CDN Glossary

Comprehensive definitions of CDN terminology, caching concepts, and industry jargon.

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z

0

0-RTT

Sending application data on the very first packet of a TLS 1.3 or QUIC connection, with zero round-trip handshake delay. Only works for returning visitors who have a cached session ticket.

A

AAAA Record

A DNS record type that maps a hostname to an IPv6 address (128-bit). The IPv6 equivalent of an A record, increasingly important as CDNs serve dual-stack traffic globally.

ABR (Adaptive Bitrate) (ABR)

A streaming technique that dynamically switches between video quality levels based on the viewer's network conditions and device capabilities. Used by HLS and DASH to deliver smooth playback.

Access Time

The total time to retrieve data from storage. For HDDs, this includes seek time (moving the read head) and rotational latency (waiting for the platter to spin). For SSDs and RAM, access time is much lower because there are no moving parts.Access time directly impacts cache miss latency—the time u...

ACME (Automated Certificate Management) (ACME)

A protocol for automating TLS certificate issuance and renewal. Created by Let's Encrypt and standardized as RFC 8555. Enables CDNs to provision certificates for millions of domains automatically.

Age Header

A response header added by caches indicating how long (in seconds) the response has been stored. The remaining freshness is calculated as: max-age - Age. When Age equals or exceeds max-age, the content is stale.

ALPN (Application-Layer Protocol Negotiation) (ALPN)

A TLS extension that allows the client and server to negotiate which application protocol (HTTP/1.1, h2, h3) to use during the TLS handshake without extra round trips.

Anycast

A routing technique where the same IP address is announced from multiple locations worldwide. The network routes each request to the nearest location, giving users the lowest latency path automatically.

API Gateway

A server that acts as the single entry point for API requests, handling authentication, rate limiting, routing, and transformation. CDNs increasingly serve as API gateways at the edge.

A Record

A DNS record type that maps a hostname to an IPv4 address. The most fundamental DNS record, used by CDNs to direct users to the nearest edge server via Anycast or geo-based DNS resolution.

Autonomous System (AS)

A collection of IP networks under a single administrative domain with a unified routing policy. Each AS has a unique ASN (Autonomous System Number). CDNs, ISPs, and large enterprises each operate their own AS.

B

Bandwidth

The maximum data transfer rate of a network link, measured in bits per second (Mbps, Gbps). Not the same as throughput—bandwidth is capacity, throughput is what you actually use.

BBR (Bottleneck Bandwidth and RTT) (BBR)

A congestion control algorithm developed by Google that models the network path to find optimal sending rate. Unlike loss-based algorithms like CUBIC, BBR targets maximum throughput without filling buffers.

BGP (Border Gateway Protocol)

The routing protocol that makes the internet work. BGP allows autonomous systems to exchange routing information and determines how traffic flows between networks. CDNs use BGP for Anycast and traffic engineering.

Brotli

A compression algorithm developed by Google that typically achieves 15-25% better compression than gzip for web content. Uses the "br" content-encoding. Supported by all modern browsers.

Byte Range Request

HTTP request using the Range header to fetch a specific byte slice of a resource. Essential for video seeking (jump to any timestamp), resumable downloads, and parallel chunk downloads. Returns 206 Partial Content.

C

Cache Busting

Technique for forcing browsers and CDNs to fetch a fresh version of a resource by changing its URL. Common methods: appending a version query string (?v=2), using content hashes in filenames (style.a1b2c3.css), or adding build timestamps.

Cache-Control

The primary HTTP header for controlling caching behavior. Tells browsers, CDNs, and proxies whether to cache a response, for how long, and under what conditions to serve or revalidate it.

Cache Fill

The process of populating a cache tier with content from upstream (shield or origin). A "fill" is essentially a cache miss that results in the content being stored. CDNs often track fill rates separately from hit rates to measure origin protection effectiveness.

Cache Hit Ratio (CHR)

The percentage of requests served from cache versus total requests. A CHR of 95% means 95 out of 100 requests never touch your origin. The single most important CDN performance metric.

Cache Key

A unique identifier generated from request attributes that determines whether requests can share a cached response. Typically derived from the URL and Host header, but can include other headers (via Vary), cookies, or query parameters depending on CDN configuration.

Cache Miss Types

Cold miss: First ever request (unavoidable). Capacity miss: Evicted due to full cache. Invalidation miss: Purged or expired. Fragmentation miss: Cached elsewhere, not in this PoP.

