Delivery Configuration
The delivery configuration controls how your CDN handles requests and responses. It's organized around three main event handlers that correspond to different points in the request lifecycle.
View Complete Schema
Configuration Structure
Basic Structure
Basic structure of the delivery configuration with required fields and event handlers.
{
"delivery_config": {
"version": "1.0",
"onClientRequest": { /* Request processing */ },
"onOriginResponse": { /* Origin response processing */ },
"onClientResponse": { /* Client response processing */ }
}
}Variable Interpolation
Many configuration features support dynamic variable interpolation, allowing you to insert runtime values into your configurations. Variables are specified using double curly braces, like {{variable}}.
The following variables are available for interpolation in features like setHeaders, respondWith, redirect, and route:
| Variable | Description | Example |
|---|---|---|
| Request Information | ||
{{clientIp}} | Client IP address | 198.51.100.42 |
{{clientAsn}} / {{clientASN}} | Client Autonomous System Number | 14618 |
{{cpCode}} | CP code | 136641 |
{{host}} / {{hostname}} | Request hostname | www.example.com |
{{method}} | HTTP method (GET, POST, etc.) | GET |
{{path}} / {{/path}} | URL path | /api/v1/users |
{{protocol}} / {{scheme}} | Protocol (http/https) | https |
{{query}} | Query string | page=1&limit=10 |
{{?query}} | Query string with ? prefix if present | ?page=1&limit=10 |
{{url}} | Full URL | https://www.example.com/api/v1/users?page=1 |
{{extension}} | File extension | html |
{{filename}} | Filename from path | index.html |
{{subdomain}} | Subdomain | www |
{{grn}} | Global Request Number | 0.a4e21f08.1780943521.7d3b19 |
| Device Detection | ||
{{acceptsThirdPartyCookie}} | Third-party cookie support | true |
{{brandName}} | Device brand name | Apple |
{{hasAjaxSupport}} | AJAX support indicator | true |
{{hasCookieSupport}} | Cookie support indicator | true |
{{hasFlashSupport}} | Flash support indicator | false |
{{isMobile}} | Mobile device indicator | false |
{{isTablet}} | Tablet device indicator | false |
{{isWireless}} | Wireless device indicator | false |
{{marketingName}} | Device marketing name | iPhone |
{{mobileBrowser}} | Mobile browser name | Safari |
{{mobileBrowserVersion}} | Mobile browser version | 17.0 |
{{modelName}} | Device model name | iPhone |
{{os}} | Operating system | iOS |
{{osVersion}} | OS version | 17.0 |
{{physicalScreenHeight}} | Physical screen height | 400 |
{{physicalScreenWidth}} | Physical screen width | 400 |
{{resolutionHeight}} | Screen resolution height | 600 |
{{resolutionWidth}} | Screen resolution width | 800 |
{{xhtmlSupportLevel}} | XHTML support level | 4 |
| User Location | ||
{{areaCodes}} | Area codes (joined array) | 773 |
{{bandwidth}} | Connection bandwidth | 5000 |
{{city}} | City name | CHICAGO |
{{continent}} | Continent code | NA |
{{country}} | Country code | US |
{{dma}} | Designated Market Area code | 602 |
{{fips}} | FIPS codes (joined array) | 17031 |
{{latitude}} | Geographic latitude | 41.8781 |
{{longitude}} | Geographic longitude | -87.6298 |
{{networkType}} | Network connection type | cable |
{{region}} | Region or state | IL |
{{timezone}} | Timezone | CST |
{{zipCode}} | ZIP or postal code | 60601 |
Usage Examples
// Add custom header with client information
{
"setHeaders": {
"X-Client-Info": "{{clientIp}}-{{country}}-{{city}}"
}
}
// Custom response with personalized greeting
{
"respondWith": {
"rules": [{
"args": {
"status": 200,
"body": "Hello from {{city}}, {{region}}! Your IP: {{clientIp}}"
},
"matchAll": { "paths": ["/hello"] }
}]
}
}Feature Categories
Delivery configuration features are organized into six main categories to help you navigate and implement the capabilities you need.
