HTTP request origin logs
HTTP request logs show data about each request that bypasses VIP’s edge network of servers and reaches a site’s origin server.
To access HTTP request origin logs, enable Log Shipping for an environment in the VIP Dashboard. The Log Shipping feature automatically ships logs to a configured cloud bucket on a regular cadence. Shipped logs are delivered as a series of gzipped JSON files.
An example JSON-formatted record in a shipped HTTP request origin log file:
{
"body_bytes_sent": "199724",
"datacenter": "dfw",
"http_host": "example.go-vip.net",
"http_referer": "https://example.go-vip.net/",
"http_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36",
"http_version": "HTTP/1.1",
"http_x_forwarded_for": "200.9.112.251",
"remote_user": "-",
"request_id": "3df5dde32076e201952b89e1075ddf60",
"request_time": "0.000",
"request_type": "GET",
"request_url": "/wp-content/themes/twentytwentyfour/assets/images/example.webp",
"sent_cache_control": "-",
"status": "200",
"stream": "stdout",
"time": "2026-02-09T18:47:08.135796924Z",
"timestamp_log": "09/Feb/2026:18:47:08 +0000",
"true_client_ip": "-",
"wplogin": "exampleusername"
}Description of fields
| Field | Description |
|---|---|
body_bytes_sent | The number of bytes (excluding headers) sent in the HTTP response body |
datacenter | An abbreviated value of the global location of the data center that handled the request |
http_host | The domain name value and, if present, the port number (e.g. example.com:8080) of the Host HTTP request header sent by the client |
http_referer | The Referer request header, if available, contains the purported address of the web page from which a link to the currently requested page was followed. |
http_user_agent | The contents of the User-Agent request header |
http_version | HTTP protocol version |
http_x_forwarded_for | The x-forwarded-for header value is a record of the source IP address of each proxy server through which the request passed through. The leftmost proxy value in a series is most likely to be the client’s originating IP address. |
remote_user | If the request was authenticated with HTTP Basic Authentication, this is the username value (the password is not logged). |
request_id | Unique request identifier. This value is set in the x-request-id HTTP request header which can be read by a WordPress or Node.js application. |
request_time | The amount of time taken for the request |
request_type | The HTTP method (e.g., GET, POST). |
request_url | The path of the resource that was fetched, not including elements that are included elsewhere such as the protocol (e.g. http://, see scheme), and the domain (e.g. example.com, see http_host). |
sent_cache_control | The contents of the Cache-Control HTTP response header. |
status | The HTTP response status code (e.g. 200, 404, etc.) |
stream | Either stdin or stdout |
time | UTC date and time of the logged request in ISO format |
timestamp_log | The timestamp of the request logged by NGINX in UTC date and time format |
true_client_ip | A request header commonly set by reverse proxies, including Cloudflare, to indicate the remote address of the client for which they are forwarding requests (see also: http_x_forwarded_for). |
wplogin | The login name (i.e. user_login) of the authenticated WordPress user, if any. For requests without an authenticated WordPress user this field will contain -. |
Last updated: March 12, 2026