[Fundamentals] Add HTTP response headers section and rename page (#18945)

---------

Co-authored-by: Pedro Sousa <[email protected]>

Author: DRayCloudflare

public/_redirects

@@ -448,7 +448,7 @@
 /fundamentals/get-started/how-cloudflare-works/ /fundamentals/concepts/how-cloudflare-works/ 301
 /fundamentals/get-started/cloudflare-cookies/ /fundamentals/reference/policies-compliances/cloudflare-cookies/ 301
 /fundamentals/get-started/google-analytics/ /fundamentals/reference/google-analytics/ 301
-/fundamentals/get-started/http-request-headers/ /fundamentals/reference/http-request-headers/ 301
+/fundamentals/get-started/http-request-headers/ /fundamentals/reference/http-headers/ 301
 /fundamentals/get-started/network-ports/ /fundamentals/reference/network-ports/ 301
 /fundamentals/get-started/basic-tasks/improve-seo/ /fundamentals/basic-tasks/improve-seo/ 301
 /fundamentals/get-started/basic-tasks/allow-cloudflare-ip-addresses/ /fundamentals/concepts/cloudflare-ip-addresses/ 301
@@ -463,6 +463,7 @@
 /fundamentals/internet/ /fundamentals/concepts/the-internet/ 301
 /fundamentals/reference/developer-spotlight/ /developer-spotlight/ 301
 /fundamentals/reference/the-internet/ /fundamentals/concepts/the-internet/ 301
+/fundamentals/reference/http-request-headers/ /fundamentals/reference/http-headers/ 301
 /fundamentals/security/browser-integrity-check/ /waf/tools/browser-integrity-check/ 301
 /fundamentals/signed-exchanges/ /speed/optimization/other/signed-exchanges/ 301
 /fundamentals/signed-exchanges/amp-real-ulr/ /speed/optimization/other/amp-real-url/ 301

src/content/docs/data-localization/how-to/index.mdx

@@ -3,10 +3,9 @@ title: Configuration guides
 pcx_content_type: navigation
 sidebar:
   order: 7
-
 ---
 
-import { DirectoryListing } from "~/components"
+import { DirectoryListing } from "~/components";
 
 Learn how to use Cloudflare products with the Data Localization Suite.
 
