diff --git a/.asf.yaml b/.asf.yaml index 9018f895a9c..31ee0d40aa4 100644 --- a/.asf.yaml +++ b/.asf.yaml @@ -11,6 +11,11 @@ github: - cdn - cache - apache + - http/2 + - http/3 + - quic + - forwardproxy + - reverseproxy - hacktoberfest features: # Enable wiki for documentation @@ -29,9 +34,6 @@ github: collaborators: - mtorluemke - c-taylor - - moonchen - - cmcfarlen - - serrislew - etapia protected_branches: master: diff --git a/.clang-format b/.clang-format index cd564fb109c..3bd0b0b3387 100644 --- a/.clang-format +++ b/.clang-format @@ -1,16 +1,38 @@ --- -Language: Cpp +Language: Cpp AccessModifierOffset: -2 AlignAfterOpenBracket: Align -AlignConsecutiveMacros: false -AlignConsecutiveAssignments: true -AlignConsecutiveDeclarations: false +AlignArrayOfStructures: Left +AlignConsecutiveAssignments: + Enabled: true + AcrossEmptyLines: false + AcrossComments: false + AlignCompound: true + PadOperators: true +AlignConsecutiveBitFields: + Enabled: true + AcrossEmptyLines: false + AcrossComments: false + AlignCompound: false + PadOperators: false +AlignConsecutiveDeclarations: + Enabled: false + AcrossEmptyLines: false + AcrossComments: false + AlignCompound: false + PadOperators: true +AlignConsecutiveMacros: + Enabled: true + AcrossEmptyLines: false + AcrossComments: false + AlignCompound: false + PadOperators: true AlignEscapedNewlines: Left -AlignOperands: true +AlignOperands: Align AlignTrailingComments: true -AllowAllArgumentsOnNextLine: true -AllowAllConstructorInitializersOnNextLine: true +AllowAllArgumentsOnNextLine: false AllowAllParametersOfDeclarationOnNextLine: false +AllowShortEnumsOnASingleLine: true AllowShortBlocksOnASingleLine: Never AllowShortCaseLabelsOnASingleLine: false AllowShortFunctionsOnASingleLine: Inline @@ -21,26 +43,31 @@ AlwaysBreakAfterDefinitionReturnType: All AlwaysBreakAfterReturnType: AllDefinitions AlwaysBreakBeforeMultilineStrings: false AlwaysBreakTemplateDeclarations: MultiLine +AttributeMacros: + - __capability BinPackArguments: true BinPackParameters: true BraceWrapping: - AfterCaseLabel: false - AfterClass: true - AfterControlStatement: false - AfterEnum: false - AfterFunction: true - AfterNamespace: true + AfterCaseLabel: false + AfterClass: true + AfterControlStatement: Never + AfterEnum: false + AfterFunction: true + AfterNamespace: true AfterObjCDeclaration: false - AfterStruct: false - AfterUnion: false + AfterStruct: false + AfterUnion: false AfterExternBlock: false - BeforeCatch: false - BeforeElse: false - IndentBraces: false + BeforeCatch: false + BeforeElse: false + BeforeLambdaBody: false + BeforeWhile: false + IndentBraces: false SplitEmptyFunction: true SplitEmptyRecord: true SplitEmptyNamespace: true BreakBeforeBinaryOperators: None +BreakBeforeConceptDeclarations: Always BreakBeforeBraces: Linux BreakBeforeInheritanceComma: false BreakInheritanceList: BeforeColon @@ -49,17 +76,23 @@ BreakConstructorInitializersBeforeComma: false BreakConstructorInitializers: BeforeColon BreakAfterJavaFieldAnnotations: false BreakStringLiterals: true -ColumnLimit: 132 -CommentPragmas: '^ IWYU pragma:' +ColumnLimit: 132 +CommentPragmas: "^ IWYU pragma:" +QualifierAlignment: Leave CompactNamespaces: false -ConstructorInitializerAllOnOneLineOrOnePerLine: true ConstructorInitializerIndentWidth: 2 ContinuationIndentWidth: 2 Cpp11BracedListStyle: true DeriveLineEnding: true DerivePointerAlignment: false -DisableFormat: false +DisableFormat: false +EmptyLineAfterAccessModifier: Never +EmptyLineBeforeAccessModifier: LogicalBlock ExperimentalAutoDetectBinPacking: false +PackConstructorInitializers: NextLine +BasedOnStyle: "" +ConstructorInitializerAllOnOneLineOrOnePerLine: false +AllowAllConstructorInitializersOnNextLine: true FixNamespaceComments: true ForEachMacros: - forv_Vec @@ -68,72 +101,117 @@ ForEachMacros: - foreach - Q_FOREACH - BOOST_FOREACH -IncludeBlocks: Preserve +IfMacros: + - KJ_IF_MAYBE +IncludeBlocks: Preserve IncludeCategories: - - Regex: '^"(llvm|llvm-c|clang|clang-c)/' - Priority: 2 - SortPriority: 0 - - Regex: '^(<|"(gtest|isl|json)/)' - Priority: 3 - SortPriority: 0 - - Regex: '.*' - Priority: 1 - SortPriority: 0 -IncludeIsMainRegex: '$' -IncludeIsMainSourceRegex: '' + - Regex: '^"(llvm|llvm-c|clang|clang-c)/' + Priority: 2 + SortPriority: 0 + CaseSensitive: false + - Regex: '^(<|"(gtest|isl|json)/)' + Priority: 3 + SortPriority: 0 + CaseSensitive: false + - Regex: ".*" + Priority: 1 + SortPriority: 0 + CaseSensitive: false +IncludeIsMainRegex: "$" +IncludeIsMainSourceRegex: "" +IndentAccessModifiers: false IndentCaseLabels: false +IndentCaseBlocks: false IndentGotoLabels: true IndentPPDirectives: None -IndentWidth: 2 +IndentExternBlock: AfterExternBlock +IndentRequiresClause: true +IndentWidth: 2 IndentWrappedFunctionNames: false +InsertBraces: false +InsertTrailingCommas: None JavaScriptQuotes: Leave JavaScriptWrapImports: true KeepEmptyLinesAtTheStartOfBlocks: false -MacroBlockBegin: '' -MacroBlockEnd: '' +LambdaBodyIndentation: Signature +MacroBlockBegin: "" +MacroBlockEnd: "" MaxEmptyLinesToKeep: 1 NamespaceIndentation: Inner ObjCBinPackProtocolList: Auto ObjCBlockIndentWidth: 2 +ObjCBreakBeforeNestedBlockParam: true ObjCSpaceAfterProperty: true ObjCSpaceBeforeProtocolList: false PenaltyBreakAssignment: 2 PenaltyBreakBeforeFirstCallParameter: 19 PenaltyBreakComment: 30000 PenaltyBreakFirstLessLess: 120 +PenaltyBreakOpenParenthesis: 0 PenaltyBreakString: 1000 PenaltyBreakTemplateDeclaration: 10 PenaltyExcessCharacter: 1000000 PenaltyReturnTypeOnItsOwnLine: 200 +PenaltyIndentedWhitespace: 0 PointerAlignment: Right -ReflowComments: true -SortIncludes: false +PPIndentWidth: -1 +ReferenceAlignment: Pointer +ReflowComments: true +RemoveBracesLLVM: false +RequiresClausePosition: OwnLine +SeparateDefinitionBlocks: Leave +ShortNamespaceLines: 1 +SortIncludes: Never +SortJavaStaticImport: Before SortUsingDeclarations: false SpaceAfterCStyleCast: false SpaceAfterLogicalNot: false SpaceAfterTemplateKeyword: true SpaceBeforeAssignmentOperators: true +SpaceBeforeCaseColon: false SpaceBeforeCpp11BracedList: false SpaceBeforeCtorInitializerColon: true SpaceBeforeInheritanceColon: true SpaceBeforeParens: ControlStatements +SpaceBeforeParensOptions: + AfterControlStatements: true + AfterForeachMacros: true + AfterFunctionDefinitionName: false + AfterFunctionDeclarationName: false + AfterIfMacros: true + AfterOverloadedOperator: false + AfterRequiresInClause: false + AfterRequiresInExpression: false + BeforeNonEmptyParentheses: false +SpaceAroundPointerQualifiers: Default SpaceBeforeRangeBasedForLoopColon: true SpaceInEmptyBlock: false SpaceInEmptyParentheses: false SpacesBeforeTrailingComments: 1 -SpacesInAngles: false +SpacesInAngles: Never SpacesInConditionalStatement: false SpacesInContainerLiterals: true SpacesInCStyleCastParentheses: false +SpacesInLineCommentPrefix: + Minimum: 