HTTP headers define the resources being requested, the behavior of the client or server, and the operating parameters of an HTTP transaction. This topic describes how to customize an HTTP response header.

Background information

HTTP headers are components of the header section of request and response messages transmitted over Hypertext Transfer Protocol (HTTP).

HTTP headers include general headers, request headers, and response headers.

When you customize HTTP response headers, note the following limits:
  • The HTTP response header configurations of a domain affect the response behavior of all client programs such as browsers in this domain. However, the configurations do not affect the behavior of the cache server.
  • Alibaba Cloud CDN does not support configuring response headers for wildcard domains.


  1. Log on to the Alibaba Cloud CDN console.
  2. In the left-side navigation pane, click Domain Names.
  3. On the Domain Names page, find the target domain name and click Manage.
  4. In the left-side navigation pane of the specified domain, click Cache.
  5. Click the HTTP Header tab.
  6. On the HTTP Header tab, click Customize.
  7. In the Customize HTTP Header dialog box that appears, select an HTTP header from the Parameter drop-down list and set its value.
    The following table describes the 10 HTTP response headers provided by Alibaba Cloud CDN. If you want to specify other HTTP response headers, submit a ticket.
    Header name Description Example
    Content-Type Specifies the MIME type of the content returned by a client program. image
    Cache-Control Specifies the caching policy that a client program follows when making responses. no-cache
    Content-Disposition Specifies the default file name provided by a client program when the requested content is saved as a file. 123.txt
    Content-Language Specifies the language of the intended audience for the returned content. zh-CN
    Expires Specifies the date and time after which the response is considered stale. Wed, 21 Oct 2019 07:28:00 GMT
    Access-Control-Allow-Origin Specifies the origins from which cross-origin requests are allowed. *
    Note You can enter * in the Value field to specify all domain names. You can also enter a full domain name, for example,
    Access-Control-Allow-Headers Specifies the fields that are allowed in cross-origin requests. X-Custom-Header
    Access-Control-Allow-Methods Specifies the request methods that are allowed for cross-origin requests. POST, GET
    Access-Control-Max-Age Specifies the time-to-live (TTL) value during which the response can be cached for a prefetch request initiated by a client program for a particular resource. 600
    Access-Control-Expose-Headers Specifies the headers that can be exposed as part of the response. Content-Length
    Customize an HTTP response header
  8. Click OK.

    In the HTTP Header list, you can click Modify or Delete in the Actions column to modify or delete the HTTP response header that you created.