This topic describes the terms of Alibaba Cloud CDN. These terms help you better understand and use Alibaba Cloud CDN.

Origin server

An origin server refers to the server where your workloads are running. Content distributed by Alibaba Cloud CDN is provided by the origin server.

An origin server can process and respond to user requests. If the requested content is not cached on edge nodes, the request is redirected to the origin server to retrieve the content. Alibaba Cloud CDN supports the following types of origin servers: Object Storage Service (OSS) buckets, Function Compute, and your own origin servers (IP addresses and domain names).

Edge node

An edge node is where resources from origin servers are cached. Edge nodes are deployed in different regions to accelerate content delivery.

In the documents of Alibaba Cloud CDN, an edge node is also called a CDN node, a cache node, an acceleration node, or an Alibaba Cloud node.

Accelerated domain name

An accelerated domain name refers to a domain name that is accelerated by Alibaba Cloud CDN and accessed by users. For example, if you add to Alibaba Cloud CDN, is an accelerated domain name.

Alibaba Cloud CDN retrieves resources from origin servers and caches them on edge nodes to accelerate content delivery. In the documents of Alibaba Cloud CDN, an accelerated domain name is also called a domain name.

Note A domain name, also known as a network domain, is an identification string that defines one or more Internet resources, such as computers. A domain name is a numerical address and sometimes also represents a physical location.

CNAME record

A CNAME record, also called an alias record, maps a domain name to another domain name, which is then resolved to the IP address of the destination server.

After you add a domain name to Alibaba Cloud CDN, Alibaba Cloud CDN generates a CNAME in the format of *.*kunlun*.com and assigns the CNAME to the domain name.
Note Alibaba Cloud CDN uses its globally distributed edge nodes to accelerate content delivery. The IP addresses of edge nodes that are in different regions or used by different Internet service providers (ISPs) are different. Therefore, an accelerated domain name cannot be resolved to a specific IP address by using an A record. To address this issue, CNAME records are used.

After you add an accelerated domain name, you must add a CNAME record in the system of your DNS service provider to map your accelerated domain name to the unique CNAME. After the CNAME record takes effect, all requests sent to the domain name are redirected to edge nodes. This accelerates content delivery. The CNAME is resolved to the IP address of a specific edge node. The node is selected by the scheduling system based on the region, ISP, and node resource usage.

Static content (static resources)

Static content refers to content that remains unchanged no matter how many times it is requested by users. Static content includes images, videos, web files such as HTML, CSS, and JavaScript files, software installation packages, APK files, and compressed files.

Alibaba Cloud CDN caches static content from origin servers to the globally distributed edge nodes. Users can retrieve static content from the nearest edge nodes. This accelerates content delivery.

Dynamic content (dynamic resources)

Dynamic content refers to content that may change for different requests. Dynamic content includes web files such as ASP, JSP, PHP, PERL, and CGI files, API operations, and interactive requests to databases.

If you want to improve the acceleration performance for dynamic content delivery, we recommend that you use Dynamic Route for CDN (DCDN). For more information, see What is DCDN?.

DNS/domain name resolution

Domain Name System (DNS) is a service used to resolve domain names to the corresponding IP addresses that can be recognized by machines. Domain names are easy-to-identify to humans but machines identify only IP addresses.

Domain name resolution is automatically performed by DNS servers. For example, if you enter into the address bar of your browser, the domain name is automatically resolved to an IP address, for example,

Alibaba Cloud also provides a DNS resolution service called Alibaba Cloud DNS. For more information, see Alibaba Cloud DNS.


Secure Sockets Layer (SSL) is a secure communication protocol that improves the integrity and security of data transmitted over the Internet. SSL encryption is implemented between the TCP/IP protocol stack and application layer protocols. After SSL is standardized, its name is changed to Transport Layer Security (TLS), which is a cryptographic protocol on the transport layer. Therefore, SSL and TLS are collectively known as SSL/TLS.

Back-to-origin routing

If the resources requested by a user are not cached on edge nodes or have expired on edge nodes, the request is redirected to the origin server to retrieve the resources. This process is called back-to-origin routing.

Origin host

An origin host refers to the domain name to which edge nodes redirect requests during back-to-origin routing. If multiple domain names are hosted on the same origin server, you must specify the domain name to which edge nodes redirect requests during back-to-origin routing. For more information, see Configure an origin host.

For example, the domain name to which edge nodes redirect requests is, which is different from the accelerated domain name In this case, you specify as the origin host.

Origin protocol policy

An origin protocol policy specifies the protocol that is used to redirect requests to origin servers. An origin protocol policy can specify whether requests are redirected to origin servers over the protocol used by the clients. For example, if clients send HTTPS requests to edge nodes, you can set the origin protocol policy to HTTPS. If the origin server does not support HTTPS, you can set the origin protocol policy to HTTP. For more information, see Configure the origin protocol policy.


Server Name Indication (SNI) is an extension of SSL/TLS. If multiple domain names are hosted on the same HTTPS server (IP address), you can use SNI to specify the domain name to which requests are redirected.

