Akamai Setup
The following screenshots illustrate how to use the Akamai Property Manager to configure a property to deliver content from AEM using your Akamai CDN setup. Essential settings are marked with a red circle.
Essential Property settings
Origin Server
Configuration properties:
| Name | Value | Comment |
| Origin Server Hostname | main--<repo>--<organization>.aem.live |
Replace repo and organization with the values for your site. |
| Forward Host Header | Origin Hostname | |
| Cache Key Hostname | Incoming Host Header | |
| Send True Client IP Header | No |
Add Behavior: Remove Vary Header
Configuration properties:
| Name | Value | Comment |
| Remove Vary Header | On |
Add Behavior: Modify Outgoing Request Header
We will need a number of outgoing request headers, please see the table below. Keep the "avoid duplicate headers" setting enabled for all.
Configuration properties:
| Action | Select Header Name | Custom Header Name | New Header Value |
| Modify | Other | X-Forwarded-Host |
{{builtin.AK_HOST}} |
| Modify | Other | X-BYO-CDN-Type |
akamai |
Modify |
Other |
X-Push-Invalidation |
enabled |
Add/Modify Behavior: Caching
Configuration properties:
| Name | Value |
| Caching Option | Honor origin Cache-Control |
| Enhanced RFC support | No |
| Honor private | No |
| Honor must-revalidate | No |
Add Behavior: HTTP/2
(Optional, but recommended)
Add Rule: Modify Outgoing Response Header
In the list of rules in the sidebar, click the button "+ Rules"
Select "Blank Rule Template", set a name such as "Conditionally strip headers" and click "Insert Rule".
To set the criteria for the rule to be applied click "+ Match"
Then select:
- If
- Path
- Does not match one of
*.plain.html
Click "+ Behavior" and "Standard property behavior" to set the behavior if a match is found
Then select "Modify Outgoing Response Header"
With following values:
- Action: Remove
- Select Header Name: Other
- Custom Header Name:
X-Robots-Tag
These are all essential property settings for delivering content.
Optional: Authenticate Origin Requests
When using token-based Site Authentication, add the following under "Add Behavior: Outgoing Request Headers"
Configuration properties:
| Name | Value | Comment |
| Action | Modify | |
| Custom Header Name | Authorization | |
New Header Value |
token <YOUR_TOKEN_HERE> |
Replace with the site token value received in token-based Site Authentication |
| Avoid Duplicate Headers | Yes |
This setting will ensure that Akamai authenticates requests from your CDN to the AEM Origin, which validates the token received in the Authorization header.
Caveats
Do not enable Akamai mPulse Real Usage Monitoring. While the performance impact on most sites is negligible, for sites built for consistent high performance, enabling it will prevent reaching a Lighthouse Score of 100. In AEM, you have a Real Use Monitoring service built-in, so that dual instrumentation will be unnecessary and is strongly discouraged.
Also, do not enable Akamai Bot Manager Premier (also called “Transactional Endpoint Protection”) or similar Web Application Firewall offerings, as they markedly interfere with rendering performance and user experience. Your site on AEM is protected against bot attacks on the backend, so that this performance cost comes with negligible benefit.
Previous