Find answers, guides, and tutorials to supercharge your content delivery.

Zone Settings

Updated on June 12, 2020

KeyCDN's Zones come with a number of configurable Zone settings. Here is a list and description of the CDN features for both Push and Pull Zones:

Image Processing

Image Processing transforms and optimizes images with simple URL parameters.

Force Download

Forces content to download instead of opening. The following response header will be set: Content-Disposition: Attachment


Enables cross-origin resource sharing (CORS). This will set the header to: Access-Control-Allow-Origin "*". Make sure this option is enabled if you are using resources such as fonts, CSS files, and icons from another domain.


Enables Gzip compression on: text/plain, text/css, text/js, text/javascript, text/xml, text/x-component, application/json, application/x-javascript, application/javascript, application/xml, application/xml+rss, application/atom+xml, application/xhtml+xml, image/svg+xml, font/ttf, font/eot, font/otf.


Adding or modifying the Expires and Cache-Control response header fields that are sent to the client if the response code equals 200, 201, 204, 206, 301, 302, 303, 304, or 307. This setting overwrites the value received from the origin in case of a Pull Zone. The expire value only has an impact on the web browser cache and not on the KeyCDN cache.

  • -1: Cache-Control: no-cache
  • 0: Push Zone: disabled
    Pull Zone: as received from the origin (header honoring)
  • >0: Cache-Control: max-age=t, where t is the time specified in the directive in minutes converted to seconds

Block Bad Bots

Block bad bots (returns a 451 Unavailable For Legal Reasons response status).

Allow Empty Referrer

Allow requests with an empty Referer request header value if one or more Zone Referrer is active.

Block Referrer

Block requests with a Referer request header value matching a Zone Referrer (returns a 403 Forbidden response status).

Secure Token

Restrict access to all the files within this Zone by secure access tokens. This defines a time interval for which the specified Zone URLs should be accessible. Once it expires, the URLs will return a 403 Forbidden status.

Shared SSL

Enables the wildcard certificate for this Zone (https://*

Custom SSL

Custom SSL is fully supported (also known as private SSL). They reflect one or more Zone Aliases (e.g.

Let's Encrypt SSL

Automatically creates a certificate for your Zone Alias (e.g. Limited to only one Zone Alias.

Force SSL

Redirects HTTP requests to HTTPS (returns a 301 Moved Permanently response status).

KeyCDN uses cookies to make its website easier to use. Learn more