If the IP address of an origin server is associated with multiple domain names, and the origin protocol policy is set to HTTPS, you can configure SNI to specify the domain name to which requests are redirected. When requests are redirected to the origin server, the origin server returns the certificate of the requested domain name. For more information, see Configure SNI.

Object chunking

If a request redirected from edge nodes to the origin server carries the Range header, the origin server returns the content specified by the Range header to the edge nodes. This process is called object chunking. For example, the Range header can specify that the origin server returns only the first 0 to 100 bytes of data from a specified file.

In large file distribution scenarios such as on-demand video streaming and software package distribution, object chunking accelerates file distribution, increases cache hit ratios, reduces back-to-origin network traffic and loads on origin servers, and reduces the response time of origin servers. For more information, see Object chunking.

Note Range is an HTTP header that specifies the part of content to be retrieved.

302 redirection

302 redirect allows edge nodes to process the HTTP 302 status code returned from the origin server instead of directly returning the HTTP 302 status code to clients. 302 redirection simplifies the request processing pipeline and accelerates content delivery.

Referer-based hotlink protection

Referer-based hotlink protection refers to access control based on the Referer header. For example, you can configure a Referer whitelist to allow only specified requests to access your resources or a blacklist to block specified requests. Referer-based hotlink protection identifies and filters user identities and protects your resources from unauthorized access. After you configure a Referer whitelist or blacklist, Alibaba Cloud CDN allows or blocks requests based on user identities. For more information, see Configure a referer whitelist or blacklist to enable hotlink protection.

Note The Referer header is a component of the header section in HTTP requests and carries information about the source address, including the protocol, domain name, and query string. Referer is used to identify the source of a request.

Bandwidth cap

A bandwidth cap specifies the maximum amount of bandwidth resources that can be consumed to prevent bandwidth usage spikes.

During a statistical period (one minute), if the average bandwidth value of an accelerated domain name reaches the specified bandwidth cap, Alibaba Cloud CDN suspends services and disables the domain name. The domain name is mapped to the invalid domain name offline.***.com. In this case, the domain name becomes inaccessible. For more information, see Set a bandwidth cap.


Time-to-live (TTL) refers to the amount of time that a resource is cached on Alibaba Cloud CDN edge nodes. Expired resources are automatically removed from edge nodes. Requests for expired resources are considered cache misses and redirected to the origin server. The retrieved resources are returned to the clients and cached on edge nodes. For more information, see Add a cache rule.


Cross-origin resource sharing is an access control mechanism based on HTTP headers. CORS allows web servers to define the origin servers by specifying the domain name, protocol, and port from which a browser is allowed to retrieve specified resources. For more information, see Configure CORS.


EdgeScript (ES) allows you to customize Alibaba Cloud CDN and DCDN configurations by running scripts if the standard configurations in the Alibaba Cloud CDN or DCDN console cannot meet your business requirements.


EdgeRoutine (ER) is a JavaScript code runtime environment that runs on Alibaba Cloud edge nodes around the world. It supports the ES6 syntax and standard Web Service Worker APIs. You can deploy your JavaScript code to ER, which then runs the code on the globally distributed edge nodes. This allows Alibaba Cloud CDN to process requests on the edge nodes that are closest to the clients.


HTTP Strict Transport Security (HSTS) is a policy mechanism that allows websites to accept only HTTPS connections. Websites can use HSTS to demand that clients such as browsers must use HTTPS. All HTTP requests and untrusted SSL certificates are rejected. HSTS prevents man-in-the-middle (MITM) attacks during the first visits from clients. For more information, see Configure HSTS.

If HSTS is disabled and the origin server supports only HTTPS, HTTP user requests are redirected to HTTPS through 301 redirection or 302 redirection. When users access the origin server over HTTP, HTTP requests may be hijacked or tampered with. This raises security issues. If HSTS is enabled, clients can access the origin server only over HTTPS. This prevents requests from hijacking and tampering.


Quick UDP Internet Connections (QUIC) is a general-purpose transport layer network protocol built on top of UDP. QUIC provides the same level of security as TLS/SSL and reduces the connection and transmission time. QUIC reduces network congestion and ensures service availability when the packet loss rate and network latency increase.

QUIC can implement different congestion control algorithms at the application layer regardless of the operating system or kernel that is used. Compared with TCP, QUIC supports flexible adjustments based on service requirements. QUIC is a suitable alternative when TCP optimization encounters bottlenecks.

HTTP status code

An HTTP status code is a numeric code that indicates a server response. You can determine and analyze server status based on HTTP status codes. After a client such as a browser sends a request to a server, the server returns a response header that includes an HTTP status code. The HTTP status code indicates the response status.

HTTP status codes are classified into the following types:
  • 1xx: indicates messages.
  • 2xx: indicates successful requests.
  • 3xx: indicates request redirection.
  • 4xx: indicates client errors.
  • 5xx: indicates server errors.