Delivery Configuration

The delivery configuration controls how your CDN handles requests and responses. It's organized around three main event handlers that correspond to different points in the request lifecycle.

View Complete Schema

Configuration Structure

Basic Structure

Basic structure of the delivery configuration with required fields and event handlers.

Schema Documentation:

🔗 Delivery_config

JSON

{
  "delivery_config": {
    "version": "1.0",
    "onClientRequest": { /* Request processing */ },
    "onOriginResponse": { /* Origin response processing */ },
    "onClientResponse": { /* Client response processing */ }
  }
}

---

Variable Interpolation

Many configuration features support dynamic variable interpolation, allowing you to insert runtime values into your configurations. Variables are specified using double curly braces, like {{variable}}.

Supported Variables

The following variables are available for interpolation in features like setHeaders, respondWith, redirect, and route:

Request Information

Variable	Description
{{clientIp}}	Client IP address
{{clientAsn}} / {{clientASN}}	Client Autonomous System Number
{{cpCode}}	CP code
{{host}} / {{hostname}}	Request hostname
{{method}}	HTTP method (GET, POST, etc.)
{{path}} / {{/path}}	URL path
{{protocol}} / {{scheme}}	Protocol (http/https)
{{query}}	Query string
{{?query}}	Query string with ? prefix if present
{{url}}	Full URL
{{extension}}	File extension
{{filename}}	Filename from path
{{subdomain}}	Subdomain
{{grn}}	Global Request Number

Device Detection

Variable	Description
{{acceptsThirdPartyCookie}}	Third-party cookie support
{{brandName}}	Device brand name
{{hasAjaxSupport}}	AJAX support indicator
{{hasCookieSupport}}	Cookie support indicator
{{hasFlashSupport}}	Flash support indicator
{{isMobile}}	Mobile device indicator
{{isTablet}}	Tablet device indicator
{{isWireless}}	Wireless device indicator
{{marketingName}}	Device marketing name
{{mobileBrowser}}	Mobile browser name
{{mobileBrowserVersion}}	Mobile browser version
{{modelName}}	Device model name
{{os}}	Operating system
{{osVersion}}	OS version
{{physicalScreenHeight}}	Physical screen height
{{physicalScreenWidth}}	Physical screen width
{{resolutionHeight}}	Screen resolution height
{{resolutionWidth}}	Screen resolution width
{{xhtmlSupportLevel}}	XHTML support level

User Location

Variable	Description
{{areaCodes}}	Area codes (joined array)
{{bandwidth}}	Connection bandwidth
{{city}}	City name
{{continent}}	Continent code
{{country}}	Country code
{{dma}}	Designated Market Area code
{{fips}}	FIPS codes (joined array)
{{latitude}}	Geographic latitude
{{longitude}}	Geographic longitude
{{networkType}}	Network connection type
{{region}}	Region or state
{{timezone}}	Timezone
{{zipCode}}	ZIP or postal code

Usage Examples

JSON

// Add custom header with client information
{
  "setHeaders": {
    "X-Client-Info": "{{clientIp}}-{{country}}-{{city}}"
  }
}

// Custom response with personalized greeting
{
  "respondWith": {
    "rules": [{
      "args": {
        "status": 200,
        "body": "Hello from {{city}}, {{region}}! Your IP: {{clientIp}}"
      },
      "matchAll": { "paths": ["/hello"] }
    }]
  }
}

Feature Categories

Delivery configuration features are organized into six main categories to help you navigate and implement the capabilities you need.

Caching & Performance

Optimize content delivery with caching, compression, and distribution features

Request Handling

Control routing, redirects, methods, headers, and custom responses

Protocol Support

Enable modern protocols like HTTP/2, HTTP/3, and WebSockets

Security

Enforce security policies with HSTS and origin IP restrictions

Monitoring & Debugging

Track and debug requests with breadcrumbs and cache tags

Timeouts

Configure timeout values for origin connections

Caching & Performance

Caching

onClientRequest

Control how content is cached with flexible TTL rules and behaviors

Schema Documentation:

🔗 Delivery_config_onClientRequest_features_caching

Basic Caching

Cache API responses for 1 hour, honoring origin cache headers

JSON

{
  "caching": {
    "rules": [
      {
        "matchAll": {
          "paths": [
            "/api/*"
          ]
        },
        "args": {
          "honor_origin": true,
          "ttl_seconds": 3600
        }
      }
    ]
  }
}

