How to Avoid alt-svc Header Being Overwritten by Cloudflare CDN (on http)?

How can I stop the alt-svc: header (in the response) from being overwritten (depending upon which User-Agent is in the request) by the CDN? Example:

http -p hH http://content.zeal.global/zeal.css "User-Agent:Mozilla/5.0 (X11; Linux armv7l…) Gecko/20100101 Firefox/60.0"
GET /zeal.css HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
Host: content.zeal.global
User-Agent: Mozilla/5.0 (X11; Linux armv7l…) Gecko/20100101 Firefox/60.0

HTTP/1.1 301 Moved Permanently
CF-RAY: 579c309fff58e386-SEA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Wed, 25 Mar 2020 22:50:16 GMT
Expires: Wed, 25 Mar 2020 23:50:16 GMT
Location: https://content.zeal.global/zeal.css
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h2=":443"; ma=60

Note the alt-svc header is added by the CDN when the User-Agent is set to Firefox… When User-Agent is set to HTTPie/0.9.9, the CDN does not set alt-svc. Example:

http -p hH http://content.zeal.global/zeal.css
GET /zeal.css HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
Host: content.zeal.global
User-Agent: HTTPie/0.9.9

HTTP/1.1 301 Moved Permanently
CF-RAY: 579c3f1a482dc9b1-SEA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Wed, 25 Mar 2020 23:00:09 GMT
Expires: Thu, 26 Mar 2020 00:00:09 GMT
Location: https://content.zeal.global/zeal.css
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding

The above is not my site, but on my site I have set “alt-svc: clear”, but the CDN overwrites my value no matter which User-Agent makes the request (and due to the “alt-svc: h2=”:443"; ma=60), the user’s browser ends up making an HTTPS request instead of an HTTP request. (I need the user’s browser to stay on HTTP). How can I make the CDN stop overwriting my alt-svc header?

:wave: @Randi,

I’m confused. Are you trying to make the client do an http request on 443 to Cloudflare instead of an https request?

— OG

:wave: @Randi,

Or perhaps this?

https://www.google.com/amp/s/blog.cloudflare.com/opportunistic-encryption-bringing-http-2-to-the-unencrypted-web/amp/

— OG

No, currently I need to keep everything unencrypted. The CDN adds the unwanted alt-svc header. I simply attempted to work around that by setting it myself.

On your CloudFlare Dash - under network - turn off HTTP/2 and HTTP/3. If that doesn’t work for you, a simple Workers script that alters the header can be used. Try turning off those two services first then let me know.

I can confirm that simply turning off HTTP/2 & HTTP/3 will do the trick. :slightly_smiling_face:

1 Like

@intr0 Thanks so much for verifying the CloudFlare Dash network settings. HTTP/3 was already off. Unfortunately HTTP/2 is on, but it is grayed out, so I’m unable to turn that setting off! Do you know if there is some other related setting I must change, so that I can turn HTTP/2 off?

1 Like

You’re welcome. To turn off HTTP/2 requires a paid plan.

2 Likes

The same argument can be used for fancy restaurants, resorts, car rentals, commuter services and so metal or VPS, you do not get to change how the back end is routing.