1 + Maximum: -1 SpacesInParentheses: false SpacesInSquareBrackets: false SpaceBeforeSquareBrackets: false -Standard: Latest +BitFieldColonSpacing: Both +Standard: Latest +StatementAttributeLikeMacros: + - Q_EMIT StatementMacros: - Q_UNUSED - QT_REQUIRE_VERSION -TabWidth: 8 -UseCRLF: false -UseTab: Never -... - +TabWidth: 8 +UseCRLF: false +UseTab: Never +WhitespaceSensitiveMacros: + - STRINGIZE + - PP_STRINGIZE + - BOOST_PP_STRINGIZE + - NS_SWIFT_NAME + - CF_SWIFT_NAME +--- diff --git a/doc/admin-guide/files/records.config.en.rst b/doc/admin-guide/files/records.config.en.rst index 5f4080f75f8..52b9bec04ad 100644 --- a/doc/admin-guide/files/records.config.en.rst +++ b/doc/admin-guide/files/records.config.en.rst @@ -3984,10 +3984,14 @@ Client-Related Configuration Sets the ALPN string that |TS| will send to the origin in the ClientHello of TLS handshakes. Configuring this to an empty string (the default configuration) means that the ALPN extension - will not be sent as a part of the TLS ClientHello. + will not be sent as a part of the TLS ClientHello, resulting in HTTP/1.x being negotiated for all + origin-side connections. Configuring the ALPN string provides a mechanism to control origin-side HTTP protocol - negotiation. Configuring this requires an understanding of the ALPN TLS protocol extension. See + negotiation. Including ``h2`` in the ALPN list is required for negotiatnge origin-side HTTP/2 + connections. + + Configuring this requires an understanding of the ALPN TLS protocol extension. See `RFC 7301 `_ for details about the ALPN protocol. See the official `IANA ALPN protocol registration `_ @@ -4002,27 +4006,27 @@ Client-Related Configuration - ``http/1.0`` - ``http/1.1`` + - ``h2`` Here are some example configurations and the consequences of each: - ================================ ====================================================================== - Value Description - ================================ ====================================================================== - ``""`` No ALPN extension is sent by |TS| in origin-side TLS handshakes. - |TS| will assume an HTTP/1.1 connection in this case. - ``"http/1.1"`` Only HTTP/1.1 is advertized by |TS|. Thus, the origin will - either negotiate HTTP/1.1, or it will fail the handshake if that - is not supported by the origin. - ``"http/1.1,http/1.0"`` Both HTTP/1.1 and HTTP/1.0 are supported by |TS|, but HTTP/1.1 - is preferred. - ``"h2,http/1.1,http/1.0"`` HTTP/2 is preferred by |TS| over HTTP/1.1 and HTTP/1.0. Thus, if the - origin supports HTTP/2, it will be used for the connection. If - not, it will fall back to HTTP/1.1 or, if that is not supported, - HTTP/1.0. (HTTP/2 to origin is currently not supported by |TS|.) - ``"h2"`` |TS| only advertizes HTTP/2 support. Thus, the origin will - either negotiate HTTP/2 or fail the handshake. (HTTP/2 to origin - is currently not supported by |TS|.) - ================================ ====================================================================== + ==================== ====================================================================== + Value Description + ==================== ====================================================================== + ``""`` No ALPN extension is sent by |TS| in origin-side TLS handshakes. |TS| will + assume an HTTP/1.1 connection in this case. + ``"http/1.1"`` Only HTTP/1.1 is advertized by |TS|. Thus, the origin will either negotiate + HTTP/1.1, or it will fail the handshake if that is not supported by the + origin. + ``"h2,http/1.1"`` HTTP/2 is preferred by |TS| over HTTP/1.1. Thus, if the origin supports + HTTP/2, it will be used for the connection. If not, it will fall back to + HTTP/1.1. + ``"h2"`` |TS| only advertizes HTTP/2 support. Thus, the origin will + either negotiate HTTP/2 or fail the TLS handshake. + ==================== ====================================================================== + + Note that this is an overridable configuration, so the ALPN can be configured on a per-origin + basis via the :ref:`admin-plugins-conf-remap` plugin. .. ts:cv:: CONFIG proxy.config.ssl.async.handshake.enabled INT 0 @@ -4144,6 +4148,16 @@ HTTP/2 Configuration Reloading this value affects only new HTTP/2 connections, not the ones already established. +.. ts:cv:: CONFIG proxy.config.http2.max_concurrent_streams_out INT 100 + :reloadable: + + The maximum number of concurrent streams per outbound connection. + +.. note:: + + Reloading this value affects only new HTTP/2 connections, not the + ones already established. + .. ts:cv:: CONFIG proxy.config.http2.min_concurrent_streams_in INT 10 :reloadable: @@ -4151,6 +4165,13 @@ HTTP/2 Configuration This is used when :ts:cv:`proxy.config.http2.max_active_streams_in` is set larger than ``0``. +.. ts:cv:: CONFIG proxy.config.http2.min_concurrent_streams_out INT 10 + :reloadable: + + The minimum number of concurrent streams per outbound connection. + This is used when :ts:cv:`proxy.config.http2.max_active_streams_out` is set + larger than ``0``. + .. ts:cv:: CONFIG proxy.config.http2.max_active_streams_in INT 0 :reloadable: @@ -4160,6 +4181,15 @@ HTTP/2 Configuration :ts:cv:`proxy.config.http2.min_concurrent_streams_in`. To disable, set to zero (``0``). +.. ts:cv:: CONFIG proxy.config.http2.max_active_streams_out INT 0 + :reloadable: + + Limits the maximum number of connection wide active streams. + When connection wide active streams are larger than this value, + SETTINGS_MAX_CONCURRENT_STREAMS will be reduced to + :ts:cv:`proxy.config.http2.min_concurrent_streams_out`. + To disable, set to zero (``0``). + .. ts:cv:: CONFIG proxy.config.http2.initial_window_size_in INT 65535 :reloadable: :units: bytes @@ -4170,6 +4200,16 @@ HTTP/2 Configuration :ts:cv:`proxy.config.http2.flow_control.policy_in` for how HTTP/2 stream and session windows are maintained over the lifetime of HTTP/2 sessions. +.. ts:cv:: CONFIG proxy.config.http2.initial_window_size_out INT 65535 + :reloadable: + :units: bytes + + The initial HTTP/2 stream window size for outbound connections that |TS| as a + client advertises to the peer. See IETF RFC 9113 section 5.2 for details + concerning HTTP/2 flow control. See + :ts:cv:`proxy.config.http2.flow_control.policy_out` for how HTTP/2 stream and + session windows are maintained over the lifetime of HTTP/2 sessions. + .. ts:cv:: CONFIG proxy.config.http2.flow_control.policy_in INT 0 :reloadable: @@ -4199,6 +4239,13 @@ HTTP/2 Configuration a way that shares the window equally among all concurrent streams. ===== =========================================================================================== +.. ts:cv:: CONFIG proxy.config.http2.flow_control.policy_out INT 0 + :reloadable: + + Specifies the mechanism |TS| uses to maintian flow control via the HTTP/2 + stream and session windows for outbound connections. See