Akamai Setup
The following screenshots illustrate how to use the to configure a property to deliver content from AEM using your Akamai CDN setup. Essential settings are marked with a red circle.
Essential Property settings
Origin Server
Configuration properties:
Add Behavior: Remove Vary Header
Configuration properties:
Add Behavior: Modify Outgoing Request Header
We will need a number of outgoing request headers, please see the table below. Keep the 鈥渁void duplicate headers鈥 setting enabled for all.
Configuration properties:
Add/Modify Behavior: Caching
Configuration properties:
Add Behavior: HTTP/2
(Optional, but recommended)
Add Rule: Modify Outgoing Response Header
In the list of rules in the sidebar, click the button 鈥+ Rules鈥
Select 鈥淏lank Rule Template鈥, set a name such as 鈥淐onditionally strip headers鈥 and click 鈥淚nsert Rule鈥.
To set the criteria for the rule to be applied click 鈥+ Match鈥
Then select:
- If
- Path
- Does not match one of
*.plain.html
Click 鈥+ Behavior鈥 and 鈥淪tandard property behavior鈥 to set the behavior if a match is found
Then select 鈥淢odify Outgoing Response Header鈥
With following values:
- Action: Remove
- Select Header Name: Other
- Custom Header Name:
X-Robots-Tag
These are all essential property settings for delivering content.
Optional: Authenticate Origin Requests
When using token-based Site Authentication, add the following under 鈥淎dd Behavior: Outgoing Request Headers鈥
Configuration properties:
This setting will ensure that Akamai authenticates requests from your CDN to the AEM Origin, which validates the token received in the Authorization header.
Caveats
Do not enable . While the performance impact on most sites is negligible, for sites built for consistent high performance, enabling it will prevent reaching a Lighthouse Score of 100. In AEM, you have a Real Use Monitoring service built-in, so that dual instrumentation will be unnecessary and is strongly discouraged.
Also, do not enable (also called 鈥淭ransactional Endpoint Protection鈥) or similar Web Application Firewall offerings, as they markedly interfere with rendering performance and user experience. Your site on AEM is protected against bot attacks on the backend, so that this performance cost comes with negligible benefit.
Setup push invalidation for Akamai
Push invalidation automatically purges content on the customer鈥檚 production CDN (e.g. www.yourdomain.com), whenever an author publishes content changes.
Content is purged by url and by cache tag/key.
Push invalidation is enabled by adding specific properties to the project鈥檚 configuration (an Excel workbook named .helix/config.xlsx in Sharepoint or a Google Sheet named .helix/config in Google Drive).
Configuration properties:
AEM push invalidation uses the , specifically Delete by URL and Delete by cache tag.
The Fast Purge API credentials consist of
host = akaa-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.luna.akamaiapis.net
client_token = akab-XXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXX
client_secret = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
access_token = akab-XXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXX
They can be generated by following the instructions at .
Go to Identity & Access Management:
Create API client:
Required group/role permissions:
You can validate the credentials with this .
Special Mention - Akamai Edge-Control Headers
AEM uses a fine tuned, production hardened way to supply caching information that applies to the specific CDN, in conjunction with our reliable push invalidation. This allows us to improve cache efficiency and consistency over traditional TTL based approaches.
Every CDN vendor supports a way to directly influence how to instruct caching and we are excited to see standardization efforts like 鈥淭argeted Cache Control鈥 (TCC) being on the roadmap for Akamai (see: ), in the meantime we are using Akamai鈥檚 long-term supported Edge-Control header.