All Products
Document Center


Last Updated:Apr 29, 2024

This topic describes the terms that are related to Alibaba Cloud CDN. Make sure that you are familiar with the terms to better understand and use Alibaba Cloud CDN.

origin server

An origin server refers to the server on which your workloads are run. Alibaba Cloud CDN distributes the content hosted on the origin server.

An origin server can process and respond to user requests. If the requested content is not cached on points of presence (POPs), the request is redirected to the origin server to retrieve the content. Alibaba Cloud CDN supports the following types of origin servers: Object Storage Service (OSS) buckets, Function Compute, and your own origin servers (IP addresses and domain names).


A POP is where resources from the origin server are cached. POPs are deployed in different geographical regions to accelerate content delivery.

accelerated domain name

An accelerated domain name refers to a domain name that is accelerated by Alibaba Cloud CDN and accessed by users. For example, if you add to Alibaba Cloud CDN, is considered as an accelerated domain name.

Alibaba Cloud CDN retrieves resources from origin servers and caches the resources on POPs to accelerate content delivery. In the Alibaba Cloud CDN documentation, an accelerated domain name is also called a domain name.


A domain name, also known as a network domain, is an identification string that defines one or more Internet resources, such as computers. A domain name is a numerical address and sometimes also represents a physical location.

CNAME record

A CNAME record, also called an alias record, maps a domain name to another domain name, which is then resolved to the IP address of the destination server.

After you add a domain name to Alibaba Cloud CDN, Alibaba Cloud CDN generates a CNAME record in the format of *.*kunlun*.com and then assigns the CNAME record to the domain name.


Alibaba Cloud CDN uses globally distributed POPs to accelerate content delivery. The IP addresses of POPs that are accessed by users in different regions or using different Internet service providers (ISPs) are different. In this case, an accelerated domain name cannot be resolved to a specific IP address by using an A record. To resolve this issue, CNAME records are used.

After you add an accelerated domain name, you need to add the CNAME record that is provided by Alibaba Cloud CDN to the DNS records of the domain name at your DNS provider. After the CNAME record takes effect, all requests destined for the domain name are redirected to POPs. This accelerates content delivery. The Alibaba Cloud CDN routing system nominates the optimal POP based on the region, ISP, and load. Then, the CNAME record is resolved to the IP address of the optimal POP.

static content (static resources)

Static content refers to content that remains unchanged regardless of the number of times the content is requested by users. Static content includes images, videos, web files (such as HTML, CSS, and JavaScript files), software installation packages, APK files, and compressed files.

Alibaba Cloud CDN caches static content from origin servers to POPs that are distributed around the globe. When your customers request content, the content is served from the POP that is closest to the customers. This helps reduce delays and improve user experience.

dynamic content (dynamic resources)

Dynamic content refers to content that may change each time the content is requested. Dynamic content includes web files such as ASP, JSP, PHP, PERL, and CGI files, API operations, and database queries.

If you want to improve the acceleration performance in dynamic content delivery, we recommend that you use DCDN. For more information, see What is DCDN?


Domain Name System (DNS) is a service that translates human-readable domain names into machine-readable IP addresses. Domain names are easy-to-identify to humans, but machines identify only IP addresses.

Domain name resolution is automatically performed by DNS servers. For example, if you enter in the address bar of your browser, the domain name is automatically resolved to an IP address, such as

Alibaba Cloud also provides a DNS resolution service called Alibaba Cloud DNS. For more information, see Alibaba Cloud DNS.


Secure Sockets Layer (SSL) is a secure communication protocol that improves the integrity and security of data that is transmitted over the Internet. SSL encryption is performed between the TCP/IP protocol stack and application layer protocols. Transport Layer Security (TLS) is the successor of SSL and is a cryptographic protocol at the transport layer. SSL and TLS are collectively known as SSL/TLS.

DNS time

The amount of time required for a client to initiate a request and receive the IP address of the destination host.

TCP time

The amount of time required for a client to establish a TCP connection to the destination server.

