Skip to content

Contents of HTTP request logs

The files that are shipped by HTTP request Log Shipping are written as a series of gzipped JSON files. An example record in a log file:

  "client_site_id": "000",
  "remote_user": "",
  "request_url": "/",
  "wplogin": "-",
  "timestamp": "19/May/2020:17:03:58 +0000",
  "request_type": "GET",
  "scheme": "https",
  "http_referer": "",
  "http_x_forwarded_for": "",
  "true_client_ip": "",
  "remote_addr": "",
  "asn": "2635",
  "tls_version": "TLSv1.3",
  "ssl_client_verify": "NONE",
  "content_type": "text/html; charset=UTF-8",
  "upstream_country_code": "GB",
  "sent_cache_control": "max-age=300, must-revalidate",
  "timestamp_iso8601": "2020-05-19T17:03:58+00:00",
  "sent_vary": "Accept-Encoding",
  "sent_x_cache": "hit",
  "request_id": "81cd24c5c46d4c1aa0205dd8001cdba6",
  "request_time": "0.001",
  "http_host": "",
  "http_accept_language": "en-US,en;q=0.9",
  "http_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36",
  "http_version": "HTTP/2.0",
  "body_bytes_sent": "8981",
  "status": "200",
  "private_file": ""

Description of fields

asnThe Autonomous System Number (ASN) of the remote_addr IP address
body_bytes_sentTotal number of bytes sent to the client
client_site_idAn internal ID unique to this environment
content_typeThe media type of the resource (e.g. text/html; charset=UTF-8)
http_accept_languageThe contents of the Accept-Language request HTTP header
http_hostThe domain (e.g.
http_refererThe Referer request header, if available, contains the purported address of the web page from which a link to the currently requested page was followed.
http_user_agentThe contents of the User-Agent request header
http_versionHTTP protocol version
http_x_forwarded_forAn HTTP header that is a means of logging a client’s originating IP address.
private_fileThis field will be empty for requests that do not include a /wp-content/uploads/ path. A value of 1 indicates a request to a file restricted by Access-controlled files,  and a 0 for all other files.
remote_addrIP address of the client making the request (see also: true_client_ip and http_x_forwarded_for).
remote_user If the request was authenticated with HTTP Basic Authentication, this is the username value (the password is not logged).
request_idUnique request identifier, this value is set in the X-Request-ID HTTP request header which can be read by a WordPress or Node.js application.
request_time The time taken for the request.
request_typeThe HTTP method (e.g., GET, POST).
request_urlThe path of the resource that was fetched, not including elements that are included elsewhere such as the protocol (e.g. http://, see scheme), and the domain (e.g., see http_host).
sent_cache_controlThe contents of the Cache-Control HTTP response header.
schemeEither http or https.
sent_varyThe contents of the Vary HTTP response header; note that VIP does not allow free use of the Vary header (e.g. Accept-Encoding).
sent_x_cacheA header from the VIP platform indicating whether the response was from a cache hit, miss, or pass.
ssl_client_verifyThe result of client certificate verification: "SUCCESS", "FAILED:reason", and "NONE" if a certificate was not present.
statusThe HTTP response status code (e.g. 200, 404, etc.)
timestampUTC date and time of the request
timestamp_iso8601UTC date and time of the request in ISO format
tls_versionTLS version used by the client.
true_client_ipA request header commonly set by reverse proxies, including Cloudflare, to indicate the remote address of the client they are forwarding requests for (see also: http_x_forwarded_for).
upstream_country_codeAll requests are geocoded by country (e.g., “US”, “GB”, etc.) at the edge of the VIP CDN using the incoming IP address.
wploginThe login name (i.e. user_login) of the authenticated WordPress user, if any; requests where there is no authenticated WordPress user this field will contain -.

Last updated: February 13, 2024

Relevant to

  • Node.js
  • WordPress