@@ -24,6 +23,6 @@ curl -X GET -I https://<HOSTNAME>/ 2>&1 | grep cf-ray
 curl -s https://<HOSTNAME>/cdn-cgi/trace | grep "colo="
 ```
 
-The first command will return a three-letter IATA code in the [CF-Ray](/fundamentals/reference/http-request-headers/#cf-ray) header, indicating the Cloudflare data center location of processing and/or TLS termination. The second command will directly return the three-letter IATA code.
+The first command will return a three-letter IATA code in the [Cf-Ray](/fundamentals/reference/http-headers/#cf-ray) header, indicating the Cloudflare data center location of processing and/or TLS termination. The second command will directly return the three-letter IATA code.
 
 For example, when a hostname is configured to use the region European Union (EU), the three-letter IATA code will always return a data center inside of the EU.

src/content/docs/fundamentals/reference/cloudflare-ray-id.mdx

@@ -1,7 +1,6 @@
 ---
 pcx_content_type: reference
 title: Cloudflare Ray ID
-
 ---
 
 A **Cloudflare Ray ID** is an identifier given to every request that goes through Cloudflare.
@@ -10,7 +9,7 @@ Ray IDs are particularly useful when evaluating Security Events for patterns or
 
 :::caution
 
-Ray IDs are not guaranteed to be unique for every request. In some situations, different requests may have the same Ray ID. 
+Ray IDs are not guaranteed to be unique for every request. In some situations, different requests may have the same Ray ID.
 :::
 
 ## Look up Ray IDs
@@ -33,4 +32,4 @@ Enterprise customers can enable Ray ID as a field in their [Cloudflare Logs](/lo
 
 ### Server logs
 
-For more details about sending Ray IDs to your server logs, refer to the [CF-Ray](/fundamentals/reference/http-request-headers/#cf-ray) header.
+For more details about sending Ray IDs to your server logs, refer to the [Cf-Ray](/fundamentals/reference/http-headers/#cf-ray) header.

src/content/docs/fundamentals/reference/http-request-headers.mdx renamed to src/content/docs/fundamentals/reference/http-headers.mdx

@@ -1,55 +1,56 @@
 ---
 pcx_content_type: reference
-title: Cloudflare HTTP request headers
+title: Cloudflare HTTP headers
 ---
 
 import { Render } from "~/components";
 
+## Request headers
+
 Cloudflare passes all HTTP request headers to your origin web server and adds additional headers as specified below.
 
 :::note
-
 Cloudflare may remove HTTP request headers with names considered invalid [according to NGINX](https://nginx.org/en/docs/http/ngx_http_core_module.html#ignore_invalid_headers) — for example, header names containing a `.` (dot) character.
 :::
 
-## Accept-Encoding
+### Accept-Encoding
 
 For incoming requests, the value of this header will always be set to `accept-encoding: br, gzip`. If the client set a different value, such as `accept-encoding: deflate`, it will be overwritten and the original value will be available in `request.cf.clientAcceptEncoding`.
 
-## CF-Connecting-IP
+### CF-Connecting-IP
 
 `CF-Connecting-IP` provides the client IP address connecting to Cloudflare to the origin web server.
 This header will only be sent on the traffic from Cloudflare's edge to your origin web server.
 
-For guidance on logging your visitor’s original IP address, refer to [Restoring original visitor IPs](/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/).
+For guidance on logging your visitor's original IP address, refer to [Restoring original visitor IPs](/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/).
 
 Alternatively, if you do not wish to receive the `CF-Connecting-IP` header or any HTTP header that may contain the visitor's IP address, [enable the **Remove visitor IP headers** Managed Transform](/rules/transform/managed-transforms/configure/).
 
-### CF-Connecting-IP in Worker subrequests
+#### CF-Connecting-IP in Worker subrequests
 
-In same-zone Worker subrequests, the value of `CF-Connecting-IP` reflects the value of `x-real-ip` (the client’s IP). `x-real-ip` can be altered by the user in their Worker script.
+In same-zone Worker subrequests, the value of `CF-Connecting-IP` reflects the value of `x-real-ip` (the client's IP). `x-real-ip` can be altered by the user in their Worker script.
 
 In cross-zone subrequests from one Cloudflare zone to another Cloudflare zone, the `CF-Connecting-IP` value will be set to the Worker client IP address `'2a06:98c0:3600::103'` for security reasons.
 