SSL time

The amount of time required for a client to establish an SSL connection to a web server.

delivery time

The amount of time required for a client to complete sending a request after SSL handshakes are completed.

connection time

If a POP uses HTTP to accelerate content delivery, the connection time consists of the DNS time and TCP time. If a POP uses HTTPS to accelerate content delivery, the connection time consists of the DNS time, TCP time, and SSL time. The connection time shows the coverage of POPs and the capabilities of the POPs to deliver content.

response time

The amount of time required for a web server to process an HTTP request and return a response to a client.

download time

The amount of time required for a client to receive and download the first packet returned from a web server.

time to first packet

The amount of time required for a client to send a request and receive the first HTTP packet from a server. The time to first packet shows the overall performance of POPs.

For content uploading and downloading, the time to first packet consists of the DNS time, TCP time, SSL time, request time, and response time.


A new domain name may require a longer period of time for DNS resolution than other existing domain names. However, this does not affect the cache retrieval time.

initial load time

The amount of time required to complete loading the first frame of a stream. The initial load time is determined by the DNS time, connection time, and time to first packet. A shorter initial load time indicates better performance.

stalling rate

Stalling events may occur when a video or audio stream is played or a resource is loaded. The stalling rate is calculated by using the following formula: Number of viewers that have stalling events/100. A lower stalling rate indicates better performance.

packet loss rate

The rate of lost packets to total packets during transmission.

overall performance

The amount of time required to upload or download an entire file.

origin fetch

If a resource that is requested by your customer is not cached on POPs or has expired, the request is redirected to the origin server to retrieve the resource. This process is called origin fetch.

origin host

An origin host refers to the domain name to which POPs redirect requests during origin fetch. If multiple domain names are hosted on the same origin server, you need to specify the domain name to which POPs redirect requests during origin fetch. For more information, see Configure the default origin host.

For example, you want POPs to redirect requests to, which is different from the accelerated domain name In this case, you need to specify as the origin host.

origin protocol policy

The origin protocol policy specifies the protocol that is used to redirect requests to origin servers. The protocol can be the one that is used by the clients to request content. For example, if clients send requests to POPs over HTTPS, you can set the origin protocol policy to HTTPS. If the origin server does not support HTTPS, you can set the origin protocol policy to HTTP. For more information, see Configure the origin protocol policy.

back-to-origin rate

The back-to-origin rate is classified into two: back-to-origin request rate and back-to-origin data transfer rate.

  • The back-to-origin request rate refers to the rate of requests for resources that are not cached, have expired, or cannot be cached on POPs to the total number of requests. Back-to-origin request rate = Number of back-to-origin requests from POPs/Total number of requests sent to POPs. A lower back-to-origin request rate indicates better performance. However, if the user requests are fragmented after POPs redirect the requests to the origin servers, the number of back-to-origin requests becomes greater than the total number of requests that are sent to POPs.

  • The back-to-origin data transfer rate refers to the rate of data transfer that is returned by the origin servers to data transfer that is returned by POPs to clients. Back-to-origin data transfer rate = Number of bytes returned from the origin servers to POPs/Number of bytes returned from POPs to clients. A lower data transfer rate indicates better performance.


Server name indication (SNI) is an extension of SSL/TLS. If multiple domain names are hosted on the same HTTPS server (IP address), you can use SNI to specify the domain name to which requests are redirected.

If the IP address of an origin server is associated with multiple domain names and the origin protocol policy is set to HTTPS, you can configure SNI to specify the domain name to which requests are redirected. When requests are redirected to the origin server, the origin server returns the certificate of the requested domain name. For more information, see Configure SNI.

range origin fetch

If a request that is redirected from POPs to the origin server carries the Range header, the origin server returns the content that is specified by the Range header. This process is called range origin fetch. For example, the Range header can specify that the origin server returns only the first 0 to 100 bytes of data from a specified file.

In scenarios where you want to distribute large files, such as on-demand video streaming and software package distribution, range origin fetch is an ideal method to accelerate file distribution, increase cache hit ratios, reduce origin traffic and loads on origin servers, and improve page loading. For more information, see Configure range origin fetch.


Range is an HTTP header that specifies the part of content to be retrieved.

302 redirection

302 redirection allows POPs to process the HTTP 302 status code that is returned from the origin server instead of returning the HTTP 302 status code to clients. 302 redirection simplifies request processing and accelerates content delivery.

