Knowledge Base
medianova.comSupportLog in
  • Welcome to the Medianova Knowledge Base
  • Getting Started
    • Concepts
    • Start your Free Trial
  • Products
    • Security
      • DDoS Protection
      • SSL/TLS Encryption
        • How to upload and manage SSL Certificates?
        • How to Extract CRT and KEY Files from a PFX Certificate
        • How can I use Free SSL?
        • FAQ
      • Web Application Firewall (WAF)
        • How to activate WAF?
        • Analytics
      • Rate Limiting
      • Hotlink Protection
      • IP Restriction
      • Geoblocking
      • FAQs
    • Performance / CDN
      • Static Content Delivery
        • Create Small Resource
        • Create Large Resource
        • Integrating Static CDN Resource
        • Configuration Basics
          • Medianova IP Blocks
        • Advanced Configuration
          • Origin Settings
            • Advanced Origin Settings
            • Rewrite Origin URLs
            • Origin SNI Request
            • Redirect Handle From Origin
            • Origin Response Timeout
          • CNAME
          • Caching
            • Edge Cache Expiration
            • Browser Cache Rule
            • Query String Caching
            • Etag Verification
            • Error Status Code Cache Expiration
            • Shared Cache
            • Stale Cache
            • Robots.txt file
            • Range Based Caching
          • Headers
            • CORS Header
            • Custom Header
            • X-CDN Header
            • Origin Host Header
            • HTTP Strict Transport (HSTS) Protection
            • X-Frame Options
            • X-XSS Protection
            • X-Content Type Options
          • Purge
          • Prefetch
          • Page Rules
            • Manage Page Rules
            • Page Rules Settings
          • Compression
            • How to Configure Gzip and Brotli
        • Website Framework Integrations
          • Magento CDN Integration
          • Wordpress CDN Integration
          • Phalcon CDN Integration
          • CakePHP CDN Integration
        • Analytics
      • Dynamic Content Acceleration
        • Create Dynamic Resource
        • Integrating Dynamic CDN Resource
        • Aksela Test Steps
        • Advanced Configuration
          • Origin Settings
            • Advanced Origin Settings
            • Rewrite Origin URLs
            • Origin SNI Request
            • Redirect Handle From Origin
            • Origin Response Timeout
          • Caching
            • Edge Cache Expiration
            • Browser Cache Rule
            • Query String Caching
            • Etag Verification
            • Error Status Code Cache Expiration
            • Shared Cache
            • Stale Cache
            • Disallow Cookie Base Cache
            • Cookie Base Cache
            • Header Base Cache
            • Header Value Base Cache
            • MNUID Cookie Base Cache
            • Mobile Redirect
          • Headers
            • CORS Header
            • Custom Header
            • X-CDN Header
            • Origin Host Header
            • HTTP Strict Transport (HSTS) Protection
            • X-Frame Options
            • X-XSS Protection
            • X-Content Type Options
          • Purge
          • Prefetch
          • Page Rules
          • Compression
        • Analytics
      • Streaming Content Delivery
        • Create Streaming Resource
        • Advanced Configuration
          • Origin Settings
            • Redirect Handle From Origin
            • Origin Response Timeout
          • Headers
            • CORS Header
            • Custom Header
            • X-CDN Header
            • Origin Host Header
          • Stream Management
        • Analytics
      • API Caching
      • Private CDN
      • Image Optimization and WebP
        • What is Image Optimization and How Does It Work?
        • What is WebP and How Does It Work?
        • How to Activate Image Optimization and WebP?
        • Analytics
      • FAQs
    • Object Storage / Stook
      • What is Stook?
      • How to Create Stook?
      • How to Connect Bucket?
      • Access Key Management
      • Stook Integration and Usage Guides
        • Migrating Data to Stook Using Rclone
        • Data Transfer to Stook with Cyberduck
        • How to use the AWS SDK for Laravel with Stook?
        • How to use the AWS SDK for PHP with Stook?
        • How do I use the AWS SDK for .NET with Stook?
        • Stook Storage User Guide for AWS CLI
        • How to use AWS SDK for JavaScript with Stook?
        • How do I use Stook with the AWS Java SDK?
        • Using Pre-Signed URL PHP with Stook
        • Using Pre-Marked URL NODEJS With Stook
    • Analytics (MN Logz)
      • Real-Time Logpush
      • Raw Logs
  • Account & Billing
    • Managing Account and Organizations
      • Create new organization
      • Invite user
      • Changing Cloud Panel password
      • Access Controls and Authentication
    • Subscription and Billing
      • Packages
        • Free Trial
        • Starter
        • Growth
        • Enterprise
        • Add-ons
      • Policy
      • Upgrade & Downgrade Procedures
      • Changing your subscription package
      • Payment Info
      • Invoices
  • API Documentation
    • Authentication
    • Security
      • Web Application Firewall (WAF)
      • SSL/TLS
      • Always Use HTTPS Settings
      • Origin Basic Authentication
      • Secure Token
      • Bot Protection
      • Hotlink Protection
      • User Agent ACL
      • IP Restriction ACL
      • Geoblocking
    • Performance / CDN
      • Resources
      • Origin Settings
      • CNAME & SSL
      • Caching
      • Headers
      • Image Optimization & WebP
      • Page Rule
      • Purge
      • Prefetch
      • Stream Management
    • Object Storage / Stook
    • Analytics
      • WAF Analytics
  • Support and Troubleshooting
    • Common Issues and Solutions
      • Troubleshooting Common Setup Issues
      • Troubleshooting Performance Problems
    • Contacting Customer Support
  • Glossary
    • Definition of Important CDN Terms
    • Acronyms and Abbreviations
    • Definition of HTTP Status Error Codes
Powered by GitBook
LogoLogo

