Product guides

Modify First Party Response

Suggest Edits

This feature executes on vcl_deliver only for first party requests (Sensor, CAPTCHA, XHR).

You can use it to edit response headers, like CORS or other security features.

The code in vcl_deliver after px_deliver is still executed even if this feature is implemented.

EXAMPLE 1

By default, HUMAN returns '*' for the Access-Control-Allow-Origin header on first party responses.

TO overwrite this behavior:

  1. Open the PX_CUSTOM.vcl file.
  2. Uncomment the unset resp.http.Access-Control-Allow-Origin line:
sub px_custom_first_party_response_modifier {
  unset resp.http.Access-Control-Allow-Origin;
}

EXAMPLE 2

You can tell browsers that only HTTPS is allowed.

TO implement:

  1. Open the PX_CUSTOM.vcl file.
  2. Uncomment the set resp.http.Strict-Transport-Security = "max-age=86400" line:
sub px_custom_first_party_response_modifier {
  set resp.http.Strict-Transport-Security = "max-age=86400";
}

📘

Test

  1. Set the required request using px_custom_first_party_response_modifier as shown above.
  2. Send the request to //init.js.
  3. Make sure the response contains the result set in the request.

Updated 12 days ago