Varnish Logo
SignupLogin
Varnish Logo

Headers

Control the headers both sent to and returned from your backend

On Authorization header

The Authorization header is commonly used for HTTP authentication. By default, requests containing an Authorization header bypass the cache entirely, since such requests are typically user-specific and should not be cached or served to other users.

The On Authorization header setting allows you choose one of two options:

  • Pass: Bypasses the cache for requests with an Authorization header (default behavior)
  • Remove: Strips the Authorization header from the request before processing, allowing the request to be cached normally

Use the Remove option when the Authorization header is not needed for the functionality of the origin server.

Remove returned headers

The Remove returned headers setting allows you to strip specific headers from responses before they are sent to clients. This is useful for removing:

  • Internal or debugging headers that should not be exposed to clients
  • Backend-specific headers that are not relevant to end users
  • Headers that might reveal information about your infrastructure

You can specify up to 5 header names to remove. Header names are case-insensitive. Common examples include removing headers like X-Powered-By, Server, or custom backend headers.

Note: All headers starting with X-NCDN- are automatically removed from responses and do not count against the 5-header limit.

Set request headers

The Set request headers setting allows you to add or modify headers on requests before they are sent to your origin server.

You can configure up to 5 headers, each with a name and value. If a header with the specified name already exists in the request, it will be replaced with the new value.

Set response headers

The Set response headers setting allows you to add or modify headers on responses before they are sent to clients. This is useful for:

  • Adding security headers (e.g., X-Frame-Options, X-Content-Type-Options)
  • Setting cache control directives for client browsers
  • Including custom headers for client-side applications

You can configure up to 5 headers, each with a name and value. If a header with the specified name already exists in the response, it will be replaced with the new value.

Query Parameters

Configure cleanup of query parameters to improve performance and reduce the number of requests to the origin

Cookies

Manage your incoming and outgoing cookies