Technical Questions

This Q&A section is focusing on technical questions on a deeper level and is the continuation of the FAQ on our main page. Please check billing and basic questions here:

What cache statuses are there?

Different cache statuses can occur for push and pull zones. Here’s an overview of possible cache statuses:

Your content has been delivered from the cache.
A MISS indicates that the content was not yet in the cache but will be after the first request. The second request to that file will be a cache HIT.
The cached content has expired and the new content from the origin server has been fetched.
It has been verified, that the currently cached content is still valid.
Content has been served from the cache. There is a cache lock active and new content is being copied from the origin server.
The most recently cached content is returned to the client. This can occur when the origin is not reachable, the connection times out, or the origin server is using stale-while-revalidate. STALE is also returned if an asset has expired and is being updated in the background.

In some error cases there is no cache status returned. Raw logs will show a “-” instead of one of above values.

Which HTTP request methods do you support?

The request methods allowed vary slightly between push and pull zones. For pull zones, we support all common HTTP request methods:

  • HEAD and GET requests get cached and will be served from the KeyCDN cache
  • PUT, POST, DELETE, OPTIONS requests will not be cached (X-Cache: MISS)

For push zones, we support only HEAD and GET requests. If using a method other than HEAD or GET on a push zone you will receive a 405 Method Not Allow status.

Does a pull zone cache any response status?

No, only 200, 301, and 302 responses are cached on the edge server from the origin server.

Do I need to define specific edge server locations for my KeyCDN zone?

No, this is not required. All KeyCDN zones are automatically configured to work with our complete network of edge server locations. This does not need to be defined manually. Upon user request, assets will be pulled from your origin server and cached at the client’s nearest CDN edge server.

What does a request Header from a KeyCDN edge server look like?

GET /foobar.jpg HTTP/1.1
Host: your_origin_host
X-Forwarded-Host: <zonename>-<id>
X-Forwarded-Scheme: http
X-Pull: KeyCDN
Connection: close
Accept: */*
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36
Accept-Language: en-US,en;q=0.8,de;q=0.6,ja;q=0.4
Cookie: foobar
Contains the originally requested host, either the zone or zonealias (e.g.
Forwards the client IP address from our edge server.
Identifier of the originating scheme of an HTTP request. Either HTTP or HTTPS.
Contains the value you defined in the dashboard for your zone.

Is s-maxage in cache-control header supported?

Yes, content will be cached according to s-maxage in “Cache-Control”. The s-maxage header is intended for KeyCDN’s edge servers, while max-age is intended for regular clients. More details in Expire Header and Cache-Control.

Why does the Analytics page show no used storage for a Pull Zone?

Pull Zones on each edge server have a different amount of data cached. This is very dependent on the traffic pattern and expiry values. There is no storage cost for Pull Zones.

Is stale content served from a pull zone if the origin server is not available?

Yes, stale content will be served if the origin server is not reachable or if the connection times out. If the origin server is reachable and returns a HTTP 403, 404, 500, 502, 503, 504, the pull zone will not serve stale content but return the same response as it gets from the origin server.

Is the URL case sensitive?

It’s important to distinguish that the domain is not case sensitive but the path is case sensitive.

  • The domain can be upper case or lower case. We recommend working with lower case. E.g. or or will all work
  • The path needs to be correct, e.g /yourfile.txt is not the same as /YourFile.txt

Having the path case-insensitive is not available due to performance issues. The case insensitivity of the DNS is specified in RFC 4343.

Can I purge content from the CDN?

Content of a pull zone can be purged instantly from all POPs globally. It can be done via the dashboard or the API. Assets of a push zone cannot be purged. A newly uploaded file will be globally distributed in about 15 min, the same goes for deleted files. If more control is needed over a push zone, we recommend to do file name versioning (e.g. myfile-v13.txt). A new version of the file can be uploaded with a new version number and will be instantly available.

Is byte-range not working in combination with S3?

AWS S3 does not send the HTTP header Accept-Ranges: bytes if you are using the default endpoint URL. KeyCDN sends only 200 instead of 206 and ignores range requests if this field is missing. Use the following format as the origin URL instead which serves the required Accept-Ranges header field: <bucketname>

How are Byte Range Requests cached?

If the asset is present in the cache, then the KeyCDN edge servers honor a byte-range request and deliver only the specified bytes of that file to the client. If the asset is not cached, or if it is in stale state, the KeyCDN edge servers download the entire asset from the origin server. If the request is for a single byte range, the edge servers send that byte-range to the client as soon as it is encountered in the download stream. If the request specifies multiple byte ranges within the same file, the edge servers deliver the entire asset to the client when the download completes.