 For Worker subrequests destined for a non-Cloudflare customer zone, the `CF-Connecting-IP` and `x-real-ip` headers will both reflect the client's IP address, with only the `x-real-ip` header able to be altered.
 
 When no Worker subrequest is triggered, `cf-connecting-ip` reflects the client's IP address and the `x-real-ip` header is stripped.
 
-## CF-Connecting-IPv6
+### CF-Connecting-IPv6
 
 Cloudflare provides [free IPv6 support](/network/ipv6-compatibility/) to all domains without requiring additional configuration or hardware. To support migrating to IPv6, Cloudflare's [Pseudo IPv4](/network/pseudo-ipv4/) provides an IPv6 to IPv4 translation service for all Cloudflare domains.
 
 <Render file="pseudo-ipv4-warning" /> <br />
 
-## CF-EW-Via
+### CF-EW-Via
 
 This header is used for loop detection, similar to the `CDN-Loop` [header](https://blog.cloudflare.com/preventing-request-loops-using-cdn-loop/).
 
-## CF-Pseudo-IPv4
+### CF-Pseudo-IPv4
 
 If [Pseudo IPv4](/network/pseudo-ipv4/) is set to `Add Header` - Cloudflare automatically adds the `CF-Pseudo-IPv4` header with a Class E IPv4 address hashed from the original IPv6 address.
 
-## True-Client-IP (Enterprise plan only)
+### True-Client-IP (Enterprise plan only)
 
 `True-Client-IP` provides the original client IP address to the origin web server. `True-Client-IP` is only available on an Enterprise plan. In the example below, `203.0.113.1` is the original visitor IP address. For example: `True-Client-IP: 203.0.113.1`
 
@@ -60,12 +61,10 @@ To add a `True-Client-IP` HTTP header to requests, [enable the **Add "True-Clien
 Alternatively, if you do not wish to receive the `True-Client-IP` header or any HTTP header that may contain the visitor's IP address, [enable the **Remove visitor IP headers** Managed Transform](/rules/transform/managed-transforms/configure/).
 
 :::caution
-
 If you are using Cloudflare in a stacked CDN and authenticating HTTP requests based on the IP address value in the `True-Client-IP` header, you must add a `True-Client-IP` header to your requests. If you do not add this header, its value can be spoofed to any value.
-
 :::
 
-## X-Forwarded-For
+### X-Forwarded-For
 
 `X-Forwarded-For` maintains proxy server and original visitor IP addresses. If there was no existing `X-Forwarded-For`header in the request sent to Cloudflare, `X-Forwarded-For` has an identical value to the `CF-Connecting-IP` header.
 
@@ -76,28 +75,26 @@ If, on the other hand, an `X-Forwarded-For` header was already present in the re
 If you do not wish to receive the visitor's IP address in the `X-Forwarded-For` header, or any HTTP header that may contain the visitor's IP address, [enable the **Remove visitor IP headers** Managed Transform](/rules/transform/managed-transforms/configure/).
 
 :::note
-
 To restore the original visitor IP address at your origin web server, Cloudflare recommends that your logs or applications look at `CF-Connecting-IP` or `True-Client-IP` instead of `X-Forwarded-For`. `CF-Connecting-IP` and `True-Client-IP` both have a consistent format containing only one IP address.
-
 :::
 
-## X-Forwarded-Proto
+### X-Forwarded-Proto
 
 `X-Forwarded-Proto` is used to identify the protocol (HTTP or HTTPS) that Cloudflare uses to connect to origin web server. By default, it is `http`. Certain [encryption mode](/ssl/origin-configuration/ssl-modes/) may change this header to `https` if the connection is encrypted.
 
 For incoming requests, the value of this header will be set to the protocol the client used (`http` or `https`). If the client set a different value, it will be overwritten.
 
-## CF-RAY
+### Cf-Ray
 
-The `CF-ray` header (otherwise known as a [Ray ID](/fundamentals/reference/cloudflare-ray-id/)) is a hashed value that encodes information about the data center and the visitor’s request. For example: `CF-RAY: 230b030023ae2822-SJC`.
+The `Cf-Ray` header (otherwise known as a [Ray ID](/fundamentals/reference/cloudflare-ray-id/)) is a hashed value that encodes information about the data center and the visitor's request. For example: `Cf-Ray: 230b030023ae2822-SJC`.
 
-Add the [`CF-Ray` header to your origin web server logs](/support/troubleshooting/general-troubleshooting/gathering-information-for-troubleshooting-sites/#add-the-cf-ray-header-to-your-logs) to match requests proxied to Cloudflare to requests in your server logs.
