Request Header Configuration

Last updated: 2020-11-25 14:50:51

    Configuration Overview

    Tencent Cloud CDN supports adding origin-pull request headers:

    • It supports carrying the real client IP to the origin server through the X-Forward-For header.
    • It supports carrying the real client port to the origin server for analysis through the X-Forward-Port header.
    • It supports adding various custom headers.

    Configuration Guide

    Configuration limitations

    • The maximum number of custom request header rules: 10
    • Supported rule types: all content, file extension, folder, and file path. Regular matching is currently not supported.
    • If there is already header information in the client request, the configured request header will overwrite the original header during origin-pull.
    • Rules are executed from bottom to top. Rules at the bottom of the list have higher priority.
    • The Key of a custom header can contain 1 to 100 characters of digits 0–9, letters a–z, A–Z, and special symbol -.
    • The Value of a custom header can contain 1 to 1000 characters (Chinese characters are not supported).
    • Some standard headers do not support customization. For the detailed list, please see below.

    Configuration instructions

    Log in to the CDN Console, select Domain Management on the left sidebar, and then click Manage on the right of a domain name to enter its configuration page. Select the Origin-pull Configuration tab to find the Origin-pull Request Header Configuration section. The feature is disabled and not pre-configured by default.

    You can add origin-pull header rules when the feature is disabled:


    1. The header used to carry the real client IP is X-Forward-For, and its value is the $client_ip variable by default, which cannot be modified.
    2. The header used to carry the real client port is X-Forward-Port, and its value is the $remote_port variable by default, which cannot be modified.

    After a rule is added, the overall configuration will be in the disabled state and will not take effect:

    You can click Adjust Priority to adjust the rule order, and then toggle the switch on to deploy the rule to the CDN nodes across the entire network.

    Configuration Samples

    The origin-pull request header configuration of the acceleration domain name is as follows:

    If the accessed resource is, then:

    1. The * rule will be hit, so the header X-Forward-For:$client_ip will be added, and $client_ip will be replaced with the real client IP during origin-pull.
    2. The .mp4 file type and /test path will be hit, and as rules are executed from bottom to top, the x-cdn:Tencent header will be added.


    The following standard headers currently cannot be added as origin-pull request headers:

    www-authenticate authorization proxy-authenticate proxy-authorization
    age cache-control clear-site-data expires
    pragma warning accept-ch accept-ch-lifetime
    early-data content-dpr dpr device-memory
    save-data viewport-width width last-modified
    etag if-match if-none-match if-modified-since
    if-unmodified-since vary connection keep-alive
    accept accept-charset expect max-forwards
    access-control-allow-origin access-control-max-age access-control-allow-headers access-control-allow-methods
    access-control-expose-headers access-control-allow-credentials access-control-request-headers access-control-request-method
    origin timing-allow-origin dnt tk
    content-disposition content-length content-type content-encoding
    content-language content-location forwarded x-forwarded-host
    x-forwarded-proto via from host
    referer referer-policy allow server
    accept-ranges range if-range content-range
    cross-origin-embedder-policy cross-origin-opener-policy cross-origin-resource-policy content-security-policy
    content-security-policy-report-only expect-ct feature-policy strict-transport-security
    upgrade-insecure-requests x-content-type-options x-download-options x-frame-options(xfo)
    x-permitted-cross-domain-policies x-powered-by x-xss-protection public-key-pins
    public-key-pins-report-only sec-fetch-site sec-fetch-mode sec-fetch-user
    sec-fetch-dest last-event-id nel ping-from
    ping-to report-to transfer-encoding te
    trailer sec-websocket-key sec-websocket-extensions sec-websocket-accept
    sec-websocket-protocol sec-websocket-version accept-push-policy accept-signature
    alt-svc date large-allocation link
    push-policy retry-after signature signed-headers
    server-timing service-worker-allowed sourcemap upgrade
    x-dns-prefetch-control x-firefox-spdy x-pingback x-requested-with
    x-robots-tag x-ua-compatible max-age

    Was this page helpful?

    Was this page helpful?

    • Not at all
    • Not very helpful
    • Somewhat helpful
    • Very helpful
    • Extremely helpful
    Send Feedback