Caching & Performance
Optimize content delivery with caching, compression, and distribution features
Request Handling
Control routing, redirects, methods, headers, and custom responses
Protocol Support
Enable modern protocols like HTTP/2, HTTP/3, and WebSockets
Security
Enforce security policies with HSTS and origin IP restrictions
Monitoring & Debugging
Track and debug requests with breadcrumbs and cache tags
Timeouts
Configure timeout values for origin connections
Caching & Performance
Caching
Control how content is cached with flexible TTL rules and behaviors
Basic Caching
Cache API responses for 1 hour, honoring origin cache headers
{
"caching": {
"rules": [
{
"matchAll": {
"paths": [
"/api/*"
]
},
"args": {
"honor_origin": true,
"ttl_seconds": 3600
}
}
]
}
}Honor Origin
Revalidate with origin while using must_revalidate
{
"caching": {
"rules": [
{
"args": {
"ttl_seconds": 0,
"must_revalidate": true,
"honor_origin": true
}
}
]
}
}Multiple Rules
Different TTL values based on path patterns and file extensions
{
"caching": {
"rules": [
{
"args": {
"ttl_seconds": 3600,
"honor_origin": false
},
"matchAll": {
"paths_startswith": "/static/",
"extension": [
"css",
"js",
"jpg",
"png",
"gif",
"svg"
]
}
},
{
"args": {
"ttl_seconds": 7200,
"must_revalidate": false
},
"matchAll": {
"paths_wildcard": "/products/*/images/*",
"extension": [
"webp",
"avif"
]
}
},
{
"args": {
"ttl_seconds": 604800,
"honor_origin": false
},
"matchAll": {
"paths_wildcard": "/assets/fonts/*",
"extension": [
"woff2",
"woff",
"ttf"
]
}
},
{
"args": {
"bypass": true
},
"matchAll": {
"reqheader_startswith_values": {
"Authorization": [
"Bearer "
]
}
}
},
{
"args": {
"ttl_seconds": 300,
"honor_origin": true
}
}
]
}
}Caching Options
| Option | Type | Description |
|---|---|---|
ttl_seconds | integer | Cache TTL in seconds (0-31536000). Required unless using no_store or bypass |
must_revalidate | boolean | Must revalidate stale content with origin |
honor_origin | boolean | Honor origin cache control headers |
bypass | boolean | Bypass cache entirely for matching requests |
no_store | boolean | Do not store content in cache (default: true) |
Downstream Cache Control
Control how edge servers instruct client browsers and intermediate proxies to cache content.
Browser Cache Control
Configure browser caching behavior with max-age directives.
{
"downstreamCaching": {
"rules": [
{
"args": {
"behavior": "ALLOW",
"allow_behavior": "FROM_VALUE",
"ttl_seconds": 3600
},
"matchAll": {
"paths_startswith": [
"/static/",
"/images/"
]
}
}
]
}
}Must Revalidate Static Assets
Require browser to revalidate cached content.
{
"downstreamCaching": {
"rules": [
{
"args": {
"behavior": "MUST_REVALIDATE",
"allow_behavior": "FROM_VALUE",
"ttl_seconds": 86400
},
"matchAll": {
"extension": [
"js",
"css"
]
}
}
]
}
}Cache Busting
Prevent downstream caching entirely for dynamic content.
{
"downstreamCaching": {
"rules": [
{
"args": {
"behavior": "BUST"
},
"matchAll": {
"paths_startswith": [
"/api/",
"/dynamic/"
]
}
}
]
}
}Downstream Caching Options
| Option | Type | Description |
|---|---|---|
behavior | string | ALLOW, MUST_REVALIDATE, BUST, TUNNEL_ORIGIN, NONE |
allow_behavior | string | LESSER, GREATER, REMAINING_LIFETIME, FROM_MAX_AGE, FROM_VALUE, PASS_ORIGIN |
ttl_seconds | integer | Cache TTL (0-31536000 seconds) |
send_private | boolean | Add 'private' to Cache-Control header |
Compression
Enable gzip compression for specified content types to reduce bandwidth
Compress HTML and JSON responses
{
"compression": {
"rules": [
{
"matchAll": {
"paths_startswith": [
"/static/"
],
"respheader_wildcard_values": {
"Content-Type": [
"text/*"
]
}
},
"args": {
"enabled": true
}
}
]
}
}Options
| Option | Type | Description |
|---|---|---|
enabled | boolean | Enable or disable compression for matching requests |
Remove Vary Header
Remove or control the Vary response header to improve cache efficiency
Remove Vary header for better caching
{
"removeVary": true
}Options
| Option | Type | Description |
|---|---|---|
enabled | boolean | Enable (true) or disable (false) Vary header removal |
Tiered Distribution
Configure tiered distribution settings for optimized content delivery
Enable tiered distribution
{
"tieredDistribution": true
}Options
