An edge server receives a request from a client network application for a web page hosted at an origin server. The edge server transmits the requested web page in a response. The edge server accesses an edge server request log to retrieve a log entry associated with the request for the web page, where the log entry associated with the request for the web page includes information regarding the request and the response. The edge server retrieves one or more characteristics of an asset of the web page, where each characteristics has an expected value. The edge server determines whether the origin server is compromised when a value for a characteristic is not within a threshold range of the expected value for the characteristic of the asset and performs a mitigation action in response.