Jump to: 0-9 | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
0-9
0-RTT
TLS 1.3 option that lets a client send application data in the first flight using a pre-shared key. Reduces handshake delay but risks replay on unsafe methods. Also called Zero-RTT.
1xx status codes
Informational HTTP responses that confirm receipt and ongoing processing. See 1xx status codes.
2xx status codes
Successful HTTP responses that indicate a request was accepted and fulfilled. See 2xx status codes.
3xx status codes
Redirection responses that instruct a client to use a different URL or resource. See 3xx status codes and HTTP redirects.
4xx status codes
Client error responses for invalid, unauthorized, or forbidden requests. See 4xx status codes.
5xx status codes
Server error responses for valid requests that failed due to a server or upstream problem. See 5xx status codes.
95th percentile (p95)
A latency threshold that 95 percent of requests beat. Used to track tail performance beyond the median.
99th percentile (p99)
A latency threshold that 99 percent of requests beat. Highlights rare slow paths that medians hide.
451 (legal block)
HTTP status used when content is unavailable for legal reasons. See 4xx status codes.
Zero RTT
Alternate name for 0-RTT. See 0-RTT.
A
A/B testing
An experiment that splits traffic between variants to measure impact on metrics such as conversion or latency.
A record
DNS record that maps a hostname to an IPv4 address.
AAAA record
DNS record that maps a hostname to an IPv6 address.
ABR (adaptive bitrate)
Streaming technique that switches media quality based on measured network conditions to reduce stalls.
ACME
Automated Certificate Management Environment used to issue and renew TLS certificates with a certificate authority.
ALPN
Application-Layer Protocol Negotiation in TLS that selects the application protocol, such as HTTP/2 or HTTP/3.
Anycast
A routing technique that advertises the same IP prefix from many locations so clients reach the nearest site.
API gateway
A control point that fronts services with routing, auth, throttling, and observability.
AS (Autonomous System)
A network under one administrative domain that announces IP prefixes on the internet.
ASN
The numeric identifier of an Autonomous System used by BGP.
Auth token
An opaque or signed value presented by a client to prove authorization for a request.
B
BBR
A congestion control algorithm that estimates bottleneck bandwidth and RTT to improve throughput and reduce queueing.
Backend
The origin application or service that generates responses behind a CDN or reverse proxy. See also Origin and Proxy.
Bandwidth
The maximum data transfer rate over a link or path, commonly measured in Mbps or Gbps.
BGP
Border Gateway Protocol that exchanges routing information and steers traffic between Autonomous Systems.
Brotli
A compression algorithm designed for web content with better ratios than gzip at comparable speeds.
Bufferbloat
Excessive queueing in networks that increases latency and jitter under load.
Burst tolerance
Allowance for short spikes above a nominal rate in rate limiting or bandwidth policies.
Byte range request
An HTTP request that asks for a specific slice of a resource using the Range header.
C
Cache
A storage layer that serves previously fetched content to reduce latency and origin load. See also Cache hit ratio, Freshness lifetime, and Validation caching.
Cache busting
A technique to force a new version into caches, often by changing a URL path or query string.
Cache hit ratio
The fraction of requests served from cache. Higher values reduce origin load and improve latency.
Cache hierarchy
A multi-tier topology where edge caches feed from regional or shield caches before reaching origin.
Cache key
The set of request attributes that identify a unique object in cache, such as URL, headers, and query parameters. See also Vary.
Cache stampede
A thundering herd on a cold or expired object where many clients trigger simultaneous revalidation or fetches. See also Request coalescing.
Cache-Control
HTTP header that defines freshness, revalidation, and cache behaviors for clients and intermediaries. See Validation caching and Freshness lifetime.
CDN
A content delivery network that serves assets and dynamic content from many points of presence close to clients.
CNAME
DNS record that aliases one hostname to another, often used to direct traffic into a CDN.
Coalescing
Combining multiple equivalent cache misses so only one origin fetch occurs while others wait. See Request coalescing.
Cold cache
A cache with few or no warm objects, leading to lower hit ratio and higher origin load.
Compression
Reducing payload size with algorithms like gzip or Brotli to lower transfer time and cost.
