[Yandex Cloud documentation](../../index.md) > [Yandex Cloud CDN](../index.md) > [Concepts](index.md) > Data exchange between the CDN and origins > Hiding of origin headers

# Hiding of origin headers

By default, Cloud CDN provides all HTTP headers received from the [origin](origins.md) to the client. With the header hiding option, you can [configure](../operations/resources/hiding-headers.md) your CDN resource in a way that the client gets only particular origin headers.

This option works as a whitelist. All origin headers not mentioned in the setting will be screened and hidden.

You may want to hide headers in some of the following situations:

* Protecting sensitive information.
* Enforcement of requirements prohibiting the transmission of certain headers to clients.
* Downsizing the response.


## Recommendations {#recommendations}

We recommend whitelisting the following headers:

* `Content-Type`: Required for the browser to display content correctly.
* `Content-Length`: Informs about the size of the response.
* `Cache-Control`: Manages client-side caching.
* `ETag`: Used to check content for relevance.
* `Last-Modified`: Date of last content modification.

We recommend to hide the following headers for increased security:

* `Server`: Server software info.
* `X-Powered-By`: Technology info, e.g., PHP, ASP.NET.
* `X-AspNet-Version`: ASP.NET version.
* `X-Generator`: CMS or website generator info.
* `X-Debug-Info`: Debugging info.
* `X-Internal-*`: Any internal headers.


#### See also {#see-also}

* [Setting up hiding of origin headers](../operations/resources/hiding-headers.md)