Hiding of origin headers

By default, Cloud CDN provides all HTTP headers received from the origin to the client. With the header hiding option, you can configure your CDN resource in a way that the client gets only particular origin headers.

This option works as a whitelist. All origin headers not mentioned in the setting will be screened and hidden.

You may want to hide headers in some of the following situations:

• Protecting sensitive information.
• Enforcement of requirements prohibiting the transmission of certain headers to clients.
• Downsizing the response.

RecommendationsRecommendations

We recommend whitelisting the following headers:

• Content-Type: Required for the browser to display content correctly.
• Content-Length: Informs about the size of the response.
• Cache-Control: Manages client-side caching.
• ETag: Used to check content for relevance.
• Last-Modified: Date of last content modification.

We recommend to hide the following headers for increased security:

• Server: Server software info.
• X-Powered-By: Technology info, e.g., PHP, ASP.NET.
• X-AspNet-Version: ASP.NET version.
• X-Generator: CMS or website generator info.
• X-Debug-Info: Debugging info.
• X-Internal-*: Any internal headers.

See alsoSee also

• Setting up hiding of origin headers