Response Headers

Inject CORS, security, and custom headers from the edge. Configure headers per domain and apply changes instantly without touching your upstream servers.

How it works

Header policies are stored per domain and enforced by the WAF at the edge. When enabled, Yercekimsiz short-circuits CORS preflight (OPTIONS) requests with a 204 response and the correct headers.

Key Features

  • CORS controls: allowed origins, methods, headers, credentials, and max-age
  • Security headers: HSTS, CSP, X-Frame-Options, X-Content-Type-Options
  • Remove Server/X-Powered-By headers
  • Custom header injection

Dashboard Configuration

  1. Go to Dashboard → Domains
  2. Open the ⋮ menu for a domain
  3. Select Response Headers
  4. Enable and configure CORS and Security headers
  5. Click Save Header Settings

Notes

If CORS is enabled, preflight requests are handled at the edge to reduce origin load. Changes propagate in real-time across all nodes.