Hello, You are right, some headers are added, as a service to the app. This is documented in the App Engine-specific headers sub-chapter <https://cloud.google.com/appengine/docs/standard/go/reference/request-response-headers#app_engine-specific_headers>. However, the headers you mention are not added, but removed from request responses <https://cloud.google.com/appengine/docs/standard/go/reference/request-response-headers#request_responses>. You are right, outgoing traffic is counted towards your bill <https://cloud.google.com/appengine/pricing>.
This discussion group is oriented more towards general opinions, trends, and issues of general nature touching App Engine and Cloud SQL. For coding and programming architecture, as well as adding or removing headers, you may be better served in dedicated forums such as stackoverflow, where experienced programmers are within reach and ready to help. On Sunday, 13 June 2021 at 18:27:59 UTC-4 [email protected] wrote: > Hi, > > in LogsExplorer I see by a request (protoPayload): > responseSize: "95" > cost: 1.0617e-8 > > I guess it is byte and dollar, from: outgoing bandwidth cost of 0.12$/gb. > > This request has 0 content length and I tried to remove each and every > response headers via Jetty. Still Google Frontend adds response headers and > I guess *these are counted towards my bill too, even if I do not see how > I could stop App Engine to add these response headers.* In Chrome > developer console I see following response headers: > > 1. content-length:0 > 2. content-type:text/html > 3. date:Sun, 13 Jun 2021 12:27:59 GMT > 4. server:Google Frontend > 5. > x-cloud-trace-context:01c5ef694******* > > *My question(s): *Do browsers need these response headers? Can I ask > Google Frontend to skip all headers? (app.yaml or so). If not, why is it > counted towards my bill? Please do not say it is not much, because if it is > sooo little, you might as well not count this 100 bytes... > > It seems odd to me that the system adds data to a response (if it is not > needed for the browser) and I have to pay for it. > > How is this relevant? I try to minimise my costs associated with a future > denial of wallet like attack. GET requests to static resources may cause a > huge bill through outgoing bandwidth / gb, which is a big vulnerability I > believe so. > > In the process of minimizing data sent for first GET requests to /, I > realized I pay for these unwanted response headers which might not be much > in case of an attack relative to data I must send the first time, still it > is somehow disturbing :) > > If you could, I would also be happy to get some suggestions how I can > defend against denial of wallet attacks. I do not find anything useful. > > Actually I have a system now and to be honest if I send 500 bytes of data > the extra 100 bytes will not make a lot of difference, still now I am > curious why I have to pay for the data if it is just garbage (I do not know > at this point, it seems to be garbage to me cause I do not need it) and I > do not want to send it to the client. > > Thanks! > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/c10ef382-0d84-41bf-91f1-b727542357e2n%40googlegroups.com.
