Find answers, guides, and tutorials to supercharge your content delivery.

Technical Questions

Updated on March 4, 2022

This section is focusing on technical questions on a deeper level and is the continuation of our FAQ.

What cache statuses are there?

Different cache statuses can occur for Push and Pull Zones. Here's an overview of possible cache statuses:

  • HIT - Your content has been delivered from the cache.
  • MISS - Your content was not yet in the cache but will be after the first request. The second request to that file will be a cache HIT.
  • EXPIRED - The cached content has expired and the new content from the origin server has been fetched.
  • REVALIDATED - It has been verified, that the currently cached content is still valid.
  • UPDATING - Content has been served from the cache. There is a cache lock active and new content is being copied from the origin server.
  • STALE - The most recently cached content is returned to the client. This can occur when the origin is not reachable, the connection times out, or the origin server is using stale-while-revalidate. STALE is also returned if an asset has expired and is being updated in the background.

In some error cases there is no cache status returned. Raw logs will show a - instead of one of above values.

Which HTTP request methods do you support?

The request methods allowed vary slightly between Push and Pull Zones. For Pull Zones, we support all common HTTP request methods:

  • HEAD and GET requests get cached and will be served from the KeyCDN cache.
  • PUT, POST, DELETE requests will not be cached (X-Cache: MISS).

For Push Zones, we only support HEAD and GET requests. If using a method other than HEAD or GET on a Push Zone you will receive a 405 Method Not Allowed status.

Does a Pull Zone cache any response status?

No, only 200, 301, and 302 responses are cached on the edge server from the origin server.

Do I need to define specific edge server locations for my KeyCDN Zone?

No, this is not required. All KeyCDN Zones are automatically configured to work with our complete network of edge server locations. This does not need to be defined manually. Upon user request, assets will be pulled from your origin server and cached at the client's nearest CDN edge server.

What does a request header from a KeyCDN edge server look like?

GET /foobar.jpg HTTP/1.1
Host: your_origin_host
X-Forwarded-Host: <zonename>-<hexid>
X-Forwarded-Scheme: http
X-Pull: KeyCDN
Connection: close
Accept: */*
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36
Accept-Language: en-US,en;q=0.8,de;q=0.6,ja;q=0.4
Cookie: foobar
  • X-Forwarded-Host contains the originally requested host, either the Zone URL (e.g. or Zone Alias (e.g.
  • X-Forwarded-For forwards the client IP address from our edge server.
  • X-Forwarded-Scheme identifier of the originating scheme of an HTTP request. Either http or https.
  • X-Pull contains the value defined in the Zone settings.

Is s-maxage in Cache-Control header supported?

Yes, content will be cached according to s-maxage in the Cache-Control header. The s-maxage header is intended for KeyCDN's edge servers, while max-age is intended for regular clients. Learn more about the Expire and Cache-Control headers.

Why does the analytics page show no used storage for a Pull Zone?

Pull Zones on each edge server have a different amount of data cached. This is very dependent on the traffic pattern and expiry values. There is no storage cost for Pull Zones.

Is stale content served from a Pull Zone if the origin server is not available?

Yes, stale content will be served if the origin server is not reachable or if the connection times out. If the origin server is reachable and returns an HTTP 403, 404, 500, 502, 503, or 504 status the Pull Zone will not serve stale content but return the same response as it gets from the origin server.

Is the URL case sensitive?

It's important to distinguish that the domain is not case sensitive but the path is case sensitive.

  • The domain can be upper case or lower case. We recommend working with lower case. For example,, and will all work.
  • The path needs to be correct. For example /yourfile.txt is not the same as /YourFile.txt.

Having the path case-insensitive is not available due to performance issues. The case insensitivity of the DNS is specified in RFC 4343.

Can I purge content from the CDN?

Content of a Pull Zone can be purged instantly from all POPs globally. It can be done through the dashboard or the API. Assets of a Push Zone can only be purged by URL.

Is byte-range not working in combination with S3?

AWS S3 does not send the HTTP header Accept-Ranges: bytes if you are using the default endpoint URL. KeyCDN sends only 200 instead of 206 and ignores range requests if this field is missing. Use the following format as the Origin URL instead which serves the required Accept-Ranges header field: <bucketname>

How are byte-range requests cached?