Cache Stampede

Also called thundering herd. When a popular cached item expires, hundreds or thousands of simultaneous requests hit the origin at once because every request sees a miss. Can overwhelm the origin server and cascade into a full outage.

CDN (Content Delivery Network) (CDN)

A distributed network of servers that caches and delivers content from locations close to end users. Reduces latency, offloads origin servers, and improves availability by serving content from the nearest edge.

CMAF (Common Media Application Format)

A standard that allows the same media segments to be used with both HLS and DASH manifests. Instead of encoding and storing two separate sets of segments (MPEG-TS for HLS, fMP4 for DASH), you encode once in CMAF-compatible fMP4 and create only different manifests. This halves storage costs and si...

CNAME

A DNS record type that maps one domain name to another (an alias). CDNs use CNAMEs to route traffic through their network—you point your subdomain to the CDN's hostname.

Cold Cache

A cache with no stored content—every request is a miss. Occurs after a CDN deploy, server restart, new PoP launch, or cache purge. Cold caches temporarily increase origin load and user-facing latency until they warm up.

Compression

Reducing the size of HTTP response bodies before transmission. Common algorithms: gzip, Brotli, and zstd. Saves bandwidth, speeds up transfers, and reduces CDN egress costs.

Consistent Hashing

A hashing algorithm that distributes cache keys across nodes so that adding or removing a node only remaps a small fraction of keys. Used in CDN load balancing and distributed caching to minimize cache misses during scaling events.

Content-Encoding

An HTTP response header indicating the compression algorithm applied to the response body. Common values: gzip, br (Brotli), zstd. The client must decompress using the specified algorithm before processing the content.

Content Negotiation

Server-side selection of the best response variant based on client Accept headers. The server picks the optimal encoding (gzip, br), format (WebP, AVIF), or language based on what the client supports.

CORS (CORS)

Cross-Origin Resource Sharing. A browser security mechanism that controls which domains can request resources from your CDN. Without proper CORS headers, browsers block cross-origin requests for fonts, API calls, and JavaScript modules.

CSAI (Client-Side Ad Insertion)

The player fetches ads separately from the main content and stitches them together during playback. The CDN serves the same manifest and segments to all users; ad personalization happens in the player.

CSP (Content Security Policy) (CSP)

An HTTP response header that controls which resources (scripts, styles, images) a browser is allowed to load. The primary defense against XSS and data injection attacks.

CWND (Congestion Window) (CWND)

The TCP sender-side limit on how much unacknowledged data can be in flight. Controls throughput ramp-up via slow start and congestion avoidance. Critical for CDN performance on new connections.

D

DASH (Dynamic Adaptive Streaming over HTTP) (DASH)

An open standard for adaptive streaming. Uses an MPD manifest and fMP4 segments. The main alternative to HLS, widely used for DRM-protected content and on Android.

DDoS (Distributed Denial of Service) (DDoS)

An attack that floods a server with traffic from many sources to make it unavailable. CDNs absorb and filter DDoS traffic at the edge, keeping your origin online.

DNS (Domain Name System) (DNS)

The internet's phone book—translates human-readable domain names (example.com) into IP addresses (93.184.216.34). Every CDN request starts with a DNS lookup.

DNSSEC (DNS Security Extensions) (DNSSEC)

Cryptographic signatures on DNS records that prove the response hasn't been tampered with. Prevents DNS spoofing and cache poisoning attacks. Does not encrypt queries.

DNS TTL

Time To Live for DNS records—how long resolvers and clients should cache a DNS response before querying again. Measured in seconds. Short TTLs enable fast failover; long TTLs reduce DNS query load.

DoH (DNS over HTTPS) (DoH)

A protocol that encrypts DNS queries by sending them over HTTPS (port 443). Prevents ISPs and network operators from seeing or tampering with DNS lookups. Supported by major browsers and CDN resolvers.

DoT (DNS over TLS) (DoT)

A protocol that encrypts DNS queries by wrapping them in TLS on a dedicated port (853). Provides DNS privacy at the OS level, complementing DoH which operates at the application level.

DVR Window

The time range of content available for seeking in a live stream. A 2-hour DVR window means viewers can rewind up to 2 hours from the live edge. The manifest lists segments covering this window, and all those segments must remain cached/available.

E

ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) (ECDHE)

A key exchange algorithm used in TLS that provides forward secrecy using elliptic curve cryptography. Each connection generates unique keys, so compromising the server's private key cannot decrypt past traffic.

