Title: HTTP request origin logs
Author: WordPress VIP Documentation
Published: March 12, 2026

---

 1. [Logs](https://docs.wpvip.com/logs/)
 2. HTTP request origin logs

#  HTTP request origin logs

HTTP request logs show data about each request that bypasses [VIP’s edge network of servers](https://docs.wpvip.com/infrastructure/edge-servers/)
and reaches a site’s [origin server](https://docs.wpvip.com/infrastructure/origin-servers/).

To access HTTP request origin logs, enable [Log Shipping](https://docs.wpvip.com/logs/log-shipping/enable/)
for an environment in the VIP Dashboard. The Log Shipping feature automatically 
ships logs to a configured cloud bucket on a regular cadence. Shipped logs are delivered
as a series of gzipped JSON files.

An example JSON-formatted record in a shipped HTTP request origin log file:

    ```lang-json
    {
      "body_bytes_sent": "199724",
      "datacenter": "dfw",
      "http_host": "example.go-vip.net",
      "http_referer": "https://example.go-vip.net/",
      "http_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36",
      "http_version": "HTTP/1.1",
      "http_x_forwarded_for": "200.9.112.251",
      "remote_user": "-",
      "request_id": "3df5dde32076e201952b89e1075ddf60",
      "request_time": "0.000",
      "request_type": "GET",
      "request_url": "/wp-content/themes/twentytwentyfour/assets/images/example.webp",
      "sent_cache_control": "-",
      "status": "200",
      "stream": "stdout",
      "time": "2026-02-09T18:47:08.135796924Z",
      "timestamp_log": "09/Feb/2026:18:47:08 +0000",
      "true_client_ip": "-",
      "wplogin": "exampleusername"
    }
    ```

## Description of fields

| Field | Description | 
| `body_bytes_sent` | The number of bytes (excluding headers) sent in the HTTP response body | 
| `datacenter` | An abbreviated value of the global location of the data center that handled the request | 
| `http_host` | The domain name value and, if present, the port number (e.g. `example.com:8080`) of the Host HTTP request header sent by the client | 
| `http_referer` | [The `Referer` request header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referer), if available, contains the purported address of the web page from which a link to the currently requested page was followed. | 
| `http_user_agent` | The contents of the `User-Agent` request header | 
| `http_version` | HTTP protocol version | 
| `http_x_forwarded_for` | The `x-forwarded-for` header value is a record of the source IP address of each proxy server through which the request passed through. The leftmost proxy value in a series is most likely to be the client’s originating IP address. | 
| `remote_user`  | If the request was authenticated with HTTP [Basic Authentication](https://docs.wpvip.com/basic-authentication/), this is the username value (the password is not logged). | 
| `request_id` | Unique request identifier. This value is set in the `x-request-id` HTTP request header which can be read by a WordPress or Node.js application. | 
| `request_time`  | The amount of time taken for the request | 
| `request_type` | The [HTTP method](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods) (e.g., `GET`, `POST`). | 
| `request_url` | The path of the resource that was fetched, not including elements that are included elsewhere such as the protocol (e.g. `http://`, see `scheme`), and the domain (e.g. `example.com`, see `http_host`). | 
| `sent_cache_control` | The contents of [the `Cache-Control` HTTP response header](https://docs.wpvip.com/caching/page-cache/modify-max-age/). | 
| `status` | The HTTP response status code (e.g. `200`, `404`, etc.) | 
| `stream` | Either `stdin` or `stdout` | 
| `time` | UTC date and time of the logged request in ISO format | 
| `timestamp_log` | The timestamp of the request logged by NGINX in UTC date and time format | 
| `true_client_ip` | A request header commonly set by reverse proxies, including [Cloudflare](https://support.cloudflare.com/hc/en-us/articles/206776727-What-is-True-Client-IP-), to indicate the remote address of the client for which they are forwarding requests (see also: `http_x_forwarded_for`). | 
| `wplogin` | The login name (i.e. `user_login`) of the authenticated WordPress user, if any. For requests without an authenticated WordPress user this field will contain `-`. |

Last updated: March 12, 2026