All Products
Search

This Product

    Edge Security Acceleration:Modify outgoing request headers

    Document Center

    Edge Security Acceleration:Modify outgoing request headers

    Last Updated:Dec 25, 2025

    An HTTP request header is part of an HTTP request message that contains specific parameters for a server. You can configure rules for origin HTTP request headers to pass specific parameters to your origin server. Edge Security Acceleration (ESA) supports adding, modifying, and deleting these rules.

    Introduction

    When a client requests a resource, the request first reaches ESA. If the request is a cache miss on the ESA POP, the ESA POP sends an origin request that contains the outgoing HTTP request header to the origin server to retrieve data. You can adjust the outgoing HTTP request header as needed. The ESA POP returns the retrieved resource to the client.

    image

    Notes

    If a single rule for modifying outgoing request headers contains multiple operations, the operations are executed in sequence. If multiple operations target the same request header, the last operation overwrites the previous ones.

    Example 1

    • The client request contains the header test:123.

    • The rule adds the header test:321.

    If a user request hits the rule, the test:123 header in the original request is overwritten by test:321.

    Example 2

    • The client request contains the header test:123.

    • The rule adds the header test:321, and then another operation is configured to delete the header test.

    If a user request hits the rule, the test:123 header in the original request is deleted.

    Procedure

    After you add a rule, when a user requests a resource, ESA matches and executes rules sequentially based on the rule execution priority.

    1. In the ESA console, choose Websites, and click the target site in the Website column.

    2. In the navigation pane on the left, choose Rules > Transform Rules.

    3. Click the Modify Request Header tab and choose ESA to Origin. Click Create Rule and enter a Rule Name.

    4. In the If requests match... section, set the conditions that the client request must match. For more information, see Composition of a rule expression.

    5. In the Modify Request Header section, select the Type and Operation, and then enter the Request Header Name and Request Header Value.

      Note

      If a single rule for modifying outgoing request headers contains multiple operations, the operations are executed in sequence. If multiple operations target the same request header, the last operation overwrites the previous ones.

      Operation

      Type

      Description

      Example

      Add

      Static

      • Adds the specified request header to the back-to-origin request.

      • If the client request already contains a request header with the same name, the new request header overwrites the existing one.

      To add a request header named x-code with the value key1, specify the following parameters:

      • Request Header Name: x-code

      • Request Header Value: key1

      Dynamic

      The request header value can be set to an expression.

      To add a request header named True-Client-IP with the value ip.src to record the originating IP address of the client, specify the following parameters:

      • Request Header Name: True-Client-IP

      • Request Header Value: ip.src

      Change

      Static

      Modifies the value of the specified request header in the origin request.

      To change the value of the request header named x-code in the back-to-origin request to key2, specify the following parameters:

      • Request Header Name: x-code

      • Request Header Value: key2

      Dynamic

      The request header value can be set to an expression.

      To modify the request header named True-Client-IP in the back-to-origin request and change its value to ip.src, which is the originating IP address of the client, specify the following parameters:

      • Request Header Name: True-Client-IP

      • Request Header Value: ip.src

      Delete

      Deletes all parameter values that match the Request Header Name from the back-to-origin request, regardless of whether there are duplicate request header parameters.

      To delete the request header named x-code, set Request Header Name to x-code.

      Note

      • Do not configure a Request Header Name that starts with ali- or Ali-.

      • You can configure multiple values for Request Header Value. Separate the values with commas (,).

      • The delete operation works the same way in static and dynamic modes.

      • The modify operation is used to modify an existing request header. This operation is applied only if a request header with the specified name is present in the original request.

    6. Click OK.

    Dynamic expression examples

    Example 1

    Add a request header to record the originating IP address of the client.

    • Request Header Name: True-Client-IP

    • Request Header Value: ip.src

    Example 2

    Add a request header to record the country code that corresponds to the client's IP address.

    • Request Header Name: IP-Country-Code

    • Request Header Value: ip.geoip.country

    Example 2

    Add a request header to record the province code that corresponds to the client's IP address.

    • Request Header Name: IP-Province-Code

    • Request Header Value: ip.src.subdivision_1_iso_code

    References

    Rule-related features vary in execution priorityrule behavior, and configuration scope. For more information, see How ESA rules take effect.