HTTP response headers are an important part of an HTTP message. HTTP response headers describe the requested resource, server or client behavior, and operation parameters in an HTTP transaction. Alibaba Cloud Content Delivery Network (CDN) allows you to add response headers to responses returned from your origin servers. You can configure this feature to enable cross-origin resource sharing (CORS).
HTTP headers are components of the header section of requests and responses that are transmitted over HTTP. HTTP headers include general headers, request headers, and response headers.
CORS is a standard cross-origin solution provided by HTML5 to allow web application servers to control cross-origin access. This solution secures data transmission.
You can enable CORS by adding response headers to responses. After Alibaba Cloud CDN receives a cross-origin request, CORS rules are triggered for permission checks. Alibaba Cloud CDN compares the cross-origin request with CORS rules one after one. Alibaba Cloud CDN uses the first rule that the request matches to process the requests and adds a header to the responses. If the request fails to match the CORS rules, no header is added to the response.
An HTTP response header applies to a specified domain name. After you create an HTTP response header, it is added to all responses returned from the domain name. An HTTP response header affects the response behavior of only clients such as browsers. It does affect the caching behavior of CDN nodes. You cannot create a custom HTTP response header for wildcard domain names.
- Log on to the Alibaba Cloud CDN console.
- In the left-side navigation pane, click Domain Names.
- On the Domain Names page, find the domain name that you want to manage and click Manage in the Actions column of the domain name.
- In the management pane of the domain name, click Cache.
- Click the Custom HTTP Response Header tab.
- Click Customize and set the parameters. In the following example, a custom HTTP response header is created.
Parameter Description Operation You can add, delete, modify, or replace specified response headers. Response Header Select a response header. For more information, see Response headers. Header Name If you select Custom, you must specify a header name. Take note of the following rules:
- The name can contain letters, underscores (-), and digits.
- The name must be 1 to 100 characters in length.
Header Value Specify the header value. For more information, see Response headers. Allow Duplicates
- Yes: Duplicate headers are allowed. Duplicate headers added by Alibaba Cloud CDN and returned from the origin server are all retained.
- No: Duplicate header are not allowed. The header added by Alibaba Cloud CDN overwrites the duplicate header returned from the origin server.
- Click OK.
After a custom response header is created, it is displayed on the Custom HTTP Response Header tab. You can Modify or Delete the header.
|Custom||Allows you to create a custom response header based on your business requirements.
When you specify the header name, take note of the following rules:
|Cache-Control||Specifies the cache policy that requests and responses follow.||no-cache|
|Content-Disposition||Specifies the default file name when the retrieved content is saved as a file on the client program.||123.txt|
|Content-Type||Specifies the media type of the resource returned to clients.||image|
|Pragma||Pragma HTTP/1.0 is an implementation-specific header that has various effects along the request-response chain. It is compatible with HTTP 1.1.||no-cache|
|Access-Control-Allow-Origin||Specifies the origin servers with which the response can be shared. You can enter
an asterisk (*) in the Header Value field to specify all domain names. You can also
enter a specific domain name, for example,
|Access-Control-Allow-Methods||Specifies the request methods that can be used in cross-origin requests. You can specify one or more request methods. Separate multiple request methods with commas (,).||POST,GET|
|Access-Control-Allow-Headers||Specifies the header fields that can be used in cross-origin requests.||X-Custom-Header|
|Access-Control-Expose-Headers||Allows a server to specify which response headers are available to scripts that are running in the browser.||Content-Length|
|Access-Control-Max-Age||Specifies how long the results of a preflight request can be cached, in seconds.||600|