Trace HTTP through proxies and CDNs
Treat every intermediary as a possible HTTP peer and identify the hop that produced an observation.
- proxies
- cdn
- intermediaries
One user-visible exchange can contain several HTTP hops
A forward proxy acts on behalf of a client. A reverse proxy or CDN acts on behalf of an origin service. On each hop, the intermediary is a server to the previous peer and a client to the next one.
User agent -> edge cache -> reverse proxy -> application
User agent <- edge cache <- reverse proxy <- application
Expected result: each arrow can use a different connection, TLS session, HTTP version, address, and timing. The response visible to the user agent can include decisions made at any returning hop.
Forwarding is not byte-for-byte copying
Connection-specific fields apply only to one hop and must be removed or handled before forwarding. Intermediaries add forwarding metadata, normalize field serialization, combine values where allowed, or translate between HTTP versions. The same semantics can therefore have a different wire representation upstream.
Never forward a field merely because its name is unfamiliar. Field definitions
and the Connection mechanism determine forwarding behavior in HTTP/1.1, while
HTTP/2 and HTTP/3 prohibit connection-specific fields.
A CDN can answer without reaching the origin
An edge cache can reuse a stored response, validate it upstream, or route to a
selected origin. Age, Via, Cache-Status, vendor cache fields, and request IDs
can help, but no single non-standard field is universal.
Compare an affected request with logs from each controlled layer. An origin log with no matching request is evidence that another layer answered or blocked it; it is not proof of which layer without further correlation.
Transformations require consistent metadata
An intermediary can transform content when HTTP permits it. Compression, image
optimization, or HTML rewriting can affect Content-Encoding, Content-Length,
validators, and signatures. A stale or inconsistent field can reveal a broken
transformation pipeline rather than bad application content.
Preserve evidence before bypassing
Changing DNS, adding a cache-bypass query, purging globally, or connecting directly to an origin changes the request path. First record the original URL, method, relevant request fields, resolved endpoint, response status and fields, and timestamps. Then vary one layer at a time.
