Setting up hiding of origin headers
You can set up hiding of origin headers using the API when creating or updating a CDN resource.
Warning
Hiding important headers may be disruptive for your web application.
To enable the option, add the headerFilter section when using the create or update method for a Resource:
"headerFilter": {
"enabled": "<true_or_false>",
"headers": [
"<list_of_headers>"
]
}
Where:
-
enabled: Enabling the option:trueenables the option.falsedisables the option.
-
headers: List of HTTP headers the client will see. All other origin headers will be hidden.
To enable the option, add the header_filter section when using the ResourceService/Create or ResourceService/Update call:
"header_filter": {
"enabled": "<true_or_false>",
"headers": [
"<list_of_headers>"
]
}
Where:
-
enabled: Enabling the option:trueenables the option.falsedisables the option.
-
headers: List of HTTP headers the client will see. All other origin headers will be hidden.
Example
In this example, you create a CDN resource for a corporate portal that should hide technical origin headers for better security. Only the main headers are allowed the web application needs to work correctly.
-
Get an IAM token for API authentication and write it into a variable:
export IAM_TOKEN=`yc iam create-token` -
Create a CDN resource with header hiding configured:
cURLgRPCurlcurl \ --request POST \ --header "Authorization: Bearer $IAM_TOKEN" \ --header "Content-Type: application/json" \ --url 'https://cdn.api.cloud.yandex.net/cdn/v1/resources' \ --data '{ "folderId": "b12m81qm6abc********", "cname": "cdn-portal.example.com", "origin": { "originSourceParams": { "source": "portal.example.com", "meta": { "common": { "name": "portal.example.com" } } } }, "originProtocol": "HTTPS", "options": { "headerFilter": { "enabled": true, "headers": [ "Content-Type", "Cache-Control", "Content-Length", "Last-Modified", "ETag" ] } } }'Result:
{ "done": true, "metadata": { "@type": "type.googleapis.com/yandex.cloud.cdn.v1.CreateResourceMetadata", "resourceId": "bc8rgivxwhcy********" }, "response": { "@type": "type.googleapis.com/yandex.cloud.cdn.v1.Resource", "active": true, "options": { ... "headerFilter": { "enabled": true, "headers": [ "Content-Type", "Cache-Control", "Content-Length", "Last-Modified", "ETag" ] } }, ... }, "id": "bc8y2mnkri2d********", "description": "Create resource", "createdAt": "2026-02-05T18:02:30.735628Z", "createdBy": "aje9k8luj4qf********", "modifiedAt": "2026-02-05T18:02:30.735628Z" }grpcurl \ -rpc-header "Authorization: Bearer $IAM_TOKEN" \ -d '{ "folder_id": "b12m81qm6abc********", "cname": "cdn-portal.example.com", "origin": { "origin_source_params": { "source": "portal.example.com", "meta": { "common": { "name": "portal.example.com" } } } }, "origin_protocol": "HTTPS", "options": { "header_filter": { "enabled": true, "headers": [ "Content-Type", "Cache-Control", "Content-Length", "Last-Modified", "ETag" ] } } }' \ cdn.api.cloud.yandex.net:443 \ yandex.cloud.cdn.v1.ResourceService/CreateResult:
{ "id": "bc8h7teov4q7********", "description": "Create resource", "createdAt": "2026-02-05T18:19:01.262477Z", "createdBy": "aje9k8luj4qf********", "modifiedAt": "2026-02-05T18:19:01.262477Z", "done": true, "metadata": {"@type":"type.googleapis.com/yandex.cloud.cdn.v1.CreateResourceMetadata","resourceId":"bc8r4gogfqeb********"}, "response": {..."options":{..."headerFilter":{"enabled":true,"headers":["Content-Type","Cache-Control","Content-Length","Last-Modified","ETag"]}},...} }