© 2025 Medianova. All rights reserved.

On this page

Was this helpful?

Export as PDF
  1. API Documentation
  2. Performance / CDN

Headers

PreviousCachingNextImage Optimization & WebP

Last updated 4 months ago

Was this helpful?

Origin Host Header

put

This setting is available for all resource types.

Path parameters
organization_uuidstringRequired

UUID of the organization

resource_uuidstringRequired

UUID of the resource

Body
Responses
200
Successfully updated Origin Host Header for the resource.
application/json
put
PUT /api/v1/cdn/{organization_uuid}/resource/{resource_uuid} HTTP/1.1
Host: cloud.medianova.com
Content-Type: application/json
Accept: */*
Content-Length: 68

{
  "origin_host_header": {
    "status": true,
    "header": "domain.example.com"
  }
}
200

Successfully updated Origin Host Header for the resource.

{
  "status": true,
  "data": {}
}

X-CDN Header

put

This setting is available for all resource types.

Path parameters
organization_uuidstringRequired

UUID of the organization

resource_uuidstringRequired

UUID of the resource

Body
status_x_cdn_headerbooleanRequired

Enable or disable the X-CDN header for the resource.

Example: true
x_cdn_headerstringRequired

The name of the X-CDN header.

Example: test.header
Responses
200
Successfully updated X-CDN header for the resource.
application/json
put
PUT /api/v1/cdn/{organization_uuid}/resource/{resource_uuid} HTTP/1.1
Host: cloud.medianova.com
Content-Type: application/json
Accept: */*
Content-Length: 57

{
  "status_x_cdn_header": true,
  "x_cdn_header": "test.header"
}
200

Successfully updated X-CDN header for the resource.

{
  "status": true,
  "data": {}
}

X-Frame Options

put

This setting is available in small, large and dynamic(aksela) resource types.

Path parameters
organization_uuidstringRequired

UUID of the organization

resource_uuidstringRequired

UUID of the resource

Body
status_x_framebooleanRequired

Enable or disable X-Frame Options for the resource.

Example: true
trusted_domainsstring[]Required

Trusted domains for X-Frame Options.

Example: domain1.com
Responses
200
Successfully updated X-Frame Options settings for the resource.
application/json
put
PUT /api/v1/cdn/{organization_uuid}/resource/{resource_uuid} HTTP/1.1
Host: cloud.medianova.com
Content-Type: application/json
Accept: */*
Content-Length: 85

{
  "status_x_frame": true,
  "trusted_domains": [
    "domain1.com",
    "domain2.com",
    "domain3.com"
  ]
}
200

Successfully updated X-Frame Options settings for the resource.

{
  "status": true,
  "data": {}
}

CORS Header

put

This setting is available in small, large, VOD and streaming resource types.

Path parameters
organization_uuidstringRequired

UUID of the organization

resource_uuidstringRequired

UUID of the resource

Body
status_cors_headerstring · enumRequired

Enable or disable CORS headers.

Example: onPossible values:
cors_domainsstring · uri[]Optional

List of domains for CORS.