Referer-based hotlink protection

Referer-based hotlink protection refers to access control based on the Referer header. For example, you can configure a Referer whitelist to allow only specified requests to access your resources or a blacklist to block specified requests. Referer-based hotlink protection identifies and filters user identities and protects your resources from unauthorized access. After you configure a Referer whitelist or blacklist, Alibaba Cloud CDN allows or rejects requests based on user identities. For more information, see Configure a Referer whitelist or blacklist to enable hotlink protection.


The Referer header is a component of the header section in HTTP requests and contains information about the source address, including the protocol, domain name, and query string. Referer is used to identify the source of a request.

bandwidth cap

A bandwidth cap specifies the maximum amount of bandwidth resources that can be consumed to prevent bandwidth usage spikes.

If the average bandwidth value of an accelerated domain name during a statistical period (1 minute) reaches the specified bandwidth cap, Alibaba Cloud CDN suspends services and disables the domain name. Then, the domain name is mapped to the invalid domain name offline.***.com. In this case, the domain name becomes inaccessible. For more information, see Configure bandwidth caps.


Time-to-live (TTL) refers to the amount of time that a resource is cached on POPs. Expired resources are automatically removed from POPs. Requests for expired resources are considered cache misses and redirected to the origin server. The retrieved resources are returned to the clients and cached on POPs. For more information, see Create a cache rule for resources.

cache hit ratio

The cache hit ratios of Alibaba Cloud CDN include the byte hit ratio and request hit ratio. A higher cache hit ratio indicates better performance.

  • Byte hit ratio = (Total number of bytes returned from POPs to clients - Total number of bytes returned from the origin servers to POPs)/Total number of bytes returned from POPs to clients.


    A lower byte hit ratio indicates a higher volume of origin traffic. A higher volume of outbound traffic from the origin server indicates a larger bandwidth value and heavier workloads of the origin server. Origin traffic represents the amount of workloads on the origin server, and the byte hit ratio is a major concern in actual business scenarios.

  • Request hit ratio = (Total number of requests to POPs - Total number of back-to-origin requests)/Total number of requests to POPs.


Cross-origin resource sharing (CORS) is an access control mechanism that is based on HTTP headers. CORS allows web servers to define the origin servers by specifying the domain name, protocol, and port from which a browser is allowed to retrieve specified resources. For more information, see Configure CORS.


EdgeScript (ES) allows you to specify custom Alibaba Cloud CDN configurations by running scripts if the built-in configurations provided by Alibaba Cloud CDN cannot meet your business requirements.


EdgeRoutine (ER) is a JavaScript code runtime environment that runs on globally distributed POPs. ER supports the ES6 syntax and standard Web Service Worker APIs. You can deploy your JavaScript code to ER. This way, your code is propagated across the entire Alibaba Cloud CDN global network. This allows Alibaba Cloud CDN to process requests on the POPs that are closest to the clients.


HTTP strict transport security (HSTS) is a policy mechanism that allows websites to accept only HTTPS connections. Websites can use HSTS to specify that clients, such as browsers, must use HTTPS. All HTTP requests and untrusted SSL certificates are rejected. HSTS prevents man-in-the-middle (MITM) attacks during the first visits from clients. For more information, see Configure HSTS.

If HSTS is disabled and the origin server supports only HTTPS, HTTP user requests are redirected to HTTPS by using 301 redirection or 302 redirection. When users access the origin server over HTTP, HTTP requests may be hijacked or tampered with. This poses security risks. If HSTS is enabled, clients can access the origin server only over HTTPS. This prevents hijacking and tampering of requests.


Quick UDP internet connections (QUIC) is a general-purpose transport layer network protocol that is built on top of UDP. QUIC provides the same level of security as TLS/SSL but with significantly reduced connection and transmission latency. QUIC reduces network congestion and ensures service availability in scenarios with high packet loss and network latency.

QUIC can implement different congestion control algorithms at the application layer regardless of the operating system or kernel that is used. Compared with TCP, QUIC supports flexible adjustments based on business requirements. QUIC is a suitable alternative when TCP optimization encounters bottlenecks.

HTTP status code

An HTTP status code is a numeric code that indicates a server response. You can determine and analyze server status based on HTTP status codes. After a client, such as a browser, sends a request to a server, the server returns a response header that includes an HTTP status code. The HTTP status code indicates the response status.

HTTP status codes are classified into the following types:

  • 1xx: messages.

  • 2xx: successful requests.

  • 3xx: request redirection.

  • 4xx: client errors.

  • 5xx: server errors.