the corresponding :ts:cv:`proxy.config.http2.flow_control.policy_in` + configuration for details concerning how this configuration variable is used. + .. ts:cv:: CONFIG proxy.config.http2.max_frame_size INT 16384 :reloadable: :units: bytes @@ -4259,6 +4306,13 @@ HTTP/2 Configuration misconfigured or misbehaving clients are opening a large number of connections without submitting requests. +.. ts:cv:: CONFIG proxy.config.http2.no_activity_timeout_out INT 120 + :reloadable: + :units: seconds + + Specifies how long |TS| keeps connections to origins open if a + transaction stalls. + .. ts:cv:: CONFIG proxy.config.http2.zombie_debug_timeout_in INT 0 :reloadable: diff --git a/doc/admin-guide/monitoring/statistics/core/http-connection.en.rst b/doc/admin-guide/monitoring/statistics/core/http-connection.en.rst index a2d95c4e089..667dcf9de15 100644 --- a/doc/admin-guide/monitoring/statistics/core/http-connection.en.rst +++ b/doc/admin-guide/monitoring/statistics/core/http-connection.en.rst @@ -183,6 +183,21 @@ HTTP/2 Represents the current number of HTTP/2 active connections from client to the |TS|. +.. ts:stat:: global proxy.process.http2.total_server_connections integer + :type: counter + + Represents the total number of HTTP/2 connections from |TS| to the origin. + +.. ts:stat:: global proxy.process.http2.current_server_connections integer + :type: gauge + + Represents the current number of HTTP/2 connections from |TS| to the origin. + +.. ts:stat:: global proxy.process.http2.current_active_server_connections integer + :type: gauge + + Represents the current number of HTTP/2 active connections from |TS| to the origin. + .. ts:stat:: global proxy.process.http2.connection_errors integer :type: counter diff --git a/doc/admin-guide/monitoring/statistics/core/http-transaction.en.rst b/doc/admin-guide/monitoring/statistics/core/http-transaction.en.rst index 07a6e60a0d8..9dd730c2be4 100644 --- a/doc/admin-guide/monitoring/statistics/core/http-transaction.en.rst +++ b/doc/admin-guide/monitoring/statistics/core/http-transaction.en.rst @@ -165,6 +165,16 @@ HTTP/2 Represents the current number of HTTP/2 streams from client to the |TS|. +.. ts:stat:: global proxy.process.http2.total_server_streams integer + :type: counter + + Represents the total number of HTTP/2 streams from |TS| to the origin. + +.. ts:stat:: global proxy.process.http2.current_server_streams integer + :type: gauge + + Represents the current number of HTTP/2 streams from |TS| to the origin. + .. ts:stat:: global proxy.process.http2.total_transactions_time integer :type: counter :units: seconds diff --git a/doc/developer-guide/api/functions/TSSslSecret.en.rst b/doc/developer-guide/api/functions/TSSslSecret.en.rst index 87478e22542..9f81d4f5665 100644 --- a/doc/developer-guide/api/functions/TSSslSecret.en.rst +++ b/doc/developer-guide/api/functions/TSSslSecret.en.rst @@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. + .. include:: /common.defs .. default-domain:: c @@ -27,7 +28,7 @@ Synopsis #include -.. function:: TSReturnCode TSSslSecretSet(const char * secret_name, int secret_name_length, const char * secret_data, int secret_data_len) +.. function:: TSReturnCode TSSslSecretSet(const char * secret_name, int secret_name_length, const char * secret_data, int secret_data_length) Description =========== @@ -48,12 +49,16 @@ Synopsis #include -.. function:: TSReturnCode TSSslSecretGet(const char * secret_name, int secret_name_length, const char ** secret_data_return, int * secret_data_len) +.. function:: char * TSSslSecretGet(const char * secret_name, int secret_name_length, int * secret_data_length) Description =========== -:func:`TSSslSecretGet` fetches the named secret from the current secret map. TS_ERROR is returned if there is no entry for the secret. +:func:`TSSslSecretGet` fetches the named secret from the current secret map. If there is no secret with the +given name, the returned pointer will be null, and the :arg:`secret_data_length` output paramter will be set to zero. If +the returned pointer is not null, it points to a buffer containing the secret data. The :arg:`secret_data_length` output +parameter will be set to the length of the secret data. The buffer containing the data must be freed by +calling :func:`TSfree`. TSSslSecretUpdate ***************** diff --git a/doc/release-notes/images/branch_mgmt.png b/doc/release-notes/images/branch_mgmt.png new file mode 100644 index 00000000000..d24817da7a9 Binary files /dev/null and b/doc/release-notes/images/branch_mgmt.png differ diff --git a/doc/release-notes/images/roadmap.png b/doc/release-notes/images/roadmap.png index 656c21ecdf8..4f3c2618a7f 100644 Binary files a/doc/release-notes/images/roadmap.png and b/doc/release-notes/images/roadmap.png differ diff --git a/doc/release-notes/roadmap.en.rst b/doc/release-notes/roadmap.en.rst index 7afb416ad1f..4c122686c8f 100644 --- a/doc/release-notes/roadmap.en.rst +++ b/doc/release-notes/roadmap.en.rst @@ -31,53 +31,75 @@ our `download page `_ to see the current supported versions. -For details on the actual developer release process, See - Versions, compatibility and schedules ------------------------------------- -1. We promise to make 1 major release every two years, but the RM and +1. We aim to make 1 major release every two years, but the RM and community can of course make more as necessary. -2. We only make releases off the LTS branches, which are cut every 2 years - off the master branch. -3. Master is always open, for any type of change (including incompatible - changes). But don't break compatibility just for fun! +2. We cut LTS major and minor releases striaght off the master branch. + We will make release branches in a timely manner before making any + release candidates. +3. Master is always open for compatible changes. 4. Master is always stable, i.e. commits should be properly tested and reviewed before committed to master. -5. All releases are stable releases, following strict Semantic Versioning. -6. Minor and patch releases are made at the discretion of the community and +5. Incompatible changes must be made on the current ``-dev`` branch. +6. All releases are stable releases, following strict Semantic Versioning. +7. Minor and patch releases are made at the discretion of the community and the RM. -7. Minor releases can include new (small / safe) features, but must be +8. Minor releases can include new (small / safe) features, but must be compatible within the LTS major version. -8. The LTS cycle, 4 years, does not reset when we make a minor release. -9. The goal is that within a major LTS version, only one minor version is - continuously supported. For example, if we have made a v9.1.2, and the - RM makes a v9.2.0 release, do not expect any more releases of v9.1.x. - The exception here would be serious issues, or security problems. +9. The LTS