After the download completes and is stored in the cache on the KeyCDN edge servers, all future byte-range requests, whether for a single range or multiple ranges, are delivered immediately from the cache.

Why do my files not get cached? Why is my miss ratio high?

Please check if you’re sending the HTTP header Content-length from your origin server. The Content-length header must be both present and contain a value greater than 0 in order to produce a cache HIT. Otherwise, it will be a cache MISS.

Can I use .htaccess in my zone?

No, .htaccess files will not be processed.

Will an EV certificate work with KeyCDN’s SSL/TLS?

Yes, any kind of EV certificate on the origin server will work with HTTPS solutions from KeyCDN (Shared SSL, Custom SSL or Let’s Encrypt), the green bar in the browser will remain. It’s also possible to use an EV certificate for Custom SSL in the KeyCDN dashboard.

Can I change the reporting time zone?

The reporting time zone in the whole KeyCDN dashboard is UTC, it cannot be changed. Also the time stamp provided in the KeyCDN raw logs is UTC.

Why is the HTTP header “Vary: Accept-Encoding” not present?

KeyCDN adds the HTTP header “Vary: Accept-Encoding” to every request needed. Use our HTTP Header Check to verify the headers. There are certain cases where “Vary: Accept-Encoding” is not required, namely for SPDY and HTTP/2 request. In this cases, “Vary: Accept-Encoding” is not present. Check our detailed Vary Header Guide about this topic.

Can I override the default cache expiry time?

Yes. You can do that by checking “Show Advanced Features” in the CDN Control Panel, which is visible when you are managing your zone. Alternatively, you can set an expiry header on your origin server.

You are setting the Expires header fields on your origin but the expiry date is not updating for the cached files?

You have set “Ignore Cache-Control” to disabled and “Expires” to 0 to fully honor the expiry headers from your origin server. The Expires header field will be initially cached together with the asset. Further, if that asset is not changing the Expires field won’t either. This means that the date of the Expires header field might be in the past for assets that are rarely changing. The browser needs to revalidate an asset on every request if the Expires date is in the past. The Expires field will be updated as received from the origin server if the asset has been modified (e.g. ETag or Last-Modified has changed), otherwise it will not be updated from the origin server and keep the initial date. This might be undesirable. We recommend that you use the Cache-Control (max-age) header field instead of the Expires header field to overcome this limitation. In case both fields are used, Cache-control has a higher precedence over Expires.

Search engines are crawling the CDN URL and I now have duplicate content, how can I solve that?

You can use robots.txt or canonical headers to solve that. Check our guide here how you can tackle that:

Is there a specific UserAgent when KeyCDN is fetching content from the origin server?

There’s no specific UserAgent in place. If you want distinguish KeyCDN traffic from other traffic on your origin server, take advantage of the X-Pull request header field. More details here:

Can I get the IPs of the KeyCDN edge servers?

We don’t disclose the IPs of the edge servers because the IPs frequently change. If you want to distinguish KeyCDN traffic from other traffic on your origin server, please take advantage of the feature X-Pull.

I can’t connect to my push zone and upload content, why?

Make sure you follow the instructions on our knowledge base:
If you still have issues, please send us your IP address and we’ll check if you’ve been blocked.

Can I still use the kxcdn domain if Let’s Encrypt or Custom SSL is enabled?

No. Once you enable and configure the Let’s Encrypt or Custom SSL option, you will no longer be able to use the HTTPS version of the kxcdn domain. This will in most cases result in a common name invalid error or a 404 error.

How are simultaneous requests to the same asset handled?

KeyCDN never blocks a request. We either queue the response for a certain number of seconds (before fetching it again) or we fetch the content in parallel to the other request again from the origin server.

Is HLS supported when Origin Shield is enabled?

If you’re using HLS to stream pre-recorded media then you can use it in conjunction with the KeyCDN Origin Shield feature. However, if you’re streaming a live event over HLS, Origin Shield should be disabled as it will cause the .m3u8 files to be cached, which is unwanted.

How can I determine how much bandwidth my website currently uses?

You can check your origin server’s current bandwidth usage numbers. This will give you an approximation of how much bandwidth you will be using via the CDN. For more information and to see where to find your bandwidth numbers, read through our guide How to Identify Your Bandwidth Usage.

Can I use the KeyCDN Let’s Encrypt SSL option if I’m already using Let’s Encrypt on my origin server?

Yes, you can still use the KeyCDN Let’s Encrypt option even if you’re already using Let’s Encrypt on your origin server. The Let’s Encrypt certificate on your origin server will be for your main domain (e.g. while the KeyCDN LE certificate will be associated with your custom CDN URL (e.g.


