The Default CORS Policy Rule

This is a separate Rule that is added by default for your AMD configuration. It includes multiple instances of the Modify Outgoing Response Header Behavior, predefined with recommended values. (They are applied as "recommended behaviors.")

Each individual header is populated with recommended values as follows:



  • Access-Control-Allow-Origin: This is populated with the value “*” to indicate "all."
  • Access-Control-Allow-Headers: This is populated with the values, “origin,” “range,” “hdntl,”, and “hdnts.”
  • Access-Control-Expose-Headers: This is populated with the values, “Server,” “range,” “hdntl,” “hdnts,” "Akamai-Mon-Iucid-Ing," and "Akamai-Mon-Iucid-Del." (The final two are included to support client-side analytics.)
  • Access-Control-Allow-Headers: This is set to “true.”.
  • Access-Control-Max-Age: This is set to “86400” seconds (or 24 hours).

This Rule and each of its Behaviors are not mandatory. You can remove any of them (via the “X” icon in the Rule itself, or in each Behavior). For best performance, we recommended that you leave this Rule and all of its Behaviors in the configuration.