HTTP response header modification rules
You can manipulate the headers included in the HTTP response through HTTP response header modification rules. Through these rules you can:
- Set the value of an HTTP response header to a literal string value, overwriting its previous value or adding a new header to the response if it does not exist.
- Set the value of an HTTP response header according to an expression, overwriting its previous value or adding a new header to the response if it does not exist.
- Add a new HTTP response header with a literal string value without removing any existing headers with the same name.
- Remove an HTTP header from the response.
The response header values are calculated using the field values from the corresponding HTTP request. For example, the value of
ip.src.countrywill be the country of the website visitor, not the origin where the response was sent from.
You cannot modify or remove HTTP response headers whose name starts with
You cannot modify the value of certain headers such as
The HTTP response header removal operation will remove all response headers with the provided name.
If you change the value of an existing HTTP response header using an expression that evaluates to an empty string (
"") or an undefined value, the HTTP response header is removed.
Currently, there is a limited number of HTTP response headers that you cannot change. Cloudflare may remove restrictions for some of these HTTP response headers when presented with valid use cases. for consideration.