Response Headers
PRISM adds several headers to HTTP responses to indicate rendering status, cache state, and variant information. These headers are useful for debugging, CDN cache keying, and monitoring.
PRISM strips any x-prism-* headers from origin responses before adding its own, preventing origin-side forgery.
Rendered Responses
These headers appear on responses that were rendered through the Chrome pipeline:
x-prism-rendered
x-prism-rendered: true
Present on every response that was rendered by PRISM via headless Chrome. Absent on proxied (bypass) responses.
x-prism-cache
x-prism-cache: HIT|MISS|STALE|BYPASS
Indicates the cache status of the response:
| Value | Meaning |
|---|---|
HIT | Served from the render cache |
MISS | Freshly rendered and now cached |
STALE | Served stale from cache while re-rendering in the background |
BYPASS | Not rendered; proxied directly to origin |
This header is present on all responses, including bypass responses.
x-prism-render-time
x-prism-render-time: 1250
The time in milliseconds that the Chrome render took. Only present on cache MISS responses (fresh renders). Not included on HIT or STALE responses since no render occurred.
x-prism-variant
x-prism-variant: bot-mobile|bot-desktop|human-mobile|human-desktop
The rendering variant used for this request. Determined by combining bot detection with device detection (when viewport-aware rendering is enabled):
| Variant | Description |
|---|---|
bot-mobile | Bot user-agent on a mobile viewport |
bot-desktop | Bot user-agent on a desktop viewport |
human-mobile | Human user on a mobile viewport |
human-desktop | Human user on a desktop viewport |
x-prism-fallback
x-prism-fallback: true
Present when a render was attempted but failed (Chrome crash, timeout, content validation failure, etc.) and PRISM fell back to serving the origin response directly. This ensures users always get a response even when the render pipeline is degraded.
Bypass / Unlicensed Responses
x-prism-license
x-prism-license: unlicensed
Present on bypass responses when PRISM is running without a valid license. Not present when properly licensed.
CDN Integration Headers
Vary
Vary: X-Prism-Variant, Accept-Encoding
Set on all rendered responses. Tells CDNs and intermediate caches to maintain separate cached copies per variant and encoding. Using X-Prism-Variant instead of User-Agent avoids per-user-agent cache fragmentation at the CDN layer.
Cache-Control
Cache-Control: public, max-age=3600, s-maxage=3600
Synthesized by PRISM when the origin response does not include a Cache-Control header and cache.synthesize_cache_control is enabled in configuration. The TTL value comes from cache.default_ttl or path-specific TTL rules.
PRISM respects origin Cache-Control headers: if the origin sends no-store or private, PRISM does not override it.
Header Precedence
PRISM preserves security and cache headers from the origin response (e.g., Strict-Transport-Security, X-Frame-Options, Content-Security-Policy) but does not override any header it has already set. Origin ETag and Last-Modified headers are not forwarded on rendered responses because the response body has been transformed.
Debugging with Headers
Use curl -I to inspect PRISM headers without downloading the full response:
# Check if a page is being rendered
curl -sI https://example.com/products/widget | grep -i x-prism
# Expected output for a rendered bot request:
# x-prism-rendered: true
# x-prism-cache: HIT
# x-prism-variant: bot-desktop
To test as a bot:
curl -sI -A "Googlebot/2.1" https://example.com/products/widget | grep -i x-prism