Connection reuse
Keeping TCP or QUIC connections open for multiple requests to avoid handshakes and slow starts. See also HTTP keep-alive.
Consistent hashing
A hashing scheme that limits remapping when nodes are added or removed, used in sharding and load distribution.
Content negotiation
Selecting a representation based on headers such as Accept, Accept-Encoding, or Accept-Language.
CORS
Cross-Origin Resource Sharing mechanism that controls which origins may access resources via browsers.
CSP
Content Security Policy header set that restricts which sources of content a page may load to reduce XSS risk.
CWND
Congestion window in TCP or QUIC that limits in-flight data based on network feedback.
D
DASH
Dynamic Adaptive Streaming over HTTP, a standard for adaptive video streaming.
Data center
A facility that houses compute, storage, and network equipment for services and CDNs.
Date header
HTTP response header that indicates the time at which the message originated.
DDoS
Distributed denial of service attack that floods networks or applications with traffic to exhaust resources.
Delegated domain
A subdomain whose DNS authority is delegated to another name server set.
Deterministic routing
Routing policy that maps inputs to outputs without randomness, aiding predictability and debugging.
Diffserv / DSCP
Differentiated Services Code Point markings in IP headers used for traffic classification and QoS.
DNS
Domain Name System that maps names to records such as IP addresses and service endpoints.
DNS TTL
Time to live value for a DNS record that controls how long resolvers cache answers.
DNSSEC
DNS Security Extensions that add origin authentication and integrity to DNS records.
DoH
DNS over HTTPS, which sends DNS queries inside HTTPS to improve privacy and traversal.
DoT
DNS over TLS, which sends DNS queries over a TLS session to protect confidentiality and integrity.
Downstream
The direction from servers toward clients in a delivery path.
DRM
Digital rights management systems used to control playback and distribution of protected content.
Dynamic content
Responses generated per request, often personalized or time-varying, and less cacheable by default.
E
eBPF
In-kernel virtual machine that runs small programs for packet filtering, observability, and policy enforcement.
ECMP
Equal-cost multi-path routing that spreads traffic across parallel next hops.
ECDHE
Elliptic Curve Diffie-Hellman Ephemeral key exchange used in TLS for forward secrecy.
ECDSA
Elliptic Curve Digital Signature Algorithm used for fast, compact TLS certificate signatures.
Edge
A service location close to clients that reduces last mile latency and improves resilience.
Egress
Outbound traffic from a network or service, often billed by volume.
ESI
Edge Side Includes, a markup for assembling pages from fragments at the edge.
ETag
HTTP validator that identifies a specific representation for revalidation and conditional requests.
EUCS
EU Cloud Services scheme that proposes assurance levels and rules for cloud and hosting providers.
EV certificate
Extended validation TLS certificate with additional identity vetting, now rare on the modern web.
F
Failover
Automatic or manual switch to a healthy path or site when a primary path fails.
Fallback origin
Secondary origin used when the primary origin is degraded or unavailable. See also Origin failover.
Fastly VCL (VCL)
Configuration language used by Fastly to control request and response processing.
FEO (front end optimization)
Techniques that reduce bytes and round trips on the client side, such as inlining or preloading.
FQDN
Fully Qualified Domain Name that includes the host and all domain levels.
GET, HEAD, POST
Common HTTP methods. GET retrieves, HEAD retrieves headers only, POST submits data to be processed.
Forward proxy
A proxy used by clients to reach external sites, often for policy or privacy. See also Proxy and Transparent proxy.
Freshness lifetime
Time an object remains fresh in cache before it requires revalidation or a new fetch. See also Cache-Control.
G
Geo DNS
DNS routing that serves region-specific answers based on resolver location.
Geo routing
Routing that selects the nearest or designated region to serve a client.
GRE tunnel
Generic Routing Encapsulation that wraps packets to form logical links across networks.
Gzip
Widely supported compression format used for text assets on the web.
GPU offload
Use of graphics processors for compute tasks such as transcoding or image processing.
H
HAR (waterfall)
HTTP Archive format and the waterfall chart derived from it that visualizes request timing.
Hash
A fixed-size output derived from data, used in integrity checks, sharding, and routing.
Header
A key-value pair in HTTP requests and responses that controls behavior and conveys metadata.
