Origin Shield - Extra CDN Caching Layer

By Sven Baumgartner
Updated on May 12, 2017
Origin Shield - Extra CDN Caching Layer

KeyCDN is excited to provide the Origin Shield feature for free to all customers. This extra caching layer reduces the load on your origin server and accelerates the distribution of your content from the origin server to our edge servers. The shield servers are highly redundant and automatically select the optimal location using our geolocation technology.

How does Origin Shield work?

When a client requests content from your website and that content has never been cached by any of KeyCDN's edge servers, this is what happens with that request when Origin Shield is enabled: Requests don't come from our growing number of edge servers but are filtered through selected shield servers.

With Origin Shield enabled, when the first request for content arrives at our edge server and that edge server does not have the content cached, it passes the request along to our shield server, which also doesn't have the content cached. The shield server passes the request along to your origin server. The shield server caches the content that it has retrieved from your origin server and passes it along to our edge server. Finally, our edge server passes the content along to the client.

The following requests for the same content that arrives at the same edge server serves the content out of its cache, so no request goes to the shield servers or to your origin server.

If another request arrives at a different edge server instead of the previous one, however, the request would be passed along to the shield server. That shield server already has a cached copy from the first request originated from the first edge server. No future requests for the content would be passed along to your origin server until the shield servers cached content expires or you purge the cache for your Zone. The edge and shield servers honor the settings you have defined for your Pull Zone (incl. MaxExpire, strip cookies, etc).

The shield servers make use of collapsed forwarding to merges multiple requests for the same URL into a single request to your origin server. Keep-alives avoid excessive TCP handshakes to your origin server.

Where are the shield servers located?

The shield servers are highly redundant and scalable clusters that are positioned in the following locations:

  • United States, East Coast
  • United States, West Coast
  • Netherlands, Amsterdam

Our geolocation technology (based on IP anycast, geo IP detection with EDNS client subnet support and latency based probing) automatically selects the optimal location for every request.

How to enable Origin Shield?

Simply activate the feature by enabling Origin Shield for your Pull Zones in the KeyCDN dashboard. Origin Shield is a great feature to reduce the traffic on your origin server to an absolute minimum and protect your infrastructure from abuse or traffic spikes. Recovery of the edge caches after clearing the Zone cache will be smoother as well.

  • Share

Supercharge your content delivery 🚀

Try KeyCDN with a free 14 day trial, no credit card required.

Get started


Comment policy: Comments are welcomed and encouraged. However, all comments are manually moderated and those deemed to be spam or solely promotional in nature will be deleted.
  • **bold**
  • `code`
  • ```block```
KeyCDN uses cookies to make its website easier to use. Learn more