| Option | Type | Description |
|---|---|---|
enabled | boolean | Enable (true) or disable (false) tiered distribution |
Request Handling
Routing
Route requests to different origins based on path patterns
pm_variables to configure the origin connection. Three reserved keys control the origin behavior: RT_ORIGIN_DNS (origin hostname), RT_ORIGIN_HOST_HEADER (Host header sent to origin), and ORIGIN_CN (TLS certificate CN). These map to PMUSER_FL_* variables in the Property Manager template. Custom variables are also supported — any other key is mapped to PMUSER_FL_<key>.Route requests to a different origin with pm_variables
{
"route": {
"rules": [
{
"pm_variables": {
"RT_ORIGIN_HOST_HEADER": "origin.mysite.com",
"RT_ORIGIN_DNS": "origin.mysite.com",
"ORIGIN_CN": "*.mysite.com"
},
"args": {
"originId": "default_eaas"
}
}
]
}
}Options
| Option | Type | Description |
|---|---|---|
originId | string | Origin ID to route matching requests to (default: default_eaas) |
path | string | Modify the forward path (must start with /) |
query | string | Modify the forward query string |
origin | string | Deprecated — use originId instead |
pm_variables.RT_ORIGIN_DNS | string | DNS hostname to connect to the origin |
pm_variables.RT_ORIGIN_HOST_HEADER | string | Host header forwarded to the origin |
pm_variables.ORIGIN_CN | string | Expected TLS certificate Common Name (if different from DNS or host header) |
pm_variables.<custom> | string|boolean | Custom variable (max 22 chars, alphanumeric + underscore). Mapped to PMUSER_FL_<name> in Property Manager. |
Redirects
Configure HTTP redirects with custom status codes and destination URLs
Permanent redirect from old to new path
{
"redirect": {
"rules": [
{
"matchAny": {
"paths": [
"/old-path"
]
},
"args": {
"status": 301,
"location": "/new-path"
}
}
]
}
}Options
| Option | Type | Description |
|---|---|---|
status | integer | 301 or 302 redirect status code |
location | string | Redirect destination URL or path. Supports template variables: {{scheme}}, {{host}}, {{path}}, {{query}}, {{?query}} |
Allow POST
Enable or disable POST requests with rule-based conditions
Allow POST requests only to specific API endpoint
{
"allowPost": {
"rules": [
{
"matchAll": {
"paths": [
"/api/submit"
]
},
"args": {
"enabled": true
}
}
]
}
}Options
| Option | Type | Description |
|---|---|---|
enabled | boolean | Enable (true) or disable (false) this feature |
Allow PUT
Enable or disable PUT requests
Enable PUT requests globally
{
"allowPut": true
}Options
| Option | Type | Description |
|---|---|---|
enabled | boolean | Enable (true) or disable (false) this feature |
Allow DELETE
Enable or disable DELETE requests with rule-based conditions
Allow DELETE requests only to specific paths
{
"allowDelete": {
"rules": [
{
"matchAll": {
"paths": [
"/api/delete/*"
]
},
"args": {
"enabled": true
}
}
]
}
}Options
| Option | Type | Description |
|---|---|---|
enabled | boolean | Enable (true) or disable (false) this feature |
Allow PATCH
Enable or disable PATCH requests
Disable PATCH requests globally
{
"allowPatch": false
}Options
| Option | Type | Description |
|---|---|---|
enabled | boolean | Enable (true) or disable (false) this feature |
Custom Responses
Return custom responses without contacting the origin
Return maintenance page for specific path
{
"respondWith": {
"rules": [
{
"matchAll": {
"paths": [
"/maintenance"
]
},
"args": {
"status": 503,
"headers": {
"Content-Type": [
"text/html"
],
"Retry-After": [
"3600"
]
},
"body": "<h1>Service temporarily unavailable</h1><p>Please try again later.</p>"
}
}
]
}
}Options
| Option | Type | Description |
|---|---|---|
status | integer | HTTP status code to return (e.g. 200, 404, 503) |
body | string | Response body text |
headers | object | Response headers as key-value pairs. Values are arrays of strings. |
Set Headers
Add, modify, or remove HTTP headers in requests and responses
Add custom header and remove unwanted header
{
"setHeaders": {
"X-Request-Id": "edge-generated",
"X-Powered-By": null
}
}Protocol Support
HTTP/2 (Deprecated)
No longer supported in tenant file. HTTP/2 is enabled by default for all tenants.
{
"http2": true
}HTTP/3 (Deprecated)
No longer supported in tenant file. HTTP/3 is enabled by default for all tenants.