  1. Paul Fenwick

    Hi, I have just opened a trial account with you and happy so far.
    Is it OK to keep a CloudFlare account going or will it cause conflict with your CDN

  2. Smel

    I am using Rockettheme’s Rokbooster plugin in my Joomla site for caching. Files are being cached under cache/rokbooster as .php
    How can I have them serviced from keycdn?

  3. jeremy penner

    I’m thinking of switching to KeyCDN from Cloudflare, mainly because of problems setting up Full SSL where I have my own SSL certificate on my site. Is this something that I can do with KeyCDN for free, and how would I go about doing it? I already have a certificate from

  4. James Maiden

    Hi there,
    Just started a trial account – am looking to switch from using Cloudfront for a lot of WordPress websites.
    I’ve successfully set up one zone with http, but am having problems with a second zone using https. For that zone, I’ve disabled your http2 setting because my server doesn’t support it yet, but I still have this error: net::ERR_SPDY_PROTOCOL_ERROR. I’m also getting a 404 error.
    Is this a further limitation with my server or is there a way round this from your end?
    Sorry to approach like this, but the trial account won’t let me submit a ticket and obviously I need to prove I can your CDN before I sign-up.

    1. Cody

      You can still enable HTTP/2 even though your origin server doesn’t support it yet. With it enabled, visitors will be delivered assets via HTTP/2 from the edge servers (once the asset is cached) therefore it doesn’t matter if your origin server supports it.

      Did you also remember to enable one of the SSL options in the advanced settings section?

  5. Martin

    Hi KeyCDN,

    I am nearing the end of my trial period after looking to switch CDNs to KeyCDN.

    I have been trying to solve an issue since i signed up but can’t seem to fix it no matter what i do.

    My assets get cached ok with 200 response.and show HIT. But assets don’t seem to remain in the cache for very long, perhaps a day or so, before returning a MISS when i access them again.

    I have expire and max expire both set to 43200 minutes, so i want them to be cached for 1 month before expiring and having to be re-fetched. But this just isn’t happening.

    I have origin shield enabled, CORS enabled, and ignore cache control is set to enabled.

    My origin is sending Etags and Last Modified header, and i’m using the CDN enabler plugin with Cache enabler plugin.

    I am using ***** with shared SSL, although i have a SSL certificate already installed on my origin server.

    I really don’t know what to do right now as i’m expecting assets to remain in cache for 1 month but they last a day or so in cache causing low cache hit ratio and slower performance.

    I can’t submit a support request as my account is in trial, and didn’t want to commit to KeyCDN until i could get this issue resolved.

    Do you have any ideas on what could be causing this? Any help would be greatly appreciated as i’ve been really struggling with this!

  6. Martin

    Hi Cody,

    I did look at that page before in my troubleshooting and tried the things suggested.

    You said there are various servers located at each particular PoP, do you mean that if i see, for example, “usda” listed as the pop in the real time log, that there are various servers for usda?

  7. thomas

    small websites


    i understand that every single page must be at least 2 to 3 times requested before the assets are cached and delivered by keycdn (pull zone, without shield). hence loading times are anbearable slow for these couple of first users, especially if each of the several pop servers will be addressed in a region additionally.

    say we have just a fistful of users in australia, they all will have load times of 10 seconds (instead of 2.5 without keycdn), while nearly every of the many users in nyc will benefit from locally delivered assets. we don’t want to harm interested minorities.

    as we have a tiny amount of visitors, we would benefit of a global preloading and would gladly pay for the credits such a mechanism would use.


    according to your infos, assets are placed in a push zone immediately (eg. sftp method). in such a case, would the single 1 first request fill the cache in one step? or is the number of required first requests to cache the assets the same as with pull zones?


    are we missing something or anything?

    is keycdn usable for small optimized websites and their visitors?

    is there a clickable map somewhere to choose just a few edge servers, which would reduce the number of first unlucky users, leaving us after 7 seconds waiting?

    or is it a better practice, again for very small websites, to use a good server, and that’s it?

    please advice, thank you . . . thomas

    1. Cody Arsenault

      1. Preloading is not currently an option. It is recommended for the cache to build naturally as otherwise this could cause a significant spike in CPU usage. You can however preload assets from the browser with the preload directive:

      2. Files in push zones are uploaded to our storage cluster however must still be pulled into the edge servers to be cached. Therefore it is the same as a pull zone.

      3. Users who are far away from your origin server will experience constantly long load times if you were to just use the origin server without a CDN. Yes, the first 2-3 requests take longer to load as the assets must be fetched from the origin however once fetched it is much faster. You should also ensure that your origin server is optimized as a CDN is just one piece of the performance puzzle:

Leave A Comment?