HLS
HTTP Live Streaming, an adaptive streaming protocol that uses segmented TS or fMP4 over HTTP.
Hop
A single router or proxy transition along a network path.
HPACK
Header compression format used by HTTP/2 to reduce overhead.
HSTS
HTTP Strict Transport Security policy that forces HTTPS for a domain and its subdomains.
HTTP
Hypertext Transfer Protocol used for client-server communication on the web. See also HTTP status codes.
HTTP redirects
Instructions to fetch a different URL using 3xx status codes. See HTTP redirects and 3xx status codes.
HTTP status codes
Standard response codes that describe the outcome of requests. See HTTP status codes.
HTTP/1.1
Connection-oriented version of HTTP that uses one request per TCP connection unless pipelined.
HTTP/2
Multiplexed HTTP over a single connection with header compression and stream prioritization.
HTTP/3
HTTP over QUIC using UDP to reduce head-of-line blocking and improve mobility. See also QUIC.
HTTP keep-alive
Reusing a TCP or QUIC connection for multiple requests to avoid repeated handshakes. See also Connection reuse.
I
ICP license
Licensing regime required for hosting websites in mainland China.
ICMP
Internet Control Message Protocol used for diagnostics such as ping and path MTU discovery.
Idempotency
A property where repeating the same request yields the same result, important for retries and safety.
Image optimization
Transforming images for faster delivery, such as resizing, re-encoding, or converting formats.
Ingress
Inbound traffic into a network or service.
IP Anycast
Advertising the same IP from multiple sites so traffic flows to the nearest reachable one.
IP hash
Load balancing method that selects a backend based on a hash of client IP to keep affinity.
IPv4
Internet Protocol version 4 with 32-bit addresses, widely deployed.
IPv6
Internet Protocol version 6 with 128-bit addresses, designed to replace IPv4.
IXP (Internet exchange)
A physical location where networks peer to exchange traffic directly.
J
Jitter
Variation in packet delay over time. High jitter degrades real-time media.
JWT
JSON Web Token used to carry claims for authentication and authorization.
K
Keep-Alive
Header and behavior that keep connections open for reuse across requests. See also HTTP keep-alive.
Keyless SSL
TLS termination pattern where private keys remain on a separate service and are not present on edge nodes.
Key rotation
Regular replacement of keys or secrets to limit exposure in case of compromise.
KV store
A key-value database used for fast lookups and simple state at the edge.
L
L4 load balancing
Load balancing at the transport layer using IPs and ports without inspecting HTTP.
L7 load balancing
Load balancing at the application layer using HTTP attributes, paths, or headers.
Last mile
The network segment between a client and the nearest service site.
Latency
Elapsed time for a request or packet to travel from client to server and back.
LBR (load based routing)
Routing that uses measured load or health to steer traffic to the best endpoint.
Log push
Mechanism where a provider streams logs to a customer endpoint in near real time.
Log pull
Mechanism where a customer fetches logs from a provider on demand or at intervals.
LRU cache
Least Recently Used eviction policy that keeps hot items by discarding the stalest ones first.
M
mTLS
Mutual TLS where both client and server present certificates to authenticate the session.
Middle mile
The network segment between edge locations and origin or core data centers.
MITM
Man-in-the-middle attack where an adversary intercepts or alters traffic between endpoints.
MPLS
Multiprotocol Label Switching that forwards packets along label-switched paths with traffic engineering.
Multi-CDN
Use of multiple CDNs to improve reach, resilience, or performance through diversity.
Multiplexing
Sending multiple logical streams over one connection, as in HTTP/2 and HTTP/3.
Muxed connection
A single transport that carries many interleaved streams concurrently. See also Multiplexing.
N
Nagle’s algorithm
TCP feature that coalesces small writes into larger segments to improve efficiency at the cost of latency.
NAT
Network Address Translation that maps private to public addresses for outbound or inbound connectivity.
Name server
Authoritative DNS server that provides answers for a domain.
Negative caching
Caching of error or miss results to reduce repeated failures or lookups.
Network edge
Locations close to users where compute and cache reduce round trips to origin.
NOC
Network operations center that monitors and manages network and service health.
NTP
Network Time Protocol used to synchronize clocks across systems.
NXDOMAIN
DNS response indicating a queried name does not exist.
