Built-in variables

Variables let you fine-tune how our edge servers handle your traffic while minimizing the use of the Advanced behavior (which requires assistance from your account representative). We provide a set of built-in, or default, variables that provide a set of basic information about the request or values that you would not be able to retrieve on your own. Additionally, the Set Variable behavior lets you extract more comprehensive information from a request that you can then use in your user-defined variables.

Characteristics of built-in variables:

  • You can reference the built-in variables just like the variables you define (see User-defined variables).

  • In the underlying XML, the internal variables have names like %(AK_HOST), %(AK_PATH), etc.

  • Built-in variables are not editable.


Built-in variable have a default security setting of "hidden". This is not editable.

Available built-in variables

Variable NameDescription
AKA_PM_CACHEABLE_OBJECTTrue if the object is cacheable, false if it isn't cacheable.
AK_BASE_URLThe incoming request URL, from the first to the last slash inclusive, and excluding the scheme and host. See the example.
AK_CLIENT_IPThe client IP address seen by the edge server. This can be overridden by the X-Forwarded-For and Akamai-Client-IP request headers.
AK_CLIENT_REAL_IPThe client IP address seen by the edge server. Request headers are ignored.
AK_CLIENT_RTTThe time elapsed, in milliseconds, for the TCP round-trip (RTT) between the client and the edge server.
AK_CLIENT_TRANSFER_TIMEThe time elapsed, in milliseconds, to transfer content from the edge to the client. This value is only available after the client response completes and applies only to custom log fields.
AK_CLIENT_TURNAROUND_TIMEThe time in milliseconds between receiving the end of the request headers and writing the first byte of the reply to the client socket. This includes the time it takes for the edge servers to fetch the object from another server or to perform validation of the object's freshness if the object was in cache. In both of these cases there is a forward request corresponding to the client request.

Note: this variable can only successfully be captured in the Custom Log Field when enclosed in an Advanced Match:

Advanced XML Open
<match:metadata-stage value="client-response">
Advanced XML Close
AK_CONNECTED_CLIENT_IPContains the IP on the TCP socket whether it be a redirecting ghost or a client.
AK_CPCODEThe CP code associated with the request.
AK_CURRENT_TIMEThe epoch time when edge metadata is applied to the request. If you need to convert epoch time values to other time formats, use the setVariable behavior.
AK_DOMAINHostname minus the first subdomain and dot. See the example.
AK_EDGEWORKERS_FAILUREPopulated when an EdgeWorkers error occurs.
AK_EDGEWORKERS__RP_STATUSThe execution status of the EdgeWorkers event using the responseProvider event handler.
AK_EDGEWORKERS_STATUSThe execution status of the EdgeWorkers event using the onOriginRequest/Response and onClientRequest/Response event handlers.
AK_EXTENSIONThe filename extension of the incoming request. See the example.
AK_FILENAMEThe filename of the incoming request. See the example.
AK_FIREWALL_ALERTED_RULESWhen the webApplicationFirewall behavior is enabled, this variable contains a colon-separated list of IDs for the firewall rules that triggered an alert for the current request.
AK_FIREWALL_DENY_RULEIDWhen the webApplicationFirewall behavior is enabled, this variable contains the ID for a firewall rule set to deny the request when the rule triggers.
AK_FIREWALL_DETECTED_RULESWhen the webApplicationFirewall behavior is enabled, this variable contains a colon-separated list of IDs for all firewall rules that apply to the request.
AK_FIREWALL_MITIGATED_RULESA colon-separated list of IDs for firewall rules that were mitigated for the current request.
AK_FIREWALL_TRIGGERED_RULESA colon-separated list of IDs for firewall rules that were triggered for the current request.
AK_GHOST_IPThe IP address on which end client requests are received and, ultimately, resolve for the end user.
AK_GHOST_SERVICE_IPThe edge server IP address used to forward a request, also known as the machine IP. This is the IP address that the origin server sees as the client IP address when it receives a request from the edge.
AK_HOSTHostname of the incoming request. See the example.
AK_HOST_CNAME_CHAINA space-delimited list of the CNAME chain provided by DNS lookup on the incoming Host: header.
AK_MAPRULEThe maprule for the incoming request, such as a123.g.akamai.net .
AK_METHODThe request Method: GET, PUT, POST, HEAD, etc.
AK_ORIGINAL_URLThe same as `AK_URL`, but before processing to remove any repeated forward slashes in the path. Just exactly as the edge servers received it.
AK_ORIGIN_DNS_NAMEThe hostname that the Akamai server resolved to go forward to the origin.
AK_PATHPath of the URL as seen by the edge server for the incoming request, including the filename and extension, but without any filename parameter or query string. See the example.
AK_PROTOCOL_NEGOTIATIONThe protocol negotiated with the client when NPN or ALPN is used. The variable value is available from the client request stage, forward. Possible values include:
  • http2. h2-14 or h2
  • http3. h3-29 or h3
  • For http, contact your Akamai representative for help configuring values http/1.1 or http/1.0.
AK_QUERYThe URL's query string. See the example.
AK_REFERENCE_IDThe global identifier for the request across the Akamai platform.
AK_REQUEST_IDUnique identifier for each request on the edge server, the same as reported in logs. For the global identifier of the request across the entire Akamai platform, see AK_REFERENCE_ID.
AK_SCHEMERequest Scheme, either http or https. See the example.
AK_SLOTSlot number on which the incoming request was made.
AK_TLS_CIPHER_NAMEFor HTTPS and SPDY requests, this variable holds the name of the cipher used for the SSL connection. For HTTP requests, its value is UNKNOWN .
AK_TLS_ENCRYPTION_BITSBits of encryption used for the request.
AK_TLS_PREFERRED_CIPHERSThe value of the tag security:essl.slot-assignment.preferred-ciphers for this request.
AK_TLS_SNI_NAMEThe SNI name submitted by the client.
AK_TLS_VERSIONThe TLS version used for the connection.
AK_URLThe incoming request URL, including the query string, and excluding the scheme and host. See the example.

Example of the URL-related variables

Related Pages:

Test configurations with variables

Create a variable

User-defined variables

Set Variable behavior