Understand origin request policies - Amazon CloudFront

Understand origin request policies

CloudFront provides some predefined origin request policies, known as managed policies, for common use cases. You can use these managed policies, or you can create your own origin request policy that's specific to your needs. For more information about the managed policies, see Use managed origin request policies.

An origin request policy contains the following settings, which are categorized into policy information and origin request settings.

Policy information

Name

A name to identify the origin request policy. In the console, you use the name to attach the origin request policy to a cache behavior.

Description

A comment to describe the origin request policy. This is optional.

Origin request settings

Origin request settings specify the values in viewer requests that are included in requests that CloudFront sends to the origin (known as origin requests). The values can include URL query strings, HTTP headers, and cookies. The values that you specify are included in origin requests, but are not included in the cache key. For information about controlling the cache key, see Control the cache key with a policy.

Headers

The HTTP headers in viewer requests that CloudFront includes in origin requests. For headers, you can choose one of the following settings:

  • None – The HTTP headers in viewer requests are not included in origin requests.

  • All viewer headers – All HTTP headers in viewer requests are included in origin requests.

  • All viewer headers and the following CloudFront headers – All HTTP headers in viewer requests are included in origin requests. Additionally, you specify which of the CloudFront headers you want to add to origin requests. For more information about the CloudFront headers, see Add CloudFront request headers.

  • Include the following headers – You specify which HTTP headers are included in origin requests.

    Note

    Do not specify a header that is already included in your Origin Custom Headers settings. For more information, see Configure CloudFront to add custom headers to origin requests.

  • All viewer headers except – You specify which HTTP headers are not included in origin requests. All other HTTP headers in viewer requests, except for the ones specified, are included.

When you use the All viewer headers and the following CloudFront headers, Include the following headers, or All viewer headers except setting, you specify HTTP headers by the header name only. CloudFront includes the full header, including its value, in origin requests.

Note

When you use the All viewer headers except setting to remove the viewer's Host header, CloudFront adds a new Host header with the origin's domain name to the origin request.

Cookies

The cookies in viewer requests that CloudFront includes in origin requests. For cookies, you can choose one of the following settings:

  • None – The cookies in viewer requests are not included in origin requests.

  • All – All cookies in viewer requests are included in origin requests.

  • Include the following cookies – You specify which cookies in viewer requests are included in origin requests.

  • All cookies except – You specify which cookies in viewer requests are not included in origin requests. All other cookies in viewer requests are included.

When you use the Include the following cookies or All cookies except setting, you specify cookies by their name only. CloudFront includes the full cookie, including its value, in origin requests.

Query strings

The URL query strings in viewer requests that CloudFront includes in origin requests. For query strings, you can choose one of the following settings:

  • None – The query strings in viewer requests are not included in origin requests.

  • All – All query strings in viewer requests are included in origin requests.

  • Include the following query strings – You specify which query strings in viewer requests are included in origin requests.

  • All query strings except – You specify which query strings in viewer requests are not included in origin requests. All other query strings are included.

When you use the Include the following query strings or All query strings except setting, you specify query strings by their name only. CloudFront includes the full query string, including its value, in origin requests.