O
OAuth 2.0
Authorization framework where clients obtain tokens to access protected resources on behalf of a user or service.
OCSP
Online Certificate Status Protocol used to check certificate revocation.
OCSP stapling
Server-side inclusion of OCSP responses in TLS handshakes to speed up validation.
Origin
The upstream host or service that a CDN or reverse proxy fetches from to serve content. See also Origin shield and Proxy.
Origin failover
Automatic switch to a backup origin when the primary origin fails health checks.
Origin shield
A mid-tier cache that concentrates origin fetches to improve hit ratio and protect origins. See also Cache hierarchy.
Outage window
A planned or unplanned period where service is impaired or unavailable.
Overprovisioning
Operating with extra capacity to absorb failures and traffic spikes.
P
PAC file
Proxy Auto-Config script used by browsers to choose a proxy for specific requests.
Packet loss
Packets dropped on a path due to errors or congestion. Increases retransmissions and latency.
Peering
Direct interconnection between networks to exchange traffic without a transit provider.
PNI (private network interconnect)
Dedicated physical links between networks or a network and a provider for predictable capacity.
PoP (point of presence)
A service site that contains servers and network gear to serve a region.
POST, PUT, PATCH, DELETE
HTTP methods used to create, replace, modify, or remove resources.
Preconnect
A hint that opens a connection in advance to reduce future request latency.
Prefetch
A hint or mechanism that retrieves a resource likely to be needed soon.
Priority hints
Signals that guide browsers or CDNs to schedule more important resources first.
Proxy
A server that sits between clients and upstreams to mediate requests. A reverse proxy fronts origins to serve content and apply policy. A forward proxy is used by clients to reach external sites. See also Forward proxy and Transparent proxy.
PURGE
An action or method used to remove content from caches before it expires.
p50, p90, p95, p99
Percentiles that summarize latency distributions. Higher percentiles capture tail behavior. See also 95th percentile (p95) and 99th percentile (p99).
QUIC
A transport protocol over UDP that integrates TLS, multiplexing, and improved loss recovery. See also HTTP/3.
Q
QOE
Quality of experience. A user-centric measure of media or service quality that blends stalls, latency, and errors.
QoS
Quality of service. Policies that classify and prioritize traffic to meet performance goals.
QPS
Queries per second. A throughput measure for request volume.
QUIC
Query string normalization
Canonicalization of query parameters to improve caching and routing consistency.
R
Rate limiting
A control that caps request rates per identity or key to protect services and ensure fairness.
Real user monitoring (RUM)
Measurement of performance using metrics collected from actual clients in the field.
Recursive resolver
DNS component that iteratively queries authoritative servers to resolve names on behalf of clients.
Redirect
An HTTP response that instructs the client to fetch a new URL, commonly using 3xx codes. See HTTP redirects.
Request collapsing
Treating multiple equivalent cache misses as one fetch so only a single origin request occurs. See also Request coalescing.
Request coalescing
Synonym for request collapsing; often includes coalescing of validation requests too.
Retry policy
Rules for repeating failed requests safely, including backoff, jitter, and idempotency checks. See also Idempotency.
RFC
Request for Comments. The document series where internet standards and best practices are published.
Round robin
Simple load balancing that cycles through a list of backends or endpoints.
Route optimization
Dynamic path selection that reduces latency or loss by measuring and steering across networks.
RPKI
Resource Public Key Infrastructure that validates BGP route origins to prevent hijacks.
RTT
Round-trip time. The delay between sending a request and receiving the response.
RTO
Retransmission timeout. The time a transport waits before retransmitting lost packets.
S
SameSite cookie
Cookie attribute that limits cross-site sending to reduce CSRF risks.
SAN (subject alt name)
Certificate field that lists additional hostnames covered by the certificate.
SNI
Server Name Indication in TLS that lets a server present the correct certificate for a hostname.
SLO
Service level objective. A target for reliability or performance, such as availability.
SLA
Service level agreement. A contractual promise about measured service levels and remedies.
SMTP over CDN
Pattern where static email assets such as images are delivered via CDN, not SMTP itself.
SPDY
An older Google protocol that informed HTTP/2 features; no longer used on the public web.
