When an HTTP trigger created after November 19, 2018 invokes a function, the server forcibly adds the content-disposition: attachment field in the response header. This field causes the browser to open the response as an attachment. This field cannot be overwritten and is not affected by custom domain names.