+Add the [`Cf-Ray` header to your origin web server logs](/support/troubleshooting/general-troubleshooting/gathering-information-for-troubleshooting-sites/#add-the-cf-ray-header-to-your-logs) to match requests proxied to Cloudflare to requests in your server logs.
 
 Enterprise customers can also see all requests via [Cloudflare Logs](/logs/).
 
-## CF-IPCountry
+### CF-IPCountry
 
-The `CF-IPCountry` header contains a two-character country code of the originating visitor’s country.
+The `CF-IPCountry` header contains a two-character country code of the originating visitor's country.
 
 Besides the [ISO-3166-1 alpha-2 codes](https://www.iso.org/iso-3166-country-codes.html), Cloudflare uses the following special country codes:
 
@@ -107,44 +104,67 @@ Besides the [ISO-3166-1 alpha-2 codes](https://www.iso.org/iso-3166-country-code
 To add this header to requests, along with other HTTP headers with location information for the visitor's IP address, [enable the **Add visitor location headers** Managed Transform](/rules/transform/managed-transforms/configure/).
 
 :::note
-
 The `CF-IPCountry` header is removed from requests made from a Worker to an origin that is not proxied behind Cloudflare.
-
 :::
 
-## CF-Visitor
+### CF-Visitor
 
-Currently, this header is a JSON object, containing only one key called “scheme”. The header will be either HTTP or HTTPS, and it is only relevant if you need to enable Flexible SSL in your Cloudflare settings. For example: `CF-Visitor: { \"scheme\":\"https\"}`.
+Currently, this header is a JSON object, containing only one key called `scheme`. The header will be either HTTP or HTTPS, and it is only relevant if you need to enable Flexible SSL in your Cloudflare settings. For example: `CF-Visitor: { \"scheme\":\"https\"}`.
 
-## CDN-Loop
+### CDN-Loop
 
-`CDN-Loop` allows Cloudflare to specify how many times a request can enter Cloudflare's network before it is blocked as a looping request. For example: `CDN-Loop: cloudflare`
+`CDN-Loop` allows Cloudflare to specify how many times a request can enter Cloudflare's network before it is blocked as a looping request. For example: `CDN-Loop: cloudflare`.
 
-## CF-Worker
+### CF-Worker
 
-The `CF-Worker` request header is added to an edge Worker subrequest that identifies the host that spawned the subrequest. This is useful when you want to protect yourself against cross-zone worker subrequests. For example: `CF-Worker: example.com`.
+The `CF-Worker` request header is added to an edge Worker subrequest that identifies the host that spawned the subrequest. This is useful when you want to protect yourself against cross-zone Worker subrequests. For example: `CF-Worker: example.com`.
 
 You can add `CF-Worker` header on server logs similar to the way you add the [`CF-RAY`](/support/troubleshooting/general-troubleshooting/gathering-information-for-troubleshooting-sites/#add-the-cf-ray-header-to-your-logs) header. To do that, add `$http_cf_worker` in the log format file: `log_format cf_custom "CF-Worker:$http_cf_worker"'`
 
 `CF-Worker` is added to all Worker subrequests sent via `fetch()`. It is set to the name of the zone which owns the Worker making the subrequest. For example, a Worker script on route for `foo.example.com/*` from `example.com` will have all subrequests with the header:
 
-`CF-Worker`: `example.com`
+```txt
+CF-Worker: example.com
+```
 
 The intended purpose of this header is to provide a means for recipients (for example, origins, load balancers, other Workers) to recognize, filter, and route traffic generated by Workers on specific zones.
 
 :::note
-
-When configuring WAF custom rules, do not match on this header. These rules are applied before Cloudflare adds the `CF-Worker` header. Instead, use the [`cf.worker.upstream_zone`](/ruleset-engine/rules-language/fields/reference/cf.worker.upstream_zone/) dynamic field, which contains the same value and exists for the same purpose.
-
+When configuring WAF custom rules, do not match on this header. These rules are applied before Cloudflare adds the `CF-Worker` header. Instead, use the [`cf.worker.upstream_zone`](/ruleset-engine/rules-language/fields/reference/cf.worker.upstream_zone/) field, which contains the same value and exists for the same purpose.
 :::
 
-## Connection
+### Connection
 
 For incoming requests, the value of this header will always be set to `Keep-Alive`. If the client set a different value, such as `close`, it will be overwritten. Note that is also the case when the client uses HTTP/2 or HTTP/3 to connect.
 
