Title: HTTP request edge logs
Author: WordPress VIP Documentation
Published: February 13, 2024
Last modified: April 10, 2026

---

 1. [Logs](https://docs.wpvip.com/logs/)
 2. HTTP request edge logs

#  HTTP request edge logs

HTTP request edge logs show data about each request that was made to [VIP’s edge network of servers](https://docs.wpvip.com/infrastructure/edge-servers/)
for a site.

To access HTTP request edge logs for an environment, enable [Log Shipping](https://docs.wpvip.com/logs/log-shipping/enable/)
in the VIP Dashboard. The Log Shipping feature automatically ships logs to a configured
cloud bucket on a regular cadence. Shipped logs are delivered as a series of gzipped
JSON files.

An example JSON-formatted record in a shipped HTTP request edge log file:

    ```lang-json
    {
      "client_site_id": "000",
      "remote_user": "",
      "request_url": "/",
      "wplogin": "-",
      "timestamp": "19/May/2020:17:03:58 +0000",
      "request_type": "GET",
      "scheme": "https",
      "http_referer": "https://example.com/",
      "http_x_forwarded_for": "",
      "true_client_ip": "",
      "remote_addr": "127.0.0.1",
      "asn": "2635",
      "tls_version": "TLSv1.3",
      "ssl_client_verify": "NONE",
      "content_type": "text/html; charset=UTF-8",
      "upstream_country_code": "GB",
      "sent_cache_control": "max-age=300, must-revalidate",
      "timestamp_iso8601": "2020-05-19T17:03:58+00:00",
      "sent_vary": "Accept-Encoding",
      "sent_x_cache": "hit",
      "request_id": "81cd24c5c46d4c1aa0205dd8001cdba6",
      "request_time": "0.001",
      "http_host": "example.com",
      "http_accept_language": "en-US,en;q=0.9",
      "http_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36",
      "http_version": "HTTP/2.0",
      "body_bytes_sent": "8981",
      "status": "200",
      "private_file": "",
      "cache_segment": "",
      "mobile_class": "smart",
      "http_x_vip_ip": "127.0.0.1"
    }
    ```

## Description of fields

| Field | Description | 
| `asn` | The Autonomous System Number (ASN) of the `remote_addr` IP address | 
| `body_bytes_sent` | Total number of bytes sent to the client | 
| `cache_segment` | The value of the `vip-go-seg` cookie for applications leveraging the [VIP Cache Personalization API](https://docs.wpvip.com/caching/page-cache/the-vip-cache-personalization-api/) | 
| `client_site_id` | An internal ID unique to this environment | 
| `content_type` | The media type of the resource (e.g. `text/html; charset=UTF-8`) | 
| `http_accept_language` | The contents of the `Accept-Language` request HTTP header | 
| `http_host` | The domain (e.g. `example.com`) | 
| `http_referer` | [The `Referer` request header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referer), if available, contains the purported address of the web page from which a link to the currently requested page was followed. | 
| `http_user_agent` | The contents of the `User-Agent` request header | 
| `http_version` | HTTP protocol version | 
| `http_x_forwarded_for` | The `x-forwarded-for` header value is a record of the source IP address of each proxy server through which the request passed through. The leftmost proxy value in a series is most likely to be the client’s originating IP address. | 
| `http_x_vip_ip` | A calculated assumption of the end user’s IP address based on the value of the `true-client-ip` header if it exists, else the leftmost IP address value of `x-forwarded-for`. | 
| `http_x_ip_proxy_type` | The originating IP address class type based on the [IP2Proxy database](https://www.ip2location.com/database/px2-ip-proxytype-country). The limited set of possible values includes: **VPN** (Anonymizing VPN services), **TOR** (Tor Exit Nodes), **DCH** (Hosting Provider, Data Center, or CDN), **PUB** (Public Proxies [generic proxy services]), **WEB** (Web Proxies [web-based anonymizers]), **SES** (Search Engine Robots), **RES** (Residential proxies), **UNK** (Residential/mobile traffic or unclassified IPs) | 
| `mobile_class` | [The `x-mobile-class`_ _header](https://docs.wpvip.com/caching/page-cache/cache-api/#h-vary-cached-content-by-user-agent-class) value. Can be 1 of 4 values: `desktop`, `tablet`, `smart`, or `dumb`. | 
| `private_file` | This field will be empty for requests that do not include a `/wp-content/uploads/` path. A value of `1` indicates a request to a file restricted by [Access-Controlled Files](https://docs.wpvip.com/restricting-site-access/access-controlled-files/), and a `0` for all other files. | 
| `remote_addr` | IP address of the client making the request (see also: `true_client_ip` and `http_x_forwarded_for`). | 
| `remote_user`  | If the request was authenticated with HTTP [Basic Authentication](https://docs.wpvip.com/basic-authentication/), this is the username value (the password is not logged). | 
| `request_id` | Unique request identifier. This value is set in the `x-request-id` HTTP request header which can be read by a WordPress or Node.js application. | 
| `request_time`  | The amount of time taken for the request. | 
| `request_type` | The [HTTP method](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods) (e.g., `GET`, `POST`). | 
| `request_url` | The path of the resource that was fetched, not including elements that are included elsewhere such as the protocol (e.g. `http://`, see `scheme`), and the domain (e.g. `example.com`, see `http_host`). | 
| `sent_cache_control` | The contents of [the `Cache-Control` HTTP response header](https://docs.wpvip.com/caching/page-cache/modify-max-age/). | 
| `scheme` | Either `http` or `https` | 
| `sent_vary` | The contents of the `Vary` HTTP response header; note that VIP does not allow free use of the `Vary` header (e.g. `Accept-Encoding`). | 
| `sent_x_cache` | HTTP response header values that are returned by the page cache (e.g., `HIT`, `MISS`, or `BYPASS`). | 
| `ssl_client_verify` | The result of client certificate verification: `"SUCCESS"`, `"FAILED:reason"`, and `"NONE"` if a certificate was not present. | 
| `status` | The HTTP response status code (e.g. `200`, `404`, etc.) | 
| `timestamp` | UTC date and time of the request | 
| `timestamp_iso8601` | UTC date and time of the request in ISO format | 
| `tls_ja3_hash` | JA3 fingerprint hash derived from the TLS Client Hello packet. A 32-character MD5 hash that uniquely identifies the set of SSL/TLS protocol options advertised by the client, including version, cipher suites, extensions, elliptic curves, and elliptic curve point formats. | 
| `tls_version` | TLS version used by the client. | 
| `true_client_ip` | A request header commonly set by reverse proxies, including [Cloudflare](https://support.cloudflare.com/hc/en-us/articles/206776727-What-is-True-Client-IP-), to indicate the remote address of the client for which they are forwarding requests (see also: `http_x_forwarded_for`). | 
| `upstream_country_code` | All requests are geocoded by country (e.g., “US”, “GB”, etc.) at the edge of the VIP CDN using the incoming IP address. | 
| `wplogin` | The login name (i.e. `user_login`) of the authenticated WordPress user, if any. For requests without an authenticated WordPress user this field will contain `-`. |

Last updated: April 10, 2026