ECDSA (Elliptic Curve Digital Signature Algorithm) (ECDSA)

A digital signature algorithm using elliptic curve cryptography for TLS certificate authentication. Produces smaller, faster signatures than RSA while providing equivalent security strength.

ECMP (Equal-Cost Multi-Path) (ECMP)

A routing technique that distributes traffic across multiple paths with equal cost metrics. Used by CDNs and networks to increase bandwidth, redundancy, and load distribution at the routing layer.

Edge Function

Serverless code that runs at CDN edge locations, close to users. Handles request/response transformation, A/B testing, auth, and dynamic content without a round trip to origin. Also called edge workers or edge compute.

Edge Server

A CDN server located at the network edge, close to end users. Handles caching, SSL termination, and content delivery. Also called "edge node" or "edge cache."

Egress

Outbound data transfer from a network or cloud provider. In CDN and cloud contexts, egress traffic is typically metered and billed, often the largest line item on your infrastructure bill.

ESI (ESI)

Edge Side Includes. A markup language for assembling pages from fragments at the CDN edge. Each fragment can have its own TTL: cache the page shell for hours but refresh the user greeting every minute. Reduces origin load for partially dynamic pages.

ETag

An HTTP response header containing a unique identifier for a specific version of a resource. Used for cache validation—clients send the ETag back to check if content has changed without re-downloading it.

F

Failover

Automatically switching to a backup server, origin, or CDN when the primary one fails. Good failover is invisible to users—they never see an error page.

Forward Proxy

A proxy that sits between client and internet, making requests on the client's behalf. The client knows it's using a proxy. Used for filtering, caching, and anonymity. Not the same as a CDN (which is a reverse proxy).

G

Geo DNS

DNS-based traffic steering that returns different IP addresses based on the client's geographic location. Routes users to the nearest CDN PoP or data center without Anycast.

Gzip

The most widely supported HTTP compression algorithm. Uses the deflate algorithm. Compresses text-based content by 60-80%. Supported everywhere, but Brotli is now preferred for better ratios.

H

HAR (HTTP Archive) (HAR)

A JSON file format that records all HTTP requests and responses made by a browser. Captures timing, headers, body sizes, and cache status. The standard way to share network waterfalls for debugging.

HLS (HTTP Live Streaming) (HLS)

Apple's adaptive streaming protocol. Splits video into small segments listed in an M3U8 playlist. The dominant streaming format, supported by every browser and device.

HSTS (HSTS)

HTTP Strict Transport Security. A response header telling browsers to only connect via HTTPS for a specified duration. Prevents protocol downgrade attacks and insecure redirects. Once set, browsers refuse plain HTTP connections to that domain.

HTTP/1.1

The most widely deployed HTTP version. Text-based protocol with persistent connections and chunked transfer encoding. Still used for CDN-to-origin connections, but largely replaced by HTTP/2 for client-facing traffic.

HTTP/2

Major revision of HTTP that adds multiplexing (multiple requests over one connection), header compression (HPACK), and server push. Eliminates head-of-line blocking at the HTTP layer.

HTTP/3

The latest HTTP version, built on QUIC instead of TCP. Eliminates TCP head-of-line blocking, enables faster connection setup (0-RTT), and handles network switching gracefully.

HTTP Redirects

Server responses (301, 302, 307, 308) that tell clients to request a different URL. Each redirect adds a full round trip. Redirect chains (A→B→C) multiply the latency penalty and hurt Core Web Vitals.

I

Image Optimization

Reducing image file size at the CDN edge through format conversion (WebP, AVIF), responsive resizing, quality adjustment, and metadata stripping. Cuts bandwidth and improves Core Web Vitals without changing the source image.

Internet Exchange Point (IXP)

A physical location where multiple networks connect to exchange traffic via peering. IXPs reduce the need for transit and lower latency between peered networks. Major IXPs handle terabits of traffic per second.

IOps (I/O Operations Per Second)

A measure of how many read/write operations a storage device can handle per second. HDDs typically deliver 100-200 IOps; SSDs can deliver 10,000-100,000+ IOps; RAM is effectively unlimited for practical purposes.High IOps matter when serving many small files. Low IOps can become a bottleneck even...

IPv4

Internet Protocol version 4. Uses 32-bit addresses (e.g., 192.0.2.1), giving roughly 4.3 billion unique addresses. Address exhaustion forced widespread use of NAT, complicating CDN architectures and Anycast routing.