{
"http3": true
}WebSockets
Enable WebSocket support with conditional rules
Enable WebSockets for specific path
{
"webSockets": {
"rules": [
{
"matchAll": {
"paths": [
"/ws"
]
},
"args": {
"enabled": true
}
}
]
}
}Options
| Option | Type | Description |
|---|---|---|
enabled | boolean | Enable (true) or disable (false) this feature |
Chunked Transfer Encoding
Enable or disable chunked transfer encoding
Enable chunked transfer encoding
{
"chunkedTransferEncoding": true
}Options
| Option | Type | Description |
|---|---|---|
enabled | boolean | Enable (true) or disable (false) chunked transfer encoding |
Security
HSTS (HTTP Strict Transport Security)
Configure HTTP Strict Transport Security headers to enforce secure connections
Enable HSTS with 1 year max age and subdomain support
{
"hsts": {
"maxAge": 31536000,
"includeSubDomains": true,
"preload": true
}
}HSTS Options
| Option | Type | Description |
|---|---|---|
maxAge | integer | Duration in seconds to cache the HSTS policy (e.g., 31536000 for 1 year) |
includeSubDomains | boolean | Apply HSTS policy to all subdomains |
preload | boolean | Allow browsers to preload HSTS policy |
Origin IP ACL
Configure origin IP access control lists. https://techdocs.akamai.com/origin-ip-acl/docs/welcome
Allow origin access only from specific IP range
{
"originIpAcl": true
}Options
| Option | Type | Description |
|---|---|---|
enabled | boolean | Enable (true) or disable (false) Origin IP ACL |
Monitoring & Debugging
Set Variable
Set custom variables that can be used for logging and conditional processing
PMUSER_FL in your reference to the variable in the tenant file.Set variables for request tracking and logging. Variables referenced in the tenant file are automatically prepended with `PMUSER_FL`. For example, `CUSTOM_ENV` will translate to `PMUSER_FL_CUSTOM_ENV` in Property Manager.
{
"setVariable": {
"CUSTOM_ENV": "production",
"REQUEST_TYPE": {
"rules": [
{
"args": {
"value": "api-request"
},
"matchAll": {
"paths": [
"/api/*"
]
}
}
]
}
}
}Breadcrumbs
Enable breadcrumb tracking for debugging and monitoring
Enable breadcrumb tracking
{
"breadcrumbs": true
}Options
| Option | Type | Description |
|---|---|---|
enabled | boolean | Enable (true) or disable (false) breadcrumb tracking |
Cache Tag
Tag cached content for easier invalidation
Tag product pages for cache invalidation
{
"cacheTag": {
"rules": [
{
"matchAll": {
"paths": [
"/products/*"
]
},
"args": {
"prefix": "products",
"createPathTag": true,
"edgeCacheTags": [
"product-catalog"
]
}
}
]
}
}Options
| Option | Type | Description |
|---|---|---|
prefix | string | Prefix applied to auto-generated cache tags (max 25 chars, alphanumeric/dash/underscore) |
honorOriginSurrogateKey | boolean | Merge tags from the first Surrogate-Key header returned by origin (default: false) |
createDomainTag | boolean | Create a cache tag with the request host and prefix if defined (default: true) |
createPathTag | boolean | Create a cache tag with the request path and prefix if defined (default: false) |
createDomainAndPathTag | boolean | Create a cache tag combining host and path with prefix if defined (default: false) |
edgeCacheTags | array | Explicit Edge-Cache-Tag values to set (1-128 tags, max 128 chars each) |
Tenant Tag (Deprecated)
Legacy tenant identification. Use top-level tenant_id instead
{
"tenantTag": "my-tenant"
}Timeouts
Read Timeout
Configure timeout for reading from origin with rule-based support
Set 60 second read timeout for slow API endpoints
{
"readTimeout": {
"rules": [
{
"matchAll": {
"paths": [
"/slow-api/*"
]
},
"args": {
"value": 60000
}
}
]
}
}Options
| Option | Type | Description |
|---|---|---|
value | integer | Timeout duration in milliseconds |
First Byte Timeout
Configure timeout for first byte from origin with rule-based support
Set 10 second first byte timeout for API calls
{
"firstByteTimeout": {
"rules": [
{
"matchAll": {
"paths": [
"/api/*"
]
},
"args": {
"value": 10000
}
}
]
}
}Options
| Option | Type | Description |
|---|---|---|
value | integer | Timeout duration in milliseconds |
Connect Timeout
Configure timeout for establishing connection to origin (integer seconds, or rules object for conditional timeouts)
Set 5 second connection timeout
{
"connectTimeout": 5000
}Options
| Option | Type | Description |
|---|---|---|
value | integer | Connection timeout in milliseconds |