If the asset is present in the cache, then the KeyCDN edge servers honor a byte-range request and deliver only the specified bytes of that file to the client. If the asset is not cached, or if it is in stale state, the KeyCDN edge servers download the entire asset from the origin server. If the request is for a single byte range, the edge servers send that byte-range to the client as soon as it is encountered in the download stream. If the request specifies multiple byte ranges within the same file, the edge servers deliver the entire asset to the client when the download completes.

After the download completes and is stored in the cache on the KeyCDN edge servers, all future byte-range requests, whether for a single range or multiple ranges, are delivered immediately from the cache.

Why do my files not get cached? Why is my miss ratio high?

Please check if you're sending the HTTP header Content-Length from your origin server. The Content-Length header must be both present and contain a value greater than 0 in order to produce a cache HIT. Otherwise, it will be a cache MISS.

Can I use .htaccess in my Zone?

No, .htaccess files will not be processed.

Will an EV certificate work with KeyCDN's SSL/TLS?

Yes, any kind of EV certificate on the origin server will work with HTTPS solutions from KeyCDN (Shared SSL, Custom SSL, or Let's Encrypt), the green bar in the browser will remain. It's also possible to use an EV certificate for Custom SSL in the KeyCDN dashboard.

Can I change the reporting time Zone?

The reporting time Zone in the whole KeyCDN dashboard is UTC, it cannot be changed. Also the time stamp provided in the KeyCDN raw logs is UTC.

Can I override the default cache expiry time?

Yes, this can be set in the Zone settings within the KeyCDN dashboard. Alternatively, you can set an expiry header on your origin server.

The Expires header has been set on your origin but the expiry date is not updating for the cached files?

You have set Ignore Cache Control to disabled and Expires to 0 to fully honor the expiry headers from your origin server. The Expires header value will be initially cached together with the asset. Further, if that asset is not changing the Expires value won't either. This means that the date of the Expires header might be in the past for assets that are rarely changing. The browser needs to revalidate an asset on every request if the Expires date is in the past. The Expires value will be updated as received from the origin server if the asset has been modified (e.g. ETag or Last-Modified has changed), otherwise it will not be updated from the origin server and keep the initial date. This might be undesirable. We recommend that you use the Cache-Control header instead of the Expires header field to overcome this limitation. In case both response headers are used, Cache-Control has a higher precedence over Expires.

Search engines are crawling the CDN URL and I now have duplicate content, how can I solve that?

You can use a robots.txt or canonical headers to solve that. Check our Best SEO for Your CDN guide on how you can resolve this.

Is there a specific User-Agent when KeyCDN is fetching content from the origin server?

There is no specific User-Agent in place. If you want distinguish KeyCDN traffic from other traffic on your origin server, take advantage of the X-Pull request header.

Can I get the IPs of the KeyCDN edge servers?

We don't disclose the IPs of the edge servers because the IPs frequently change. If you want to distinguish KeyCDN traffic from other traffic on your origin server, please take advantage of the feature X-Pull.

I can't connect to my Push Zone and upload content, why?

Make sure you follow the instructions on how to upload data to a Push Zone. If you still have issues, please send us your IP address and we'll check if you've been blocked.

Can I still use the domain if Let's Encrypt or Custom SSL is enabled?

No, once you enable and configure the Let's Encrypt or Custom SSL setting, you will no longer be able to use the HTTPS version of the domain (e.g. This will in most cases result in a common name invalid error or a 404 error.

How are simultaneous requests to the same asset handled?

KeyCDN never blocks a request. We either queue the response for a certain number of seconds (before fetching it again) or we fetch the content in parallel to the other request again from the origin server.

Is HLS supported when Origin Shield is enabled?

If you're using HLS to stream on demand media then you can use it in conjunction with the KeyCDN Origin Shield feature. However, if you're streaming a live event over HLS, Origin Shield should be disabled as it will cause the .m3u8 files to be cached, which is unwanted.

How can I determine how much bandwidth my website currently uses?

You can check your origin server's current bandwidth usage numbers. This will give you an approximation of how much bandwidth you will be using via the CDN. For more information and to see where to find your bandwidth numbers, read through our How to Identify Your Bandwidth Usage guide.

Can I use the KeyCDN Let's Encrypt SSL option if I'm already using Let's Encrypt on my origin server?

Yes, you can still use the KeyCDN Let's Encrypt option even if you're already using Let's Encrypt on your origin server. The Let's Encrypt certificate on your origin server will be for your main domain (e.g. while the KeyCDN Let's Encrypt certificate will be associated with your Zone Alias (e.g.

KeyCDN uses cookies to make its website easier to use. Learn more