SRV record
DNS record that advertises the host and port for a named service.
Stale content
Cached content served after freshness has expired, sometimes gated by policies such as stale-while-revalidate.
stale-while-revalidate
Cache directive that allows serving stale content while asynchronously revalidating in the background.
stale-if-error
Cache directive that allows serving stale content when the origin returns an error.
Streaming
Delivery of media or data in a continuous flow rather than as a single download.
Strict routing
Policy that avoids route changes except when required, useful for stability during incidents.
SYN flood
A DDoS attack that overwhelms servers by sending many TCP SYN packets to exhaust resources.
T
TCP
Connection-oriented transport protocol that provides reliability, ordering, and congestion control.
TCP Fast Open
Extension that allows data to be sent in the initial SYN for repeat connections to reduce handshake delay.
Throughput
Amount of data transferred per unit time over a connection or system.
TLS
Transport Layer Security that provides encryption and authentication for network connections. See also TLS handshake and 0-RTT.
TLS handshake
Process that negotiates keys, ciphers, and parameters before secure data transfer begins.
Token bucket
A rate limiting algorithm that allows bursts up to a limit while enforcing an average rate.
Token authentication
Access control using bearer or signed tokens presented with requests. See also Auth token.
TTFB
Time to first byte. The delay between a client request and the arrival of the first response byte.
TTL
Time to live. For DNS, the cache lifetime; for HTTP, the freshness or expiry interval.
Traffic steering
Policy-based selection of paths or providers to meet performance or availability goals. See also Route optimization and Multi-CDN.
Traceroute
Diagnostic that maps the path and delays between two hosts by probing each hop.
Transparent proxy
A proxy that intercepts traffic without client configuration, common in enterprise networks. See also Proxy.
Tunnel
An encapsulated path that carries traffic through another network or protocol.
U
UDP
Connectionless transport protocol used by QUIC and real-time media.
UGC
User-generated content such as uploads or comments that may need moderation and security controls.
Upstream
The direction from a client-facing layer toward origins and core services. See also Downstream.
URL normalization
Consistent formatting of URLs by ordering, encoding, and case to improve caching and routing.
Uptime SLO
Reliability target for service availability over a period, often expressed as a percentage.
V
Validation caching
Serving content that is revalidated with the origin using validators like ETag or Last-Modified. See also Cache-Control.
Vanity domain
A custom domain used to brand a service endpoint rather than exposing provider hostnames.
Vary
HTTP header that declares which request headers affect the cache key and representation. See also Cache key.
VCL
See Fastly VCL (VCL).
VOD
Video on demand delivered over HTTP using adaptive streaming protocols.
WAF (see W)
Pointer to Web Application Firewall under W. See WAF.
W
WAF
Web Application Firewall that inspects and filters HTTP traffic to block attacks.
Warm cache
A cache with popular content already stored, yielding higher hit ratios and lower latency.
WASM at edge
Running WebAssembly modules on edge platforms for safe, portable compute close to users.
Waterfall chart
A timing visualization that shows request phases such as DNS, connect, TLS, and TTFB.
WebP
An image format with better compression than JPEG or PNG for many photos and graphics.
WebSocket
A bidirectional protocol over a single HTTP upgrade that enables real-time messaging.
Weighted routing
Traffic distribution that assigns proportions to backends or providers for control and testing.
Worker (edge function)
A programmable function that runs on edge nodes to modify requests and responses.
X
X-Cache
A response header that indicates whether a CDN served a hit or miss and from which cache.
X-Cache-Status
A response header used by some CDNs to report cache outcome, such as HIT, MISS, or EXPIRED.
X-Forwarded-For
A request header that carries the original client IP through proxies.
X-Forwarded-Proto
A request header that carries the original scheme, such as http or https, through proxies.
XML sitemap
An XML file that lists site URLs to help crawlers discover content.
Y
YAML config
Configuration written in YAML, a human-readable data format used by many tools.
YANG (network models)
A data modeling language for network configurations and state.
Z
Zero RTT
See 0-RTT.
Zero trust
A security model that assumes no implicit trust on a network and verifies each request in context.
Zone apex
The root of a DNS zone, such as example.com without a hostname label.
Zone file
A text file that defines the DNS records for a zone served by an authoritative name server.