Example: ["domain1.com","domain2.com"]
Responses
200
Successfully updated the CORS header settings for the resource.
application/json
put
PUT /api/v1/cdn/{organization_uuid}/resource/{resource_uuid} HTTP/1.1
Host: cloud.medianova.com
Content-Type: application/json
Accept: */*
Content-Length: 72

{
  "status_cors_header": "on",
  "cors_domains": [
    "domain1.com",
    "domain2.com"
  ]
}
200

Successfully updated the CORS header settings for the resource.

{
  "status": true,
  "data": {}
}

Custom Headers

put

This setting is available for all resource types.

Path parameters
organization_uuidstringRequired

UUID of the organization

resource_uuidstringRequired

UUID of the resource

Body
status_custom_headersbooleanRequired

Enable or disable custom headers for the resource.

Example: true
Responses
200
Successfully updated custom headers for the resource.
application/json
put
PUT /api/v1/cdn/{organization_uuid}/resource/{resource_uuid} HTTP/1.1
Host: cloud.medianova.com
Content-Type: application/json
Accept: */*
Content-Length: 193

{
  "status_custom_headers": true,
  "custom_headers": [
    {
      "type": "request_header",
      "key": "Key1",
      "value": "Value1"
    },
    {
      "type": "add_header",
      "key": "Key2",
      "value": "Value2"
    },
    {
      "type": "hide_header",
      "key": "Key3"
    }
  ]
}
200

Successfully updated custom headers for the resource.

{
  "status": true,
  "data": {}
}

HTTP Strict Transport Security (HSTS) Protection

put

This setting is available in small, large and dynamic(aksela) resource types.

Path parameters
organization_uuidstringRequired

UUID of the organization

resource_uuidstringRequired

UUID of the resource

Body
status_hsts_protectionbooleanRequired

Enable or disable HTTP Strict Transport Security (HSTS) protection for the resource.

Example: true
max_age_timestringRequired

Maximum time in seconds for which the HSTS protection is applied.

Example: 7776000
include_sub_domainsbooleanRequired

Whether to include subdomains for the HSTS protection.

Example: true
preloadbooleanRequired

Whether to include the resource in the preload list for HSTS.

Example: true
Responses
200
Successfully updated HSTS protection settings for the resource.
application/json
put
PUT /api/v1/cdn/{organization_uuid}/resource/{resource_uuid} HTTP/1.1
Host: cloud.medianova.com
Content-Type: application/json
Accept: */*
Content-Length: 98

{
  "status_hsts_protection": true,
  "max_age_time": "7776000",
  "include_sub_domains": true,
  "preload": true
}
200

Successfully updated HSTS protection settings for the resource.

{
  "status": true,
  "data": {}
}

X-XSS Protection

put

This setting is available in small, large and dynamic(aksela) resource types.

Path parameters
organization_uuidstringRequired

UUID of the organization

resource_uuidstringRequired

UUID of the resource

Body
status_x_xss_protectionbooleanRequired

Enable or disable X-XSS Protection for the resource.

Example: true
Responses
200
Successfully updated X-XSS Protection settings for the resource.
application/json
put
PUT /api/v1/cdn/{organization_uuid}/resource/{resource_uuid} HTTP/1.1
Host: cloud.medianova.com
Content-Type: application/json
Accept: */*
Content-Length: 32

{
  "status_x_xss_protection": true
}
200

Successfully updated X-XSS Protection settings for the resource.

{
  "status": true,
  "data": {}
}
  • PUTCORS Header
  • PUTCustom Headers
  • PUTX-CDN Header
  • PUTOrigin Host Header
  • PUTHTTP Strict Transport Security (HSTS) Protection
  • PUTX-Frame Options
  • PUTX-XSS Protection
  • PUTX-Content Type Options

X-Content Type Options

put

This setting is available in small, large and dynamic(aksela) resource types.

Path parameters
organization_uuidstringRequired

UUID of the organization

resource_uuidstringRequired

UUID of the resource

Body
status_x_content_typebooleanRequired

Enable or disable X-Content Type Options for the resource.

Example: true
Responses
200
Successfully updated X-Content Type Options settings for the resource.
application/json
put
PUT /api/v1/cdn/{organization_uuid}/resource/{resource_uuid} HTTP/1.1
Host: cloud.medianova.com
Content-Type: application/json
Accept: */*
Content-Length: 30

{
  "status_x_content_type": true
}
200

Successfully updated X-Content Type Options settings for the resource.

{
  "status": true,
  "data": {}
}