	The `Content-Disposition` header.
	`CONTENT_TYPE`	The `Content-Type` header.
	`P3P`	The `P3P` header.
	`PRAGMA`	The `Pragma` header.
	`ACCESS_CONTROL_ALLOW_ORIGIN`	The `Access-Control-Allow-Origin` header.
	`ACCESS_CONTROL_ALLOW_METHODS`	The `Access-Control-Allow-Methods` header.
	`ACCESS_CONTROL_ALLOW_HEADERS`	The `Access-Control-Allow-Headers` header.
	`ACCESS_CONTROL_EXPOSE_HEADERS`	The `Access-Control-Expose-Headers` header.
	`ACCESS_CONTROL_ALLOW_CREDENTIALS`	The `Access-Control-Allow-Credentials` header.
	`ACCESS_CONTROL_MAX_AGE`	The `Access-Control-Max-Age` header.
	`OTHER`	Specify another header to modify.
`customHeaderName`	string (allows variables)	Specifies a custom field name that applies when the relevant standard header name is set to `OTHER`.	`standardAddHeaderName` is `OTHER` OR `standardDeleteHeaderName` is `OTHER` OR `standardModifyHeaderName` is `OTHER`	{"displayType":"string","tag":"input","type":"text"} {"if":{"op":"or","params":[{"attribute":"standardAddHeaderName","op":"eq","value":"OTHER"},{"attribute":"standardDeleteHeaderName","op":"eq","value":"OTHER"},{"attribute":"standardModifyHeaderName","op":"eq","value":"OTHER"}]}}
`headerValue`	string (allows variables)	Specifies the existing value of the header to match.	`action` is `ADD`	{"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"action","op":"eq","value":"ADD"}}
`newHeaderValue`	string (allows variables)	Specifies the new HTTP header replacement value.	`action` is `MODIFY`	{"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"action","op":"eq","value":"MODIFY"}}
`regexHeaderMatch`	string	Specifies a Perl-compatible regular expression to match within the header value.	`action` is `REGEX`	{"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"action","op":"eq","value":"REGEX"}}
`regexHeaderReplace`	string (allows variables)	Specifies text that replaces the `regexHeaderMatch` pattern within the header value.	`action` is `REGEX`	{"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"action","op":"eq","value":"REGEX"}}
`matchMultiple`	boolean	When enabled with the `action` set to `REGEX`, replaces all occurrences of the matched regular expression, otherwise only the first match if disabled.	`action` is `REGEX`	{"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"attribute":"action","op":"eq","value":"REGEX"}}
`avoidDuplicateHeaders`	boolean	When enabled with the `action` set to `MODIFY`, prevents creation of more than one instance of a header. The last header clobbers others with the same name. This option affects the entire set of outgoing headers, and is not confined to the subset of regular expression matches.	`action` is `MODIFY`	{"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"attribute":"action","op":"eq","value":"MODIFY"}}