cycle, approximately 4 years, does not reset when we make a minor + release. +10. The goal is that within a major LTS version, only one minor version is + continuously supported. For example, if we have made a v9.1.2, and the + RM makes a v9.2.0 release, do not expect any more releases of v9.1.x. + The exception here would be serious issues, or security problems. + +Branch Management +----------------- + +As of `v10.0.0`` and forward, we will cut all major and minor branches off +the main branch (master). The ``-Dev`` branch will be used for incompatible +changes, and will be merged into master when the next major release is +in progress. + +.. figure:: images/branch_mgmt.png + :align: left + +The implication of this new process is that we will no longer cherry pick +PRs from master to a release branch. Rather, each major and minor release +is taken whole sale from the master branch. For managing your PRs, this means: + +1. You do not need to nominate your PR for a backport to a minor release, unless + the release branch has been cut. A goal here is that the release branches + are stable in preparation of the minor release, while master is still open. +2. An exception for this are the older LTS releases and minor critical fixes. + For such changes, always nominate your PR for backport to those Projects. +3. The default ``Milestone`` changes for every major and minor release. For + example, if the current LTS release is `10.0.1`, the milestone for all new + PRs will be `10.1.0` going forward. +4. We will create tags on the master branch regularly, for coordinating testing + efforts. These are not releases! +5. We will regularly (weekly) merge master to the current ``-Dev`` branch, + to keep them in sync. + +It is absolutely critical that everyone sets the ``Milestone`` and ``Project`` +fields appropriate in this process. This is how we will manage the releases! Current Release Schedule and support ------------------------------------ +Master is currently targeted for our first `v10.0.x` release. When this branch +is created, the new process kicks in and ``Milestones`` must follow the +next minor release number (e.g. `10.1.0`). + .. figure:: images/roadmap.png - :align: center + :align: left **Note:** These are examples, only the first minor release number of each major LTS branch is guaranteed to be made. The dates for point releases are also for illustration. -How? ----- - -As you can see, we no longer make any sort of development releases. Also, -there's no longer a backport voting process! The latter means that all -developers and users must make a higher commitment to reviewing changes as -they go into master and the incompatible release branch. Other than that, -it's pretty much business as usual, but easier for everyone involved. -This git branch diagram shows an example how the git tree will be managed: - -.. figure:: images/git-versions.svg - :align: center - Burning release numbers, or how our release process works --------------------------------------------------------- @@ -109,9 +131,9 @@ Release Managers ======= ======= ========= =========== ========= Version Primary Secondary 1st Release Supported ======= ======= ========= =========== ========= -8.x Evan Leif 8/2018 1/2022 -9.x Leif Bryan 1/2020 1/2024 -10.x TBD TBD 1/2022 1/2026 +8.x Evan Leif 8/2018 3/2023 +9.x Evan Bryan 1/2020 3/2025 +10.x Leif Bryan 3/2023 3/2027 ======= ======= ========= =========== ========= diff --git a/example/plugins/c-api/basic_auth/basic_auth.c b/example/plugins/c-api/basic_auth/basic_auth.c index 95a87edc1a4..d798ee6ab15 100644 --- a/example/plugins/c-api/basic_auth/basic_auth.c +++ b/example/plugins/c-api/basic_auth/basic_auth.c @@ -52,8 +52,8 @@ base64_decode(const char *input) *output++ = decode(0) << 2 | decode(1) >> 4; *output++ = decode(1) << 4 | decode(2) >> 2; *output++ = decode(2) << 6 | decode(3); - len -= 4; - input += 4; + len -= 4; + input += 4; } /* @@ -139,7 +139,7 @@ handle_dns(TSHttpTxn txnp, TSCont contp) goto done; } *password = '\0'; - password += 1; + password += 1; if (!authorized(user, password)) { TSError("[%s] %s:%s not authorized", PLUGIN_NAME, user, password); diff --git a/example/plugins/c-api/bnull_transform/bnull_transform.c b/example/plugins/c-api/bnull_transform/bnull_transform.c index 8cb2c44dc1a..db41fdbb93b 100644 --- a/example/plugins/c-api/bnull_transform/bnull_transform.c +++ b/example/plugins/c-api/bnull_transform/bnull_transform.c @@ -41,7 +41,7 @@ #define PLUGIN_NAME "bnull_transform" -#define TS_NULL_MUTEX NULL +#define TS_NULL_MUTEX NULL #define STATE_BUFFER_DATA 0 #define STATE_OUTPUT_DATA 1 diff --git a/example/plugins/c-api/cache_scan/cache_scan.cc b/example/plugins/c-api/cache_scan/cache_scan.cc index 4e0d9a952e3..e0546be0be0 100644 --- a/example/plugins/c-api/cache_scan/cache_scan.cc +++ b/example/plugins/c-api/cache_scan/cache_scan.cc @@ -68,10 +68,10 @@ handle_scan(TSCont contp, TSEvent event, void *edata) cache_scan_state *cstate = static_cast(TSContDataGet(contp)); if (event == TS_EVENT_CACHE_REMOVE) { - cstate->done = 1; - const char error[] = "Cache remove operation succeeded"; - cstate->cache_vc = static_cast(edata); - cstate->write_vio = TSVConnWrite(cstate->net_vc, contp, cstate->resp_reader, INT64_MAX); + cstate->done = 1; + const char error[] = "Cache remove operation succeeded"; + cstate->cache_vc = static_cast(edata); + cstate->write_vio = TSVConnWrite(cstate->net_vc, contp, cstate->resp_reader, INT64_MAX); cstate->total_bytes += TSIOBufferWrite(cstate->resp_buffer, error, sizeof(error) - 1); TSVIONBytesSet(cstate->write_vio, cstate->total_bytes); TSVIOReenable(cstate->write_vio); @@ -83,8 +83,8 @@ handle_scan(TSCont contp, TSEvent event, void *edata) const char error[] = "Cache remove operation failed error="; char rc[12]; snprintf(rc, 12, "%p", edata); - cstate->cache_vc = static_cast(edata); - cstate->write_vio = TSVConnWrite(cstate->net_vc, contp, cstate->resp_reader, INT64_MAX); + cstate->cache_vc = static_cast(edata); + cstate->write_vio = TSVConnWrite(cstate->net_vc, contp, cstate->resp_reader, INT64_MAX); cstate->total_bytes += TSIOBufferWrite(cstate->resp_buffer, error, sizeof(error) - 1); cstate->total_bytes += TSIOBufferWrite(cstate->resp_buffer, rc, strlen(rc)); @@ -104,7 +104,7 @@ handle_scan(TSCont contp, TSEvent event, void *edata) event == TS_EVENT_CACHE_SCAN_OPERATION_FAILED) { cstate->done = 1; if (cstate->resp_buffer) { - const char error[] = "Cache scan operation blocked or failed"; + const char error[] = "Cache scan operation blocked or failed"; cstate->total_bytes += TSIOBufferWrite(cstate->resp_buffer, error, sizeof(error) - 1); } if (cstate->write_vio) { @@ -159,12 +159,12 @@ handle_scan(TSCont contp, TSEvent event, void *edata) if (event == TS_EVENT_CACHE_SCAN_DONE) { cstate->done = 1; char s[512]; - int s_len = snprintf(s, sizeof(s), - "

