Hi, in LogsExplorer I see by a request (protoPayload): responseSize: "95" cost: 1.0617e-8
I guess it is byte and dollar, from: outgoing bandwidth cost of 0.12$/gb. This request has 0 content length and I tried to remove each and every response headers via Jetty. Still Google Frontend adds response headers and I guess *these are counted towards my bill too, even if I do not see how I could stop App Engine to add these response headers.* In Chrome developer console I see following response headers: 1. content-length:0 2. content-type:text/html 3. date:Sun, 13 Jun 2021 12:27:59 GMT 4. server:Google Frontend 5. x-cloud-trace-context:01c5ef694******* *My question(s): *Do browsers need these response headers? Can I ask Google Frontend to skip all headers? (app.yaml or so). If not, why is it counted towards my bill? Please do not say it is not much, because if it is sooo little, you might as well not count this 100 bytes... It seems odd to me that the system adds data to a response (if it is not needed for the browser) and I have to pay for it. How is this relevant? I try to minimise my costs associated with a future denial of wallet like attack. GET requests to static resources may cause a huge bill through outgoing bandwidth / gb, which is a big vulnerability I believe so. In the process of minimizing data sent for first GET requests to /, I realized I pay for these unwanted response headers which might not be much in case of an attack relative to data I must send the first time, still it is somehow disturbing :) If you could, I would also be happy to get some suggestions how I can defend against denial of wallet attacks. I do not find anything useful. Actually I have a system now and to be honest if I send 500 bytes of data the extra 100 bytes will not make a lot of difference, still now I am curious why I have to pay for the data if it is just garbage (I do not know at this point, it seems to be garbage to me cause I do not need it) and I do not want to send it to the client. Thanks! -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/a0defeda-67c7-4a90-95bc-2cde2ec037d7n%40googlegroups.com.
