Find answers, guides, and tutorials to supercharge your content delivery.

KeyCDN Log Format

Updated on January 4, 2022

The log fields are separated by | (pipe). See the example below.

  1. Timestamp incl. msec (e.g. 1383918771.123)
  2. POP (point of presence)
  3. IP address of the client (e.g. or 2001:be:ef::1)
  4. HTTP status code. A full list of all status codes is available on Wikipedia
  5. Bytes sent for this request (e.g. 1392)
  6. User ID (e.g. uid1234)
  7. Zone ID (e.g. zid4321)
  8. Zone Alias (preferred) or Zone domain (e.g.
  9. Cache status (e.g. HIT)
  10. CLF request (e.g. "GET /path/folder/image-15kb.jpg HTTP/1.1")
  11. CLF date (e.g. [13/Aug/2014:22:23:02 +0200])
  12. Referrer (enclosed by double quotes)
  13. Agent (enclosed by double quotes)
  14. Scheme (e.g. https)
  15. TLS Version (e.g. TLSv1.2)
  16. Country Code (e.g. US)
  17. Region Code two-symbol country region (state, province, etc) code (e.g CA)
  18. Organization (e.g. "AS14618, Inc.")
  19. Byte Range bytes=<range requested> (e.g. bytes=512-1024)
Note: The client IP is anonymized by setting the last octet to 0 to be GDPR compliant.


1407961382.123|usla||200|253061|uid1234|zid4321||HIT|"GET /lorem.jpg HTTP/1.1"|[13/Aug/2014:22:23:02 +0200]|""|"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0"|https|TLSv1.2|US|CA|"AS14618, Inc."|-
KeyCDN uses cookies to make its website easier to use. Learn more