\n

%d total objects in cache

\n" - "
" - "Enter URL to delete: " - "", - cstate->total_items); + int s_len = snprintf(s, sizeof(s), + "

\n

%d total objects in cache

\n" + "" + "Enter URL to delete: " + "", + cstate->total_items); cstate->total_bytes += TSIOBufferWrite(cstate->resp_buffer, s, s_len); TSVIONBytesSet(cstate->write_vio, cstate->total_bytes); if (!cstate->write_pending) { @@ -271,7 +271,7 @@ handle_io(TSCont contp, TSEvent event, void * /* edata ATS_UNUSED */) cstate->pending_action = actionp; } } else { - char head[] = "

Cache Contents:

\n

\n";
+      char head[]         = "
Cache Contents:
\n
\n";
       cstate->total_bytes += TSIOBufferWrite(cstate->resp_buffer, head, sizeof(head) - 1);
       // start scan
       TSAction actionp = TSCacheScan(contp, nullptr, 512000);
diff --git a/example/plugins/c-api/intercept/intercept.cc b/example/plugins/c-api/intercept/intercept.cc
index 03bf86da29c..d25eda99bff 100644
--- a/example/plugins/c-api/intercept/intercept.cc
+++ b/example/plugins/c-api/intercept/intercept.cc
@@ -43,7 +43,7 @@
 // request. You can enable extensive logging with the "intercept" diagnostic tag.
 
 #define PLUGIN_NAME "intercept"
-#define PORT 60000
+#define PORT        60000
 
 #define VDEBUG(fmt, ...) TSDebug(PLUGIN_NAME, fmt, ##__VA_ARGS__)
 
@@ -164,7 +164,8 @@ static const char *
 InterceptProxySideVC(const InterceptState *istate, TSVConn vc)
 {
   return (istate->client.vc && vc == istate->client.vc) ? "" :
-                                                          (istate->server.vc && vc == istate->server.vc) ? "" : "";
+         (istate->server.vc && vc == istate->server.vc) ? "" :
+                                                          "";
 }
 
 static bool
@@ -244,9 +245,9 @@ InterceptTransferData(InterceptIO *from, InterceptIO *to)
     while (ptr && remain) {
       int64_t nbytes;
 
-      nbytes = TSIOBufferWrite(to->writeio.iobuf, ptr, remain);
-      remain -= nbytes;
-      ptr += nbytes;
+      nbytes   = TSIOBufferWrite(to->writeio.iobuf, ptr, remain);
+      remain   -= nbytes;
+      ptr      += nbytes;
       consumed += nbytes;
     }
   }
diff --git a/example/plugins/c-api/passthru/passthru.cc b/example/plugins/c-api/passthru/passthru.cc
index 887dac000ca..6ddef92e671 100644
--- a/example/plugins/c-api/passthru/passthru.cc
+++ b/example/plugins/c-api/passthru/passthru.cc
@@ -114,7 +114,7 @@ struct PassthruIO {
   }
 
   // noncopyable
-  PassthruIO(const PassthruIO &) = delete;
+  PassthruIO(const PassthruIO &)            = delete;
   PassthruIO &operator=(const PassthruIO &) = delete;
 };
 