Honor Origin

Revalidate with origin while using must_revalidate

JSON

{
  "caching": {
    "rules": [
      {
        "args": {
          "ttl_seconds": 0,
          "must_revalidate": true,
          "honor_origin": true
        }
      }
    ]
  }
}

Multiple Rules

Different TTL values based on path patterns and file extensions

JSON

{
  "caching": {
    "rules": [
      {
        "args": {
          "ttl_seconds": 3600,
          "honor_origin": false
        },
        "matchAll": {
          "paths_startswith": "/static/",
          "extension": [
            "css",
            "js",
            "jpg",
            "png",
            "gif",
            "svg"
          ]
        }
      },
      {
        "args": {
          "ttl_seconds": 7200,
          "must_revalidate": false
        },
        "matchAll": {
          "paths_wildcard": "/products/*/images/*",
          "extension": [
            "webp",
            "avif"
          ]
        }
      },
      {
        "args": {
          "ttl_seconds": 604800,
          "honor_origin": false
        },
        "matchAll": {
          "paths_wildcard": "/assets/fonts/*",
          "extension": [
            "woff2",
            "woff",
            "ttf"
          ]
        }
      },
      {
        "args": {
          "bypass": true
        },
        "matchAll": {
          "reqheader_startswith_values": {
            "Authorization": [
              "Bearer "
            ]
          }
        }
      },
      {
        "args": {
          "ttl_seconds": 300,
          "honor_origin": true
        }
      }
    ]
  }
}

Caching Options

Option	Type	Description
ttl_seconds	integer	Cache TTL in seconds (0-31536000). Required unless using no_store or bypass
must_revalidate	boolean	Must revalidate stale content with origin
honor_origin	boolean	Honor origin cache control headers
bypass	boolean	Bypass cache entirely for matching requests
no_store	boolean	Do not store content in cache (default: true)

Downstream Cache Control

onClientRequest

Control how edge servers instruct client browsers and intermediate proxies to cache content.

Schema Documentation:

🔗 Delivery_config_onClientRequest_features_downstreamCaching

Browser Cache Control

Configure browser caching behavior with max-age directives.

JSON

{
  "downstreamCaching": {
    "rules": [
      {
        "args": {
          "behavior": "ALLOW",
          "allow_behavior": "FROM_VALUE",
          "ttl_seconds": 3600
        },
        "matchAll": {
          "paths_startswith": [
            "/static/",
            "/images/"
          ]
        }
      }
    ]
  }
}

Must Revalidate Static Assets

Require browser to revalidate cached content.

JSON

{
  "downstreamCaching": {
    "rules": [
      {
        "args": {
          "behavior": "MUST_REVALIDATE",
          "allow_behavior": "FROM_VALUE",
          "ttl_seconds": 86400
        },
        "matchAll": {
          "extension": [
            "js",
            "css"
          ]
        }
      }
    ]
  }
}

Cache Busting

Prevent downstream caching entirely for dynamic content.

JSON

{
  "downstreamCaching": {
    "rules": [
      {
        "args": {
          "behavior": "BUST"
        },
        "matchAll": {
          "paths_startswith": [
            "/api/",
            "/dynamic/"
          ]
        }
      }
    ]
  }
}

Downstream Caching Options

Option	Type	Description
behavior	string	ALLOW, MUST_REVALIDATE, BUST, TUNNEL_ORIGIN, NONE
allow_behavior	string	LESSER, GREATER, REMAINING_LIFETIME, FROM_MAX_AGE, FROM_VALUE, PASS_ORIGIN
ttl_seconds	integer	Cache TTL (0-31536000 seconds)
send_private	boolean	Add 'private' to Cache-Control header

Compression

onClientRequestonClientResponse

Enable gzip compression for specified content types to reduce bandwidth

Schema Documentation:

🔗 Delivery_config_onClientResponse_features_compression

Compress HTML and JSON responses

JSON

{
  "compression": {
    "rules": [
      {
        "matchAll": {
          "paths_startswith": [
            "/static/"
          ],
          "respheader_wildcard_values": {
            "Content-Type": [
              "text/*"
            ]
          }
        },
        "args": {
          "enabled": true
        }
      }
    ]
  }
}

Options

Option	Type	Description
enabled	boolean	Enable or disable compression for matching requests

Remove Vary Header

onClientRequest

Remove or control the Vary response header to improve cache efficiency

Schema Documentation:

🔗 Delivery_config_onClientRequest_features_removeVary

Remove Vary header for better caching

JSON

{
  "removeVary": true
}

Options

Option	Type	Description
enabled	boolean	Enable (true) or disable (false) Vary header removal

Tiered Distribution

onClientRequest

Configure tiered distribution settings for optimized content delivery

Schema Documentation:

🔗 Delivery_config_onClientRequest_features_tieredDistribution

Enable tiered distribution

JSON

{
  "tieredDistribution": true
}

Options

Option	Type	Description
enabled	boolean	Enable (true) or disable (false) tiered distribution

Request Handling

Routing

onClientRequest

Route requests to different origins based on path patterns

Schema Documentation:

🔗 Delivery_config_onClientRequest_features_route

💡Note

Each route rule can include `pm_variables` to configure the origin connection. Three reserved keys control the origin behavior: `RT_ORIGIN_DNS` (origin hostname), `RT_ORIGIN_HOST_HEADER` (Host header sent to origin), and `ORIGIN_CN` (TLS certificate CN). These map to PMUSER_FL_* variables in the Property Manager template. Custom variables are also supported — any other key is mapped to PMUSER_FL_<key>.

Route requests to a different origin with pm_variables

JSON

{
  "route": {
    "rules": [
      {
        "pm_variables": {
          "RT_ORIGIN_HOST_HEADER": "origin.mysite.com",
          "RT_ORIGIN_DNS": "origin.mysite.com",
          "ORIGIN_CN": "*.mysite.com"
        },
        "args": {
          "originId": "default_eaas"
        }
      }
    ]
  }
}

Options

Option	Type	Description
originId	string	Origin ID to route matching requests to (default: default_eaas)
path	string	Modify the forward path (must start with /)
query	string	Modify the forward query string
origin	string	Deprecated — use originId instead
pm_variables.RT_ORIGIN_DNS	string	DNS hostname to connect to the origin
pm_variables.RT_ORIGIN_HOST_HEADER	string	Host header forwarded to the origin
pm_variables.ORIGIN_CN	string	Expected TLS certificate Common Name (if different from DNS or host header)
pm_variables.<custom>	string|boolean	Custom variable (max 22 chars, alphanumeric + underscore). Mapped to PMUSER_FL_<name> in Property Manager.

Redirects

onClientRequest

Configure HTTP redirects with custom status codes and destination URLs

Schema Documentation:

🔗 Delivery_config_onClientRequest_features_redirect

Permanent redirect from old to new path

JSON

{
  "redirect": {
    "rules": [
      {
        "matchAny": {
          "paths": [
            "/old-path"
          ]
        },
        "args": {
          "status": 301,
          "location": "/new-path"
        }
      }
    ]
  }
}

Options

Option	Type	Description
status	integer	301 or 302 redirect status code
location	string	Redirect destination URL or path. Supports template variables: {{scheme}}, {{host}}, {{path}}, {{query}}, {{?query}}

Allow POST

onClientRequest

Enable or disable POST requests with rule-based conditions

Schema Documentation:

🔗 Delivery_config_onClientRequest_features_allowPost

Allow POST requests only to specific API endpoint

JSON

{
  "allowPost": {
    "rules": [
      {
        "matchAll": {
          "paths": [
            "/api/submit"
          ]
        },
        "args": {
          "enabled": true
        }
      }
    ]
  }
}

Options

Option	Type	Description
enabled	boolean	Enable (true) or disable (false) this feature

Allow PUT

onClientRequest

Enable or disable PUT requests

Schema Documentation:

🔗 Delivery_config_onClientRequest_features_allowPut

Enable PUT requests globally

JSON

{
  "allowPut": true
}

Options

Option	Type	Description
enabled	boolean	Enable (true) or disable (false) this feature

Allow DELETE

onClientRequest

Enable or disable DELETE requests with rule-based conditions

Schema Documentation:

🔗 Delivery_config_onClientRequest_features_allowDelete

Allow DELETE requests only to specific paths

JSON

{
  "allowDelete": {
    "rules": [
      {
        "matchAll": {
          "paths": [
            "/api/delete/*"
          ]
        },
        "args": {
          "enabled": true
        }
      }
    ]
  }
}

Options

Option	Type	Description
enabled	boolean	Enable (true) or disable (false) this feature

Allow PATCH

onClientRequest

Enable or disable PATCH requests

Schema Documentation:

🔗 Delivery_config_onClientRequest_features_allowPatch

Disable PATCH requests globally

JSON

{
  "allowPatch": false
}

Options

Option	Type	Description
enabled	boolean	Enable (true) or disable (false) this feature

Custom Responses

onClientRequestonClientResponse

Return custom responses without contacting the origin

Schema Documentation:

🔗 Delivery_config_onClientRequest_features_respondWith🔗 Delivery_config_onClientResponse_features_respondWith

Return maintenance page for specific path

JSON

{
  "respondWith": {
    "rules": [
      {
        "matchAll": {
          "paths": [
            "/maintenance"
          ]
        },
        "args": {
          "status": 503,
          "headers": {
            "Content-Type": [
              "text/html"
            ],
            "Retry-After": [
              "3600"
            ]
          },
          "body": "<h1>Service temporarily unavailable</h1><p>Please try again later.</p>"
        }
      }
    ]
  }
}

Options

Option	Type	Description
status	integer	HTTP status code to return (e.g. 200, 404, 503)
body	string	Response body text
headers	object	Response headers as key-value pairs. Values are arrays of strings.

Set Headers

onClientRequestonClientResponseonOriginResponse

Add, modify, or remove HTTP headers in requests and responses

Schema Documentation:

🔗 Delivery_config_onClientRequest_features_setHeaders

Add custom header and remove unwanted header

JSON

{
  "setHeaders": {
    "X-Request-Id": "edge-generated",
    "X-Powered-By": null
  }
}

Protocol Support

HTTP/2 (Deprecated)

onClientRequest

No longer supported in tenant file. HTTP/2 is enabled by default for all tenants.

Schema Documentation:

🔗 Delivery_config_onClientRequest_features_http2

⚠️ Deprecated: No longer supported in tenant file. HTTP/2 is enabled by default for all tenants.

JSON

{
  "http2": true
}

HTTP/3 (Deprecated)

onClientRequest

No longer supported in tenant file. HTTP/3 is enabled by default for all tenants.

Schema Documentation:

🔗 Delivery_config_onClientRequest_features_http3

⚠️ Deprecated: No longer supported in tenant file. HTTP/2 is enabled by default for all tenants.

JSON

{
  "http3": true
}

WebSockets

onClientRequest

Enable WebSocket support with conditional rules

Schema Documentation:

🔗 Delivery_config_onClientRequest_features_webSockets

Enable WebSockets for specific path

JSON

{
  "webSockets": {
    "rules": [
      {
        "matchAll": {
          "paths": [
            "/ws"
          ]
        },
        "args": {
          "enabled": true
        }
      }
    ]
  }
}

Options

Option	Type	Description
enabled	boolean	Enable (true) or disable (false) this feature

Chunked Transfer Encoding

onClientRequest

Enable or disable chunked transfer encoding

Schema Documentation:

🔗 Delivery_config_onClientRequest_features_chunkedTransferEncoding

Enable chunked transfer encoding

JSON

{
  "chunkedTransferEncoding": true
}

Options

Option	Type	Description
enabled	boolean	Enable (true) or disable (false) chunked transfer encoding

Security

HSTS (HTTP Strict Transport Security)

onClientRequest

Configure HTTP Strict Transport Security headers to enforce secure connections

Schema Documentation:

🔗 Delivery_config_onClientRequest_features_hsts

Enable HSTS with 1 year max age and subdomain support

JSON

{
  "hsts": {
    "maxAge": 31536000,
    "includeSubDomains": true,
    "preload": true
  }
}

HSTS Options

Option	Type	Description
maxAge	integer	Duration in seconds to cache the HSTS policy (e.g., 31536000 for 1 year)
includeSubDomains	boolean	Apply HSTS policy to all subdomains
preload	boolean	Allow browsers to preload HSTS policy

Origin IP ACL

onClientRequest

Configure origin IP access control lists. https://techdocs.akamai.com/origin-ip-acl/docs/welcome

Schema Documentation:

🔗 Delivery_config_onClientRequest_features_originIpAcl

Allow origin access only from specific IP range

JSON

{
  "originIpAcl": true
}

Options

Option	Type	Description
enabled	boolean	Enable (true) or disable (false) Origin IP ACL

Monitoring & Debugging

Set Variable

onClientRequestonOriginResponseonClientResponse

Set custom variables that can be used for logging and conditional processing

Schema Documentation:

🔗 Delivery_config_onClientRequest_features_setVariable🔗 Delivery_config_onOriginResponse_features_setVariable🔗 Delivery_config_onClientResponse_features_setVariable

💡Note

In Property Manager, PMUSER_FL_ is automatically prepended to all variable names referenced in tenant configurations. You do not need to include `PMUSER_FL` in your reference to the variable in the tenant file.