IPv6

Internet Protocol version 6. Uses 128-bit addresses (e.g., 2001:db8::1), providing a virtually unlimited address space. No NAT needed. Growing CDN adoption as mobile networks push IPv6-first connectivity.

J

Jitter

Variation in packet arrival times. Low jitter means consistent latency. High jitter means packets arrive at unpredictable intervals. Critical for video streaming and real-time applications.

JWT (JSON Web Token) (JWT)

A compact, URL-safe token format for securely transmitting claims between parties. Widely used for CDN edge authentication because tokens can be validated without calling back to the origin.

K

Keep-Alive

Reusing a TCP connection for multiple HTTP requests instead of opening a new one each time. Default in HTTP/1.1. Saves the overhead of TCP and TLS handshakes on every request.

Keyless SSL

A TLS architecture where the CDN edge handles encryption but never possesses the customer's private key. The key stays on the customer's infrastructure, and the edge proxies only the key operation.

L

L4 Load Balancing

Load balancing at the transport layer (TCP/UDP). Routes connections based on IP and port without inspecting HTTP content. Fast and efficient, but can't make routing decisions based on URLs or headers.

L7 Load Balancing

Load balancing at the application layer (HTTP). Can route based on URL path, headers, cookies, and request content. Smarter but slower than L4. Powers CDN edge routing decisions.

Last Mile

The final network segment between the ISP's infrastructure and the end user's device. Often the slowest and most congested part of the connection. WiFi, cellular, and copper DSL are typical last-mile technologies.

Latency

The time delay between a request and the start of its response. For CDNs, it's mostly determined by physical distance, number of network hops, and TLS handshake time. Lower is better.

LL-DASH (Low-Latency DASH)

DASH equivalent using chunked transfer encoding to deliver segments as they're encoded. Players can start playback before the segment is complete. Often paired with CMAF low-latency mode.

LL-HLS (Low-Latency HLS)

Apple's low-latency extension to HLS. Uses partial segments (sub-second chunks pushed before the full segment is complete) and preload hints to tell players what's coming next. Requires HTTP/2 push or blocking playlist requests.

LRU Cache

Least Recently Used eviction policy. When the cache is full, the item that hasn't been accessed for the longest time gets evicted first. Simple, effective, and the default eviction strategy for most CDN caching layers.

M

Manifest File

A text file that describes the video stream structure: available quality levels (bitrates), segment URLs, timing information, and encryption details. The player fetches the manifest first, then requests segments based on its contents. HLS uses .m3u8 files; DASH uses .mpd files.

max-age

Specifies the maximum time in seconds that a response is considered fresh. Applies to all caches (browser, CDN, proxies). After this time expires, the cache must revalidate or fetch a new copy.

Middle Mile

The network path between CDN PoPs or between CDN edge and origin. Controlled by the CDN via private backbone, peering, and transit agreements. Optimizing the middle mile is a key CDN differentiator.

mTLS (mTLS)

Mutual TLS. Both client and server present X.509 certificates during the TLS handshake, authenticating each other. Used between CDN edge and origin for zero-trust security, and for API client authentication.

Multi-CDN

Using two or more CDN providers simultaneously to improve performance, availability, and negotiating leverage. Traffic is split or failed over between providers based on performance, cost, or geography.

must-revalidate

Once content becomes stale, the cache must revalidate with the origin before serving it. The cache cannot serve stale content even if the origin is unreachable. This ensures users never see outdated content, but can cause errors if the origin is down.

N

Negative Caching

Caching error responses (404, 500, 502, etc.) for a short TTL to prevent repeated requests for broken or missing resources from hammering the origin. Trades freshness for origin protection.

O

OCSP Stapling

Server-side fetching and stapling of certificate revocation status into the TLS handshake. Eliminates the client's need to contact the CA's OCSP responder, saving one RTT and improving privacy.

Origin

The server (or group of servers) that holds the authoritative version of your content. When a CDN cache miss occurs, the edge fetches from origin. Also called the origin server or backend.

Origin Health Check

Periodic requests to a specific endpoint (usually /health or /ping) to verify the origin is responding correctly. Health checks typically verify HTTP status code (2xx), response time threshold, and optionally response body content.

Origin Shield

A mid-tier cache layer that sits between edge servers and the origin. Aggregates cache misses from multiple edges, reducing origin load. Also called "mid-tier cache" or "parent cache."