@@ -158,7 +158,7 @@ struct PassthruSession {
   }
 
   // noncopyable
-  PassthruSession(const PassthruSession &) = delete;
+  PassthruSession(const PassthruSession &)            = delete;
   PassthruSession &operator=(const PassthruSession &) = delete;
 };
 
diff --git a/example/plugins/c-api/protocol/Protocol.h b/example/plugins/c-api/protocol/Protocol.h
index 6d883c18cdb..fbb01bf4f2b 100644
--- a/example/plugins/c-api/protocol/Protocol.h
+++ b/example/plugins/c-api/protocol/Protocol.h
@@ -37,7 +37,7 @@
 #define PLUGIN_NAME "protocol"
 
 #define MAX_SERVER_NAME_LENGTH 1024
-#define MAX_FILE_NAME_LENGTH 1024
+#define MAX_FILE_NAME_LENGTH   1024
 
 /* MAX_SERVER_NAME_LENGTH + MAX_FILE_NAME_LENGTH + strlen("\n\n") */
 #define MAX_REQUEST_LENGTH 2050
diff --git a/example/plugins/c-api/protocol/TxnSM.c b/example/plugins/c-api/protocol/TxnSM.c
index cb7f00f44ec..98d2265852f 100644
--- a/example/plugins/c-api/protocol/TxnSM.c
+++ b/example/plugins/c-api/protocol/TxnSM.c
@@ -939,7 +939,7 @@ get_info_from_buffer(TSIOBufferReader the_reader)
     if (read_done > 0) {
       TSIOBufferReaderConsume(the_reader, read_done);
       read_avail -= read_done;
-      info += read_done;
+      info       += read_done;
     }
   }
 
diff --git a/example/plugins/c-api/protocol/TxnSM.h b/example/plugins/c-api/protocol/TxnSM.h
index b3e8f3f4caa..d74de56fee4 100644
--- a/example/plugins/c-api/protocol/TxnSM.h
+++ b/example/plugins/c-api/protocol/TxnSM.h
@@ -30,8 +30,8 @@ typedef int (*TxnSMHandler)(TSCont contp, TSEvent event, void *data);
 TSCont TxnSMCreate(TSMutex pmutex, TSVConn client_vc, int server_port);
 
 #define TXN_SM_ALIVE 0xAAAA0123
-#define TXN_SM_DEAD 0xFEE1DEAD
-#define TXN_SM_ZERO 0x00001111
+#define TXN_SM_DEAD  0xFEE1DEAD
+#define TXN_SM_ZERO  0x00001111
 
 /* The Txn State Machine */
 typedef struct _TxnSM {
diff --git a/example/plugins/c-api/remap_header_add/remap_header_add.cc b/example/plugins/c-api/remap_header_add/remap_header_add.cc
index f538fae264e..702da50251d 100644
--- a/example/plugins/c-api/remap_header_add/remap_header_add.cc
+++ b/example/plugins/c-api/remap_header_add/remap_header_add.cc
@@ -44,7 +44,7 @@ struct remap_line {
 };
 
 #define PLUGIN_NAME "headeradd_remap"
-#define EXTERN extern "C"
+#define EXTERN      extern "C"
 
 EXTERN void
 ParseArgIntoNv(const char *arg, char **n, char **v)
diff --git a/example/plugins/c-api/request_buffer/request_buffer.c b/example/plugins/c-api/request_buffer/request_buffer.c
index 2214cda5243..0a3f253e1e7 100644
--- a/example/plugins/c-api/request_buffer/request_buffer.c
+++ b/example/plugins/c-api/request_buffer/request_buffer.c
@@ -54,7 +54,7 @@ request_body_get(TSHttpTxn txnp, int *len)
     char_data = TSIOBufferBlockReadStart(block, post_buffer_reader, &data_len);
     memcpy(ret + consumed, char_data, data_len);
     consumed += data_len;
-    block = TSIOBufferBlockNext(block);
+    block    = TSIOBufferBlockNext(block);
   }
   TSIOBufferReaderFree(post_buffer_reader);
 
diff --git a/example/plugins/c-api/server_transform/server_transform.c b/example/plugins/c-api/server_transform/server_transform.c
index c4f29bdf6e1..3d1d90d3ed7 100644
--- a/example/plugins/c-api/server_transform/server_transform.c
+++ b/example/plugins/c-api/server_transform/server_transform.c
@@ -51,12 +51,12 @@
 
 #define PLUGIN_NAME "server-transform"
 
-#define STATE_BUFFER 1
-#define STATE_CONNECT 2
-#define STATE_WRITE 3
+#define STATE_BUFFER      1
+#define STATE_CONNECT     2
+#define STATE_WRITE       3
 #define STATE_READ_STATUS 4
-#define STATE_READ 5
-#define STATE_BYPASS 6
+#define STATE_READ        5
+#define STATE_BYPASS      6
 
 typedef struct {
   int state;
diff --git a/example/plugins/c-api/ssl_preaccept/ssl_preaccept.cc b/example/plugins/c-api/ssl_preaccept/ssl_preaccept.cc
index be662ad29b1..db395df197d 100644
--- a/example/plugins/c-api/ssl_preaccept/ssl_preaccept.cc
+++ b/example/plugins/c-api/ssl_preaccept/ssl_preaccept.cc
@@ -35,7 +35,7 @@
 #include 
 
 #define PLUGIN_NAME "ssl-preaccept"
-#define PCP "[" PLUGIN_NAME "] "
+#define PCP         "[" PLUGIN_NAME "] "
 
 namespace
 {
diff --git a/example/plugins/c-api/ssl_sni/ssl_sni.cc b/example/plugins/c-api/ssl_sni/ssl_sni.cc
index a0b676be081..be9c5dde982 100644
--- a/example/plugins/c-api/ssl_sni/ssl_sni.cc
+++ b/example/plugins/c-api/ssl_sni/ssl_sni.cc
@@ -32,7 +32,7 @@
 #include 
 
 #define PLUGIN_NAME "ssl_sni"
-#define PCP "[" PLUGIN_NAME "] "
+#define PCP         "[" PLUGIN_NAME "] "
 
 namespace
 {
diff --git a/example/plugins/c-api/ssl_sni_allowlist/ssl_sni_allowlist.cc b/example/plugins/c-api/ssl_sni_allowlist/ssl_sni_allowlist.cc
index b2e969c384a..79002ef0b26 100644
--- a/example/plugins/c-api/ssl_sni_allowlist/ssl_sni_allowlist.cc
+++ b/example/plugins/c-api/ssl_sni_allowlist/ssl_sni_allowlist.cc
@@ -32,7 +32,7 @@
 #include 
 
