Synopsis
This glossary defines terms used across the multi-CDN handbook. Entries focus on functional meaning in production use.
ABR (Adaptive Bitrate)
Streaming technique that lets the player switch among renditions of different bitrates during playback based on current conditions.
ACME
Automated Certificate Management Environment. Protocol used to issue and renew certificates programmatically.
Aggregator (L7)
A layer 7 proxy that accepts client TLS and HTTP, applies policy, and forwards to a selected CDN or origin.
ALPN
Application Layer Protocol Negotiation. TLS extension that negotiates HTTP protocol versions such as HTTP/2 and HTTP/3.
Anycast
Routing technique where multiple edge sites advertise the same IP so traffic reaches the nearest reachable site by BGP.
API rate limit
Limits applied by providers to configuration or purge APIs. Relevant for automation and incident operations.
ASN
Autonomous System Number. Identifies an internet network. Used for steering, measurement, and scope in incidents.
BGP
Border Gateway Protocol. Internet routing protocol. Changes can explain regional anomalies that affect CDN paths.
Cache key
Function that maps a request to an object identity at the cache. Common parts include scheme, host, normalized path, and selected parameters.
Cache hit rate
Fraction of requests served from cache. Often measured at edge and at shield separately.
Cache-Control
HTTP header that defines caching behavior, including max-age, stale-while-revalidate, and stale-if-error.
Canary
Controlled exposure of a candidate configuration or route to a small cohort before wider rollout.
CAA
Certification Authority Authorization DNS record that specifies which CAs may issue for a domain.
Client hints
HTTP request headers such as DPR, Width, and Viewport-Width that inform image selection and transforms.
Client-side selection
Endpoint choice performed by application code or SDK on the client. Reflects last mile conditions.
Cohort
Stable subset of traffic used for experiments or gradual rollout.
Compliance and residency
Controls that constrain where data is processed and stored, and who can access it, per jurisdiction.
Control plane
System that ingests signals, evaluates policy, and publishes routing or configuration outputs to steering layers.
CMAF
Common Media Application Format. Container structure for HLS and DASH that supports chunked low latency modes.
DNS-based steering
Routing at the authoritative DNS layer using resolver geography or ASN, and sometimes health or measurement inputs.
DRM
Digital Rights Management. License based content protection systems such as Widevine, PlayReady, and FairPlay.
ECDSA and RSA
Public key algorithms used for TLS certificates. Dual deployment supports wider client compatibility.
Edge
Provider point of presence that terminates client connections and serves cached or proxied content.
ETag
HTTP validator that identifies a specific version of a resource and supports conditional requests.
Exposure cap
Upper bound on the fraction of traffic allowed to run on an unproven configuration during rollout.
Hard purge
Immediate removal of an object from cache. Can increase origin load when used at scale.
Health signal
Measurement that indicates provider or route status. Includes synthetic probe outcomes, error ratios, and upstream failures.
Hysteresis and dwell time
Stability controls that delay or bound routing changes to prevent oscillation.
HTTP/3 and QUIC
Transport and application protocol pair that reduces connection setup time and improves loss recovery with UDP.
Immutable asset
Static file published under a versioned URL so caches can store long lived copies without purge.
mTLS
Mutual TLS. Origin authenticates the CDN or proxy using client certificates on the upstream connection.
Negative caching
Caching of error responses such as 404 or 5xx for a limited time. Requires explicit control to avoid user harm.
OCSP stapling
Edge includes signed certificate status in the TLS handshake to avoid client side OCSP fetches.
Origin
System of record for content or APIs behind one or more CDNs. Often protected by shielding.
Origin shield
Stable cache or proxy layer between edges and origin that reduces duplicate fetches and smooths bursts.
Partial content
HTTP 206 response for range requests. Critical for large object delivery and streaming segments.
Policy precedence
Evaluation order for constraints in routing. Typical order is jurisdiction and allowlist, then health, then performance, then cost.
Provider parity
Operational goal that the same request sees equivalent security, behavior, and outcomes at different providers.
Purge controller
Automation that issues cache invalidations across providers with retries, idempotency, and audit logging.
QUIC connection migration
Ability to maintain an HTTP/3 session across network changes. Relevant for mobile scenarios.
Revalidation
Conditional request using If-None-Match or If-Modified-Since. Successful revalidation yields 304 and refreshes freshness metadata.
RFM (Request flow marker)
Stable identifier that ties edge, proxy, and origin logs for a single request across systems.
RFP
Request for proposal. Structured request for vendor responses that include technical, operational, and commercial content.
RUM
Real user measurement collected from production sessions. Reflects last mile performance and device effects.
Shield hit rate
Hit rate measured at origin shield. Indicates protection of the core independent of edge hit rate.
SLA and SLO
Service level agreement is a contractual commitment. Service level objective is an internal target that guides operations.
Soft purge
Invalidation that marks an object stale and serves revalidated content on the next request. Reduces origin spikes.
SSAI
Server side ad insertion. Manifest rewriting for ad placement in streaming.
Stale-if-error and stale-while-revalidate
Cache directives that allow serving stale content during origin errors or while revalidating.
Steering layer
The place where route selection occurs. May be DNS, a layer 7 proxy, client logic, or a hybrid.
Stickiness
Policy that keeps a session on the same provider for a period to avoid churn and cache loss.
Surrogate key
Logical tag that groups objects for purge. Provider specific feature also called tags or cache tags.
Synthetic measurement
Active probes from known vantage points. Useful for early warning and controlled comparisons.
Tag purge
Purge operation that targets a surrogate key group instead of individual URLs or prefixes.
Telemetry window
Aggregation period used to compute inputs for routing or alerts. Must align with steering cadence.
TTFB
Time to first byte. Indicator of latency from request to first response byte. Sensitive to cache hit rate and origin distance.
Vary
HTTP header that declares which request headers affect the cache key. Must be bounded to avoid key explosion.
Vendor drift
Unintended divergence in configuration or behavior between providers. Prevented by templating and conformance checks.
Video segment
Immutable chunk referenced by streaming manifests. Cached with long TTL and strong validators.
WAF
Web application firewall. Rule sets that detect and block attack patterns and enforce allow rules.
Related chapters
Overview appears at /multicdn/. Design choices appear in /multicdn/architecture-patterns/. Routing policy appears in /multicdn/traffic-steering/. Measurement appears in /multicdn/signals-telemetry/. Origin and caching appear in /multicdn/origin-architecture/ and /multicdn/cache-consistency/. Security and TLS appear in /multicdn/security-parity/ and /multicdn/tls-certificates/. Operations appear in /multicdn/monitoring-slos/, /multicdn/testing-canarying/, and /multicdn/incident-playbooks/.
Further reading
RFC 9110 and RFC 9111 for HTTP semantics and caching. RFC 8446 for TLS 1.3. RFC 8555 for ACME. Apple HLS, MPEG-DASH, and CMAF specifications for streaming.