When a website utilizes VergeCloud CDN, visitor requests are directed to VergeCloud CDN servers rather than the original server that hosts the site. In reply to these requests, the CDN edge server transmits several headers to the visitor, which provide insights into the status of the request and the response from the server.
Moreover, when a request is forwarded from the CDN edge server to the primary web hosting server, additional headers are included in this request. These headers can be customized, a feature available to users on the Enterprise plan.
This header provides a unique identifier for each request made from the visitor to the CDN's edge server, enabling tracking of the request's status.
If users employ VergeCloud log forwarding, they can obtain detailed insights regarding the request status by referencing this header's value in their logs.
A four-digit code that signifies the unique identifier of the CDN edge server to which the visitor is connected.
This header reveals the duration it took for the CDN server to acquire the relevant content, measured in milliseconds. The content may be retrieved from the cache on the CDN or directly from the origin server.
When the resources of a website are stored on VergeCloud's edge servers, the X-Cache header indicates the cache status of these resources. The potential values of this header include:
XSS attacks represent a web vulnerability found in numerous websites. Unfortunately, developers may overlook this issue or lack sufficient knowledge on prevention. This security flaw can be very perilous. Attackers can inject arbitrary JavaScript or HTML into users' browsers, executing malicious code that exposes them to significant risks. Modern browsers possess several capabilities to mitigate XSS attacks, usually enabled by default. By including the X-Xss-Protection header in the response, browsers can utilize these protective features.
When a website employs the HTTPS protocol yet contains HTTP links within its HTML pages, the browser generates a Mixed Content error for security reasons. VergeCloud provides an option in its panel under the HTTPS settings to address this issue. Activating this feature adds the Content-Security-Policy header to the headers sent to the user, instructing the browser to switch HTTP links to HTTPS when such a problem arises.
Enabling HSTS within the VergeCloud CDN panel adds this header to the headers sent to the user. It informs the browser that for a specified time frame (e.g., a month), if the initial request to the website is HTTP, it should be automatically converted to an HTTPS request from the browser.
A four-digit identifier denoting the unique number of the CDN server from which the request was generated.
This is a standard HTTP header. In scenarios where a CDN is employed, when a request is made from a visitor to the website, the request first reaches the CDN's edge servers and then the origin server. Therefore, the sender's IP field will show the IP address of the CDN server instead of the user's actual IP.
As many analytics and security measures necessitate the user's real IP address, the CDN server utilizes this HTTP header to relay the user's actual IP to the origin server.
This header is considered a de-facto standard and indicates the protocol used to send the request to the CDN servers initially. For instance, if a user sends a request to the CDN using the HTTP protocol, and the CDN forwards it to the origin server using HTTPS, this header will indicate the HTTP protocol value.
The connection protocol between the visitor and the CDN servers, as well as between the CDN servers and the website's origin servers, can be separately configured in the VergeCloud CDN panel.
This header is similar to X-Real-IP; however, it contains the IP addresses of the proxy servers that the user's request traversed to reach the website's origin server. Essentially, this header represents a series of IP addresses, illustrating the path of the request through multiple servers until it reaches the origin server.
This header contains a two-letter code indicating the country from which the request originated. This information is derived from the user's IP, utilizing updated GeoIP databases.
This header provides a unique identifier for each request sent to the CDN server, allowing for status tracking of the request within the CDN. Additionally, if users implement VergeCloud log forwarding, they can obtain comprehensive information about the request status by searching for this header's value in their logs.
This header assists VergeCloud in identifying how many times a request can enter the VergeCloud network before being blocked due to looping. For example:
CDN-Loop: vergecloud; count=1This header is typically set to allow incoming requests with gzip by default. If any image resizing modules, acceleration features, or CDN applications are active, VergeCloud modifies the value of this header accordingly.
Consider a scenario where a popular e-commerce website utilizes VergeCloud CDN to enhance its performance and security. When a customer visits the site, their request goes to the VergeCloud CDN edge server, which quickly responds with cached content if available. The headers discussed above facilitate this interaction, providing both the website operators and users with valuable information about request status, resource caching, and potential security measures.
To verify the functionality of these headers and ensure proper configuration, you can perform the following tests:
curl -I https://yourwebsite.comcurl -H "Accept-Encoding: gzip" -I https://yourwebsite.comdig yourwebsite.com