Distil HTTP Headers

Distil adds custom HTTP headers to provide additional meta information on HTTP requests and responses. These headers are useful for verifying connectivity with the Distil network, troubleshooting, and log integration.

Request Headers

Request headers are not visible in a web browser. They exist only between a Distil edge node and your origin server.


Distil adds this header to every request. Distil attaches a randomized token to the header that's unique for every domain. X-Distil allows the customer to verify from the randomized token that the request came from Distil.


This header shows the exact reason why a request was allowed (or whitelisted). Refer to the Web Security Whitelist Values article for the full list of whitelist values.


This header shows the threat value of the request. The X-Distil-Bot header carries the threat value from the Distil edge node to the origin server. Distil assigns threat values to requests to determine how to handle each request.

For more information on threat values, please see Web X-Distil-Bot Values.


This header shows a unique string that can be used to locate the full log line in Distil logs.


This header is always proxied to your origin and has the same value as the X-Forwarded-For header (below).

X-Forwarded-For (Distil usage)

This header contains the original client's IP address. The Distil server changes the value of the remote_addr header to one of Distil’s edge node IP addresses. The Distil server creates the X-Forwarded-For header and places the true client's IP address in the header.

For more information on the X-Forwarded-For header, please see Logging Integration.

Response Headers


Shows the cache status of the response. Common cache status values are:

  • HIT – An object served from cache.
  • MISS – An object configured to cache but did not cache at the time of the request.
  • BYPASS – An object configured not to use cache.
Was this article helpful?
2 out of 2 found this helpful
Have more questions? Submit a request