P

P2P Hybrid Streaming

A delivery architecture where viewers share cached segments with nearby peers via WebRTC, reducing CDN bandwidth. The CDN serves as a fallback and source of truth. Viewers become part of a mesh network, potentially offloading 60-90% of CDN traffic during peak events.

P95/P99 Percentiles

Statistical measures of tail latency. P95 means 95% of requests are faster than this value. P99 catches the slowest 1%. Essential for understanding real user experience beyond misleading averages.

Peering

Direct network interconnection between two autonomous systems, bypassing transit providers. Reduces latency and cost. CDNs peer aggressively at IXPs and private interconnects to shorten the path between edge servers and end users.

Point of Presence (PoP)

A physical location containing CDN edge servers and networking equipment. PoPs are identified by airport codes (e.g., AMS for Amsterdam, FRA for Frankfurt, SIN for Singapore).

Preconnect

A resource hint (<link rel="preconnect">) that tells the browser to establish a connection (DNS + TCP + TLS) to a specified origin before it's needed. Saves 100–300ms when the browser eventually requests resources from that origin.

Prefetch

A resource hint (<link rel="prefetch">) telling the browser to fetch a resource in the background for the next navigation. Low priority—only uses idle bandwidth. Useful for preloading the next page's critical assets.

proxy-revalidate

Like must-revalidate, but only applies to shared caches (CDNs). Browser caches can still serve stale content if the origin is unreachable. Useful when you trust end-users seeing slightly stale content but need CDN freshness guarantees.

Pull Zone / Push Zone

Pull zone: CDN fetches content from your origin server on cache miss. Reactive, on-demand caching. Requires an origin server.Push zone: You upload content directly to CDN storage. Proactive, pre-populated caching. CDN acts as the origin.

PURGE

Removing cached content from CDN edges before its TTL expires. Can target a single URL, a group of URLs by tag/key, or the entire cache. Essential for deploying content updates quickly.

Q

QUIC (QUIC)

A transport protocol built on UDP that replaces TCP for HTTP/3. Provides built-in encryption, eliminates head-of-line blocking, enables connection migration, and reduces handshake latency.

R

Rate Limiting

Restricting the number of requests a client can make within a time window. Protects origins from abuse, prevents scraping, and provides a basic defense against application-layer DDoS attacks.

Request Coalescing

A CDN feature that batches multiple simultaneous requests for the same uncached content into a single origin request. Also called request collapsing. Prevents origin overload when popular content expires or during cache warming.

RTT (Round-Trip Time) (RTT)

The time it takes for a packet to travel from client to server and back. The fundamental unit of network latency. Every TCP handshake costs 1 RTT, every TLS handshake costs 1-2 RTT.

RUM (Real User Monitoring) (RUM)

Collecting performance metrics from actual users' browsers in production. Captures real-world TTFB, page load times, and Core Web Vitals. The ground truth for CDN performance measurement.

S

Segment

A small chunk of encoded video/audio, typically 2-10 seconds duration. Segments are the actual media files that players download and stitch together for playback. Common formats: .ts (MPEG-TS), .m4s (fragmented MP4), .mp4.

s-maxage

Stands for "shared max-age". Overrides max-age specifically for shared caches (CDNs, reverse proxies). Browser caches ignore this directive and use max-age instead. This allows different TTLs for edge caches vs. end-user browsers.

SNI (Server Name Indication) (SNI)

A TLS extension that lets the client specify which hostname it's connecting to during the handshake. Enables multiple HTTPS sites on one IP address—essential for CDNs serving millions of domains.

SSAI (Server-Side Ad Insertion)

Ads are stitched into the stream on the server/origin side. Each viewer may receive a personalized manifest with different ad segment URLs inserted. This defeats ad blockers but creates unique manifests per user.

Stale Content

Cached content whose TTL has expired but is still stored. Can be served during origin failures (stale-if-error) or while revalidating (stale-while-revalidate). A resilience tool, not a bug.

stale-if-error

Allows caches to serve stale content when the origin returns an error (5xx) or is unreachable. This provides resilience—users see cached content rather than error pages when your origin has problems.

stale-while-revalidate

Allows caches to serve stale content immediately while fetching a fresh copy in the background. The user gets fast response times (cached content), and the next user gets fresh content. Specified as additional seconds beyond max-age during which stale serving is allowed.

Strong ETag

A strong ETag guarantees that two resources with the same ETag are byte-for-byte identical. Any change—even a single byte—requires a new ETag. Format: "abc123"

Surrogate Key / Cache Tag

A label attached to cached responses that allows purging all content with that label, regardless of URL. Set via response header (e.g., Surrogate-Key or Cache-Tag). When you purge the tag, all responses carrying that tag are invalidated.