-## Considerations for Spectrum
+### Considerations for Spectrum
 
 When using Spectrum with a TCP application, these headers are not visible at the origin as they are HTTP headers. If you wish to utilize these in your application, there are two options:
 
 - Use an HTTP or HTTPS Spectrum app instead of TCP
 - Use the [Proxy Protocol feature](/spectrum/how-to/enable-proxy-protocol/)
+
+## Response headers
+
+Cloudflare will remove some HTTP headers from the response sent back to the visitor and add some Cloudflare-specific HTTP headers.
+
+### Removed response headers
+
+Cloudflare passes all HTTP headers in the response from the origin server back to the visitor with the exception of the following headers:
+
+- `X-Accel-Buffering`
+- `X-Accel-Charset`
+- `X-Accel-Limit-Rate`
+- `X-Accel-Redirect`
+
+### Added response headers
+
+Cloudflare adds the HTTP headers specified below to the response sent to the visitor.
+
+#### Cf-Ray
+
+The `Cf-Ray` value returned to the visitor will be the same `Cf-Ray` value that was sent to the origin server.
+
+#### Cf-Cache-Status
+
+A list of all possible `Cf-Cache-Status` values is contained in [Cloudflare cache responses](/cache/concepts/cache-responses/).

src/content/docs/network/ip-geolocation.mdx

@@ -6,7 +6,7 @@ title: IP geolocation
 
 import { FeatureTable, TabItem, Tabs } from "~/components";
 
-IP geolocation adds the [`CF-IPCountry` header](/fundamentals/reference/http-request-headers/#cf-ipcountry) to all requests to your origin server.
+IP geolocation adds the [`CF-IPCountry` header](/fundamentals/reference/http-headers/#cf-ipcountry) to all requests to your origin server.
 
 Cloudflare automatically updates its IP geolocation database using MaxMind and other data sources, typically twice a week.
 
@@ -36,7 +36,7 @@ To enable **IP Geolocation** with the API, send a [`PATCH`](/api/resources/zones
 
 :::note
 
-In order to use this data, you will need to then retrieve it from the [`CF-IPCountry` header](/fundamentals/reference/http-request-headers/#cf-ipcountry).
+In order to use this data, you will need to then retrieve it from the [`CF-IPCountry` header](/fundamentals/reference/http-headers/#cf-ipcountry).
 
 :::
 

src/content/docs/network/true-client-ip-header.mdx

@@ -2,12 +2,11 @@
 pcx_content_type: troubleshooting
 source: https://support.cloudflare.com/hc/en-us/articles/206776727-Understanding-the-True-Client-IP-Header
 title: Understanding the True-Client-IP Header
-
 ---
 
-import { FeatureTable } from "~/components"
+import { FeatureTable } from "~/components";
 
-Enabling the True-Client-IP Header adds the [`True-Client-IP` header](/fundamentals/reference/http-request-headers/#true-client-ip-enterprise-plan-only) to all requests to your origin server, which includes the end user’s IP address.
+Enabling the True-Client-IP Header adds the [`True-Client-IP` header](/fundamentals/reference/http-headers/#true-client-ip-enterprise-plan-only) to all requests to your origin server, which includes the end user's IP address.
 
 ## Availability
 
@@ -18,17 +17,13 @@ Enabling the True-Client-IP Header adds the [`True-Client-IP` header](/fundament
 The recommended procedure to access client IP information is to [enable the **Add "True-Client-IP" header** Managed Transform](/rules/transform/managed-transforms/reference/#add-true-client-ip-header).
 
 :::note
-
-
-In order to use this data, you will need to then retrieve it from the [`True-Client-IP` header](/fundamentals/reference/http-request-headers/#cf-ipcountry).
-
-
+To use this data, you will need to then retrieve it from the [`True-Client-IP` header](/fundamentals/reference/http-headers/#cf-ipcountry).
 :::
 
 ## Additional resources
 
 For additional guidance on using True-Client-IP Header with Cloudflare, refer to the following resources:
 
-* [Available Managed Transforms](/rules/transform/managed-transforms/reference/#add-true-client-ip-header)
-* [HTTP request headers](/fundamentals/reference/http-request-headers/#true-client-ip-enterprise-plan-only)
-* [Restoring original visitor IPs](/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/)
+- [Available Managed Transforms](/rules/transform/managed-transforms/reference/#add-true-client-ip-header)
+- [Cloudflare HTTP headers](/fundamentals/reference/http-headers/#true-client-ip-enterprise-plan-only)
+- [Restoring original visitor IPs](/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/)