When a website utilizes VergeCloud CDN for performance enhancement and security, visitor requests are directed to VergeCloud’s CDN servers instead of directly reaching the website's main server. In return, the CDN edge server sends various headers back to the visitor, which provide insight into the request's status and the server’s response.
Headers sent by VergeCloud CDN are prefixed with "vc," the first two letters of VergeCloud, to signify they are generated by the CDN. Additionally, when a request is forwarded from the CDN edge server to the origin server, headers are appended to that request as well. Below is a detailed explanation of these headers.
This header assigns a unique identifier to each request made by a visitor to the CDN edge server. It allows tracking of the request's status on the CDN side, if necessary.
This header shows "VergeCloud (vergecloud.com)" in the response, indicating the website is using VergeCloud CDN.
A four-digit code representing the unique number of the CDN server that is handling the visitor’s request.
This header shows the duration it took the CDN server to retrieve the content, either from the CDN cache or the origin server.
When resources from the website are cached on VergeCloud’s edge servers, this header is provided to inform the cache status of those resources. The possible cache statuses are:
This header helps prevent Cross-Site Scripting (XSS) attacks, which occur when an attacker injects harmful JavaScript or HTML into a webpage, compromising the user’s security. This protection is activated by modern browsers by default, and the header ensures the browser is aware of the protection.
Some browsers might not trust the content-type header and might attempt to detect the content type by inspecting the content itself, a process known as MIME sniffing. This can be a potential security risk. The X-Content-Type-Options header disables content sniffing to avoid such threats.
When a website uses HTTPS but contains HTTP links in its HTML, browsers might show a "Mixed-Content" warning. To resolve this, VergeCloud can add the Content-Security-Policy header to automatically enforce the use of HTTPS for links in the website.
By enabling the HSTS header in VergeCloud’s CDN panel, this header instructs the browser to automatically switch from HTTP to HTTPS for a certain period, even if the initial request was made via HTTP.
This header contains a four-digit code, indicating the unique ID of the CDN server that initiated the request.
The X-Real-IP header is a standard HTTP header used to pass the real IP address of the visitor to the origin server. This is necessary because, when using a CDN, the IP address in the request is that of the CDN server rather than the visitor's actual IP.
This standard HTTP header specifies the protocols used at each stage of the request process. For example, if the request is made via HTTP from the user to the CDN and then forwarded via HTTPS to the origin server, this header will show both protocols.
Similar to X-Real-IP, this header contains an array of IP addresses representing the route the request took through multiple proxy servers before reaching the origin server.
This header is analogous to the X-Forwarded-Proto header.
This header indicates the country from which the request originated, determined by the visitor's IP address and the GeoIP database.
A unique identifier assigned to each visitor request, which can be used for tracking the request’s status on the CDN side when necessary.