Chapter 4

Understanding Traffic Shape

Reading the Overview, Offenders, and cache metrics.

2 min readLast updated 26 April 2026
Jump to section

The Overview page

This is your at-a-glance health check. The three columns -- status codes, data centres, and cache statuses -- show the traffic shape for the selected time window.

A healthy shape looks like:

  • Status codes: dominated by 2xx (successful responses), with small amounts of 3xx (redirects) and negligible 499/5xx
  • Data centres: concentrated in the regions where your customers are (LHR for UK, EWR for US East, etc.)
  • Cache statuses: for SFCC sites, expect "dynamic" (50-60%) and "hit" (35-55%) -- this is normal because storefront pages (/on/demandware.store) are always dynamic

The world map heatmap below the headline tiles shows traffic by country -- hover for details, click to drill into the Offenders page filtered by that country.

Each of the three ranked lists is clickable: click a status code row to see Offenders filtered by that status class, or click a cache status row to filter by that cache status. This makes it easy to go from "I see a lot of 499s" to "which ASNs are responsible?" in one click.

The Offenders page

This is where you investigate. Each ASN shows the organisation name, country flag, request volume with a sparkline trend, bytes per request, 499 rate, cache hit rate, and bypass rate. Use the filter bar to narrow by ASN country, bypass tier, alert status, or network type (ISP / Cloud / VPN-Proxy / Transit). Search by AS number or org name.

Key signals to look for:

  • 499 rate above 20% — the scraper signature
  • Bypass rate above 80% — origin abuse (red), 50–80% is elevated (amber)
  • Low BPR (bytes per request) — under 8 kB suggests JSON API scraping
  • Alert badge — a pulsing red dot means detectors are currently firing for this ASN

Click any ASN for the detail page: 8 stat tiles, stacked timeseries with site-wide baseline overlay, cache breakdown, UA families with anomaly flags, paths with per-path bypass rate, similar ASNs (cohort), 7-day alert history, and JSON export.

Baselines matter

The detectors are most accurate when the source has its baseline cache-hit ratio calibrated. After 4 hours of real data, Edge auto-calibrates baselines automatically. The Overview's Cache Hit Ratio tile auto-detects SFCC traffic and adjusts its "Healthy" sublabel accordingly.

Still stuck? Email support or open the support widget in the bottom-right.