Occasionally, it is desired to hide a specific header from being displayed publicly. This article provides the method and an example on how to do so from the MaxCDN portal.
A rule can be created to hide certain headers so that they are not publicly accessible. To demonstrate, we will create a rule to hide headers the headers Etag and Link from file extensions that match the following regex string: ~ \.(ico|pdf|flv|jp?g|png|gif|js|css|webp|swf)(\.gz)?(\?.*)?
Creating the Rule
Verifying the Rule
-
Curl before headers were hidden
~$ curl -I http://foo.bar.netdna-cdn.com/file.png HTTP/1.1 200 OK Date: Mon, 26 Aug 2013 00:42:57 GMT Content-Type: image/png Content-Length: 128367 Connection: keep-alive Last-Modified: Wed, 31 Jul 2013 20:09:33 GMT ETag: "12345-asdfasdfasdf" Accept-Ranges: bytes Cache-Control: max-age=31536000, public Expires: Tue, 26 Aug 2014 00:41:18 GMT Vary: User-Agent Pragma: public X-Powered-By: W3 Total Cache/0.9.3 Link: -
Curl with hidden headers Etag and Link
~$ curl -I http://foo.bar.netdna-cdn.com/file.png HTTP/1.1 200 OK Date: Mon, 26 Aug 2013 00:42:57 GMT Content-Type: image/png Content-Length: 128367 Connection: keep-alive Last-Modified: Wed, 31 Jul 2013 20:09:33 GMT Accept-Ranges: bytes Cache-Control: max-age=31536000, public Expires: Tue, 26 Aug 2014 00:41:18 GMT Vary: User-Agent Pragma: public X-Powered-By: W3 Total Cache/0.9.3 Server: NetDNA-cache/2.2 X-Cache: HIT -
Resulting Nginx Configuration Block
location ~ \.(ico|pdf|flv|jp?g|png|gif|js|css|webp|swf)(\.gz)?(\?.*)?$ { proxy_hide_header 'Etag'; proxy_hide_header 'Link'; ... }
We hope this article was helpful and as always, If there are any questions or concerns about any of the topics mentioned in this article, please feel free to reach out to support - we are available 24/7 by chat or email!