 #define PLUGIN_NAME "ssl_sni_allowlist"
-#define PCP "[" PLUGIN_NAME "] "
+#define PCP         "[" PLUGIN_NAME "] "
 
 namespace
 {
diff --git a/example/plugins/c-api/thread_pool/psi.c b/example/plugins/c-api/thread_pool/psi.c
index a25220d2b7c..730341c32dd 100644
--- a/example/plugins/c-api/thread_pool/psi.c
+++ b/example/plugins/c-api/thread_pool/psi.c
@@ -47,13 +47,13 @@
 #define NB_THREADS 3
 
 #define PSI_FILENAME_MAX_SIZE 512
-#define PSI_PATH_MAX_SIZE 256
-#define PSI_PATH "include"
+#define PSI_PATH_MAX_SIZE     256
+#define PSI_PATH              "include"
 
-#define PSI_START_TAG ""
+#define PSI_END_TAG     "-->"
 #define PSI_END_TAG_LEN 3
 
 #define MIME_FIELD_XPSI "X-Psi"
diff --git a/example/plugins/c-api/thread_pool/thread.h b/example/plugins/c-api/thread_pool/thread.h
index f0eaa62f7dc..9949ff9d7e5 100644
--- a/example/plugins/c-api/thread_pool/thread.h
+++ b/example/plugins/c-api/thread_pool/thread.h
@@ -26,7 +26,7 @@
 #define PLUGIN_NAME "psi"
 
 #define MAGIC_ALIVE 0xfeedbabe
-#define MAGIC_DEAD 0xdeadbeef
+#define MAGIC_DEAD  0xdeadbeef
 
 /* If more than MAX_JOBS_ALARM are present in queue, the plugin
    will log error messages. This should be tuned based on your application */
diff --git a/example/plugins/c-api/verify_cert/verify_cert.cc b/example/plugins/c-api/verify_cert/verify_cert.cc
index 4682379c09f..6959b7bf229 100644
--- a/example/plugins/c-api/verify_cert/verify_cert.cc
+++ b/example/plugins/c-api/verify_cert/verify_cert.cc
@@ -30,7 +30,7 @@
 #include 
 
 #define PLUGIN_NAME "verify_cert"
-#define PCP "[" PLUGIN_NAME "] "
+#define PCP         "[" PLUGIN_NAME "] "
 
 namespace
 {
diff --git a/example/plugins/cpp-api/websocket/WSBuffer.cc b/example/plugins/cpp-api/websocket/WSBuffer.cc
index 3b8a9b39ada..314af2ae797 100644
--- a/example/plugins/cpp-api/websocket/WSBuffer.cc
+++ b/example/plugins/cpp-api/websocket/WSBuffer.cc
@@ -52,7 +52,7 @@
 #endif
 
 #define BASE64_ENCODE_DSTLEN(_length) ((_length * 8) / 6 + 4)
-#define WS_DIGEST_MAX BASE64_ENCODE_DSTLEN(20)
+#define WS_DIGEST_MAX                 BASE64_ENCODE_DSTLEN(20)
 
 static const std::string magic = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11";
 
@@ -146,7 +146,7 @@ WSBuffer::read_buffered_message(std::string &message, int &code)
   if (final) {
     message = msg_buf_;
     message += ws_buf_.substr(pos, msg_len);
-    code = frame;
+    code    = frame;
   } else {
     msg_buf_ += ws_buf_.substr(pos, msg_len);
   }
@@ -222,13 +222,13 @@ WSBuffer::get_frame(size_t len, int code)
 
   int len_len;
   if (len <= 125) {
-    frame += char(len);
+    frame   += char(len);
     len_len = 0;
   } else if (len <= UINT16_MAX) {
-    frame += char(WS_16BIT_LEN);
+    frame   += char(WS_16BIT_LEN);
     len_len = 2;
   } else {
-    frame += char(WS_64BIT_LEN);
+    frame   += char(WS_64BIT_LEN);
     len_len = 8;
   }
   // Convert length to big-endian bytes.
diff --git a/example/plugins/cpp-api/websocket/WSBuffer.h b/example/plugins/cpp-api/websocket/WSBuffer.h
index cf7bdc54b0a..3b3075aecbb 100644
--- a/example/plugins/cpp-api/websocket/WSBuffer.h
+++ b/example/plugins/cpp-api/websocket/WSBuffer.h
@@ -35,13 +35,13 @@ enum ws_frametype {
 };
 typedef enum ws_frametype WS_FRAMETYPE;
 
-#define WS_RSV1 0x40
-#define WS_RSV2 0x20
-#define WS_RSV3 0x10
-#define WS_MASKED 0x80
-#define WS_OPCODE 0x0F
-#define WS_FIN 0x80
-#define WS_LENGTH 0x7F
+#define WS_RSV1      0x40
+#define WS_RSV2      0x20
+#define WS_RSV3      0x10
+#define WS_MASKED    0x80
+#define WS_OPCODE    0x0F
+#define WS_FIN       0x80
+#define WS_LENGTH    0x7F
 #define WS_16BIT_LEN 126
 #define WS_64BIT_LEN 127
 
diff --git a/include/records/I_RecProcess.h b/include/records/I_RecProcess.h
index 13dee87bda8..2df2572be19 100644
--- a/include/records/I_RecProcess.h
+++ b/include/records/I_RecProcess.h
@@ -125,8 +125,8 @@ inline int
 RecIncrRawStat(RecRawStatBlock *rsb, EThread *ethread, int id, int64_t incr)
 {
   RecRawStat *tlp = raw_stat_get_tlp(rsb, id, ethread);
-  tlp->sum += incr;
-  tlp->count += 1;
+  tlp->sum        += incr;
+  tlp->count      += 1;
   return REC_ERR_OKAY;
 }
 
@@ -134,8 +134,8 @@ inline int
 RecDecrRawStat(RecRawStatBlock *rsb, EThread *ethread, int id, int64_t decr)
 {
   RecRawStat *tlp = raw_stat_get_tlp(rsb, id, ethread);
-  tlp->sum -= decr;
-  tlp->count += 1;
+  tlp->sum        -= decr;
+  tlp->count      += 1;
   return REC_ERR_OKAY;
 }
 
@@ -143,7 +143,7 @@ inline int
 RecIncrRawStatSum(RecRawStatBlock *rsb, EThread *ethread, int id, int64_t incr)
 {
   RecRawStat *tlp = raw_stat_get_tlp(rsb, id, ethread);
-  tlp->sum += incr;
+  tlp->sum        += incr;
   return REC_ERR_OKAY;
 }
 
