For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
HUMAN DashboardHUMAN WebsiteRequest a Demo
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
  • General
    • About Enforcers
    • Support first-party HUMAN calls
    • Troubleshoot Enforcer configurations
  • Enforcer frameworks
    • Akamai ESI
    • Apache - C Module
    • ASP.NET
    • Callout Enforcer
    • Envoy Proxy
    • F5 BIGIP
    • Fastly JavaScript Compute@Edge
      • Fastly VCL changelog
        • Installing the Enforcer
        • GraphQL Support
        • Sensitive GraphQL Operations
        • Basic Configuration
        • Customized Subroutines
        • Additional Activity Handler
        • Advanced Blocking Response
        • Creating and Configuring the Edge-Dictionary
        • Custom CSS
        • Custom First Party Sensor Endpoint
        • Custom Logo
        • Custom JS Script
        • Custom Parameters
        • Filter Requests
        • Filter by HTTP Method
        • Filter by Route
        • Filter by Extension
        • Filter by IP
        • Filter by User Agent
        • Data Enrichment
        • First Party
        • First Party Snippet
        • Enforced Routes
        • Login Credentials Extraction
        • Modify First Party Response
        • Module Context Object
        • Module Enabled
        • Module Mode
        • Monitored Routes
        • Returning A Custom Block Page
        • Sensitive Routes
        • Test Block Flow on Monitoring Mode - Bypass Monitor Header
        • Upgrading the Enforcer
    • Google Cloud Platform (GCP) Callout Enforcer
    • Kong Plugin
    • NGINX - C Module
    • NGINX - LUA Module
    • PHP
    • Python
    • Ruby
    • Salesforce Commerce Cloud Cartridge
LogoLogo
Login
Login
HUMAN DashboardHUMAN WebsiteRequest a Demo
Enforcer frameworksFastly VCLV9 and Below

Modify First Party Response

Was this page helpful?
Previous

Module Context Object

Next
Built with

This feature executes on vcl_deliver only for first party requests (Sensor, CAPTCHA, XHR).

You can use it to edit response headers, like CORS or other security features.

The code in vcl_deliver after px_deliver is still executed even if this feature is implemented.

EXAMPLE 1

By default, HUMAN returns ’*’ for the Access-Control-Allow-Origin header on first party responses.

TO overwrite this behavior:

  1. Open the PX_CUSTOM.vcl file.
  2. Uncomment the unset resp.http.Access-Control-Allow-Origin line:
1sub px_custom_first_party_response_modifier {
2  unset resp.http.Access-Control-Allow-Origin;
3}

EXAMPLE 2

You can tell browsers that only HTTPS is allowed.

TO implement:

  1. Open the PX_CUSTOM.vcl file.
  2. Uncomment the set resp.http.Strict-Transport-Security = “max-age=86400” line:
1sub px_custom_first_party_response_modifier {
2  set resp.http.Strict-Transport-Security = "max-age=86400";
3}
Test
  1. Set the required request using px_custom_first_party_response_modifier as shown above.
  2. Send the request to /<appId without px>/init.js.
  3. Make sure the response contains the result set in the request.