Extend Ray ID for the backend to include the source Data Center


Today, if one formatted the backend web server to log the CF Ray ID data, the format generated is RayID-Exit-Data-Center, like RayID-EWR, which means the last/exit CF data center, the one who sent the request to the backend server, was Newark (USA).

It will help us for both operational and security reasons - if you will add to this format the source/incoming data center, say the ingress request came via the Frankfurt (Germany) CF data center, the log will show RayID-FRA-EWR, meaning first the RayID, then the source data center then the exit data center.

Thank you.


While that’s definitely a good idea, you can also implement a header with the visitor’s CF-Ray with a Request Header Transform Rule:

I have set my origin to echo back both the CF-Ray request header added by Cloudflare, and the one created by the Transform Rule:


The first is Apache’s echo of the request header CF-Ray added by Cloudflare, and reflects the exit datacenter.

The second is Apache’s echo of the request header added with a Transform Rule.

The third is the response header added by Cloudflare.

How reliable that would be in a production setting, given the complexity of Cloudflare cache mechanisms, you’d need to test.


Thank you cbrandt, nice Idea, good for temp troubleshooting.
Personally I would not like to echo back this data to all visitors, I wish to see it only in the web server logs, that only I have access too.
I hope many will vote for my idea so CF will realize it.
Thank you again.


Yes, definitely. The idea is to echo back only temporarily, to make troubleshooting easier.

Anyway, I wish your suggestion is successfully implemented by Cloudflare.