@@ -151,6 +151,6 @@ inline int
 RecIncrRawStatCount(RecRawStatBlock *rsb, EThread *ethread, int id, int64_t incr)
 {
   RecRawStat *tlp = raw_stat_get_tlp(rsb, id, ethread);
-  tlp->count += incr;
+  tlp->count      += incr;
   return REC_ERR_OKAY;
 }
diff --git a/include/records/P_RecDefs.h b/include/records/P_RecDefs.h
index 2721db9a217..32b4b967e82 100644
--- a/include/records/P_RecDefs.h
+++ b/include/records/P_RecDefs.h
@@ -30,27 +30,27 @@
 // We need at least this many internal record entries for our configurations and metrics. Any
 // additional slots in librecords will be allocated to the plugin metrics. These should be
 // updated if we change the internal librecords size significantly.
-#define REC_INTERNAL_RECORDS 1100
+#define REC_INTERNAL_RECORDS    1100
 #define REC_DEFAULT_API_RECORDS 1400
 
 #define REC_CONFIG_UPDATE_INTERVAL_MS 3000
-#define REC_REMOTE_SYNC_INTERVAL_MS 5000
+#define REC_REMOTE_SYNC_INTERVAL_MS   5000
 
 #define REC_RAW_STAT_SYNC_INTERVAL_MS 5000
-#define REC_STAT_UPDATE_INTERVAL_MS 10000
+#define REC_STAT_UPDATE_INTERVAL_MS   10000
 
 //-------------------------------------------------------------------------
 // Record Items
 //-------------------------------------------------------------------------
 
-#define REC_LOCAL_UPDATE_REQUIRED 1
+#define REC_LOCAL_UPDATE_REQUIRED   1
 #define REC_PROCESS_UPDATE_REQUIRED (REC_LOCAL_UPDATE_REQUIRED << 1)
-#define REC_UPDATE_REQUIRED (REC_LOCAL_UPDATE_REQUIRED | REC_PROCESS_UPDATE_REQUIRED)
+#define REC_UPDATE_REQUIRED         (REC_LOCAL_UPDATE_REQUIRED | REC_PROCESS_UPDATE_REQUIRED)
 
 #define REC_DISK_SYNC_REQUIRED 1
 #define REC_PEER_SYNC_REQUIRED (REC_DISK_SYNC_REQUIRED << 1)
 #define REC_INC_CONFIG_VERSION (REC_PEER_SYNC_REQUIRED << 1)
-#define REC_SYNC_REQUIRED (REC_DISK_SYNC_REQUIRED | REC_PEER_SYNC_REQUIRED)
+#define REC_SYNC_REQUIRED      (REC_DISK_SYNC_REQUIRED | REC_PEER_SYNC_REQUIRED)
 
 enum RecEntryT {
   RECE_NULL,
diff --git a/include/records/P_RecUtils.h b/include/records/P_RecUtils.h
index 7da594bda5b..9ee44baec3f 100644
--- a/include/records/P_RecUtils.h
+++ b/include/records/P_RecUtils.h
@@ -74,5 +74,5 @@ void _RecDebug(DiagsLevel dl, const SourceLocation &loc, const char *fmt, ...);
 
 void RecDebugOff();
 
-#define RecLog(level, fmt, ...) _RecLog(level, MakeSourceLocation(), fmt, ##__VA_ARGS__)
+#define RecLog(level, fmt, ...)   _RecLog(level, MakeSourceLocation(), fmt, ##__VA_ARGS__)
 #define RecDebug(level, fmt, ...) _RecDebug(level, MakeSourceLocation(), fmt, ##__VA_ARGS__)
diff --git a/include/shared/rpc/RPCRequests.h b/include/shared/rpc/RPCRequests.h
index 7faaa3e0de2..dd441e46a33 100644
--- a/include/shared/rpc/RPCRequests.h
+++ b/include/shared/rpc/RPCRequests.h
@@ -141,7 +141,7 @@ struct RecordLookupRequest : ClientRequest {
   }
   template 
   void
-  emplace_rec(Args &&... p)
+  emplace_rec(Args &&...p)
   {
     super::params.push_back(Params{std::forward(p)...});
   }
diff --git a/include/ts/apidefs.h.in b/include/ts/apidefs.h.in
index 519bca4d2d6..8ede2bc26a0 100644
--- a/include/ts/apidefs.h.in
+++ b/include/ts/apidefs.h.in
@@ -136,14 +136,14 @@ extern "C" {
 /* clang-format on */
 
 #define TS_HTTP_VERSION(a, b) ((((a)&0xFFFF) << 16) | ((b)&0xFFFF))
-#define TS_HTTP_MINOR(v) ((v)&0xFFFF)
-#define TS_HTTP_MAJOR(v) (((v) >> 16) & 0xFFFF)
+#define TS_HTTP_MINOR(v)      ((v)&0xFFFF)
+#define TS_HTTP_MAJOR(v)      (((v) >> 16) & 0xFFFF)
 
 #ifndef TS_RES_MEM_PATH
 #define __TS_RES_PATH(x) #x
-#define _TS_RES_PATH(x) __TS_RES_PATH(x)
-#define TS_RES_PATH(x) x __FILE__ ":" _TS_RES_PATH(__LINE__)
-#define TS_RES_MEM_PATH TS_RES_PATH("memory/")
+#define _TS_RES_PATH(x)  __TS_RES_PATH(x)
+#define TS_RES_PATH(x)   x __FILE__ ":" _TS_RES_PATH(__LINE__)
+#define TS_RES_MEM_PATH  TS_RES_PATH("memory/")
 #endif
 
 #ifndef TS_DEPRECATED
@@ -1459,7 +1459,7 @@ typedef enum {
   TS_UUID_V5,
 } TSUuidVersion;
 
-#define TS_UUID_STRING_LEN 36
+#define TS_UUID_STRING_LEN   36
 #define TS_CRUUID_STRING_LEN (TS_UUID_STRING_LEN + 19 + 1) /* UUID-len + len(uint64_t) + '-' */
 typedef struct tsapi_uuid *TSUuid;
 
diff --git a/include/ts/experimental.h b/include/ts/experimental.h
index 309909022f7..3e7fe574436 100644
--- a/include/ts/experimental.h
+++ b/include/ts/experimental.h
@@ -97,19 +97,19 @@ tsapi void TSHttpTxnServerRequestBodySet(TSHttpTxn txnp, char *buf, int64_t bufl
 
 /* ===== High Resolution Time ===== */
 #define TS_HRTIME_FOREVER (10 * TS_HRTIME_DECADE)
-#define TS_HRTIME_DECADE (10 * TS_HRTIME_YEAR)
-#define TS_HRTIME_YEAR (365 * TS_HRTIME_DAY + TS_HRTIME_DAY / 4)