SYN Flood

A DDoS attack that exhausts server resources by sending massive volumes of TCP SYN packets without completing the three-way handshake. Each half-open connection consumes memory until the server can't accept new legitimate connections.

T

TCP (TCP)

Transmission Control Protocol. The reliable, ordered, connection-oriented transport protocol underneath HTTP/1.1 and HTTP/2. TCP's three-way handshake adds latency, which is why HTTP/3 moved to QUIC over UDP.

TCP Fast Open (TFO)

A TCP extension that allows data to be sent in the initial SYN packet for repeat connections, eliminating one round trip from connection setup. Saves 50-300ms per connection on CDN edge requests.

Throughput

The actual amount of data transferred per unit of time. Unlike bandwidth (maximum capacity), throughput is what you really get after accounting for protocol overhead, congestion, and packet loss.

TLS (Transport Layer Security) (TLS)

The encryption protocol that secures HTTPS connections. TLS encrypts data in transit between client and server, authenticates the server's identity via certificates, and ensures data integrity.

Token Authentication

Protecting CDN-delivered content with signed URLs or tokens that expire after a set time. Prevents hotlinking and unauthorized access without requiring the CDN to call your auth server on every request.

Token Bucket

A rate limiting algorithm where tokens are added to a bucket at a fixed rate. Each request consumes a token. Allows controlled bursts up to the bucket capacity while enforcing a sustained rate limit.

TTFB (Time To First Byte) (TTFB)

The time from the start of a request to receiving the first byte of the response. Includes DNS, TCP, TLS, and server processing time. A key performance metric—Google recommends under 800ms.

TTL (Time To Live) (TTL)

How long a cached response is considered fresh before it must be revalidated or re-fetched. Set via Cache-Control max-age or s-maxage. The core concept behind cache freshness.

U

UDP (UDP)

User Datagram Protocol. A connectionless, lightweight transport protocol with no handshake, ordering, or delivery guarantees. UDP is the foundation for QUIC (HTTP/3), DNS lookups, and real-time streaming.

V

Vary Header

A response header that tells caches which request headers should be included in the cache key. When the origin responds with Vary: Accept-Encoding, the cache stores separate copies for each Accept-Encoding value (gzip, br, identity). Without Vary, caches might serve gzip content to clients that c...

W

WAF (WAF)

Web Application Firewall. Inspects HTTP requests at the CDN edge and blocks malicious traffic: SQL injection, XSS, path traversal, bot abuse, and other OWASP Top 10 attacks. Filters traffic before it reaches your origin.

Warm Cache

A cache populated with frequently-requested content, delivering a high hit ratio. Most requests are served directly from cache without touching the origin. The goal state for any CDN deployment.

WASM at Edge

Running WebAssembly modules on CDN edge servers for near-instant compute without cold starts. Used by Fastly Compute and Cloudflare Workers to execute custom logic at hundreds of PoPs worldwide.

Weak ETag

A weak ETag indicates semantic equivalence—the content is functionally the same even if bytes differ. Useful for content with timestamps, personalized ads, or minor variations. Format: W/"abc123" (note the W/ prefix)

WebP

An image format by Google that provides 25-35% smaller files than JPEG at similar quality, with support for transparency (like PNG) and animation (like GIF). Supported by all modern browsers.

WebSocket

A protocol providing full-duplex communication over a single TCP connection. Starts as an HTTP upgrade request, then switches to a persistent bidirectional channel. Used for real-time apps, chat, and live data.

X

X-Cache

A response header indicating whether the CDN served the content from cache (HIT) or fetched it from origin (MISS). Not standardized, but nearly every CDN uses some variant of it.

X-Forwarded-For (XFF)

An HTTP header containing the original client IP address and any intermediate proxy IPs. Format: X-Forwarded-For: client, proxy1, proxy2. Each proxy appends its predecessor's IP to the list.

Z

Zero Trust

A security model where no request is trusted by default, regardless of network location. Every request must be authenticated and authorized. CDNs implement this at the edge with mTLS, JWT validation, and identity-aware proxying.

Zone Apex

The root of a DNS zone, also called the "naked domain" or "apex domain." For example.com, the zone apex is example.com itself (without any subdomain prefix). RFC 1034 prohibits CNAME records at the zone apex.