Set variables for request tracking and logging. Variables referenced in the tenant file are automatically prepended with `PMUSER_FL`. For example, `CUSTOM_ENV` will translate to `PMUSER_FL_CUSTOM_ENV` in Property Manager.

JSON

{
  "setVariable": {
    "CUSTOM_ENV": "production",
    "REQUEST_TYPE": {
      "rules": [
        {
          "args": {
            "value": "api-request"
          },
          "matchAll": {
            "paths": [
              "/api/*"
            ]
          }
        }
      ]
    }
  }
}

Breadcrumbs

onClientRequest

Enable breadcrumb tracking for debugging and monitoring

Schema Documentation:

🔗 Delivery_config_onClientRequest_features_breadcrumbs

Enable breadcrumb tracking

JSON

{
  "breadcrumbs": true
}

Options

Option	Type	Description
enabled	boolean	Enable (true) or disable (false) breadcrumb tracking

Cache Tag

onOriginResponse

Tag cached content for easier invalidation

Schema Documentation:

🔗 Delivery_config_onOriginResponse_features_cacheTag

Tag product pages for cache invalidation

JSON

{
  "cacheTag": {
    "rules": [
      {
        "matchAll": {
          "paths": [
            "/products/*"
          ]
        },
        "args": {
          "prefix": "products",
          "createPathTag": true,
          "edgeCacheTags": [
            "product-catalog"
          ]
        }
      }
    ]
  }
}

Options

Option	Type	Description
prefix	string	Prefix applied to auto-generated cache tags (max 25 chars, alphanumeric/dash/underscore)
honorOriginSurrogateKey	boolean	Merge tags from the first Surrogate-Key header returned by origin (default: false)
createDomainTag	boolean	Create a cache tag with the request host and prefix if defined (default: true)
createPathTag	boolean	Create a cache tag with the request path and prefix if defined (default: false)
createDomainAndPathTag	boolean	Create a cache tag combining host and path with prefix if defined (default: false)
edgeCacheTags	array	Explicit Edge-Cache-Tag values to set (1-128 tags, max 128 chars each)

Tenant Tag (Deprecated)

onClientRequest

Legacy tenant identification. Use top-level tenant_id instead

Schema Documentation:

🔗 Delivery_config_onClientRequest_features_tenantTag

⚠️ Deprecated: Use top-level tenant_id instead

JSON

{
  "tenantTag": "my-tenant"
}

Timeouts

Read Timeout

onClientRequest

Configure timeout for reading from origin with rule-based support

Schema Documentation:

🔗 Delivery_config_onClientRequest_features_readTimeout

Set 60 second read timeout for slow API endpoints

JSON

{
  "readTimeout": {
    "rules": [
      {
        "matchAll": {
          "paths": [
            "/slow-api/*"
          ]
        },
        "args": {
          "value": 60000
        }
      }
    ]
  }
}

Options

Option	Type	Description
value	integer	Timeout duration in milliseconds

First Byte Timeout

onClientRequest

Configure timeout for first byte from origin with rule-based support

Schema Documentation:

🔗 Delivery_config_onClientRequest_features_firstByteTimeout

Set 10 second first byte timeout for API calls

JSON

{
  "firstByteTimeout": {
    "rules": [
      {
        "matchAll": {
          "paths": [
            "/api/*"
          ]
        },
        "args": {
          "value": 10000
        }
      }
    ]
  }
}

Options

Option	Type	Description
value	integer	Timeout duration in milliseconds

Connect Timeout

onClientRequest

Configure timeout for establishing connection to origin (integer seconds, or rules object for conditional timeouts)

Schema Documentation:

🔗 Delivery_config_onClientRequest_features_connectTimeout

Set 5 second connection timeout

JSON

{
  "connectTimeout": 5000
}

Options

Option	Type	Description
value	integer	Connection timeout in milliseconds

---

Continue Learning

🎯 Understand Match Conditions for precise rule targeting🔒 Explore Security Configuration for protective rules💡 See practical Examples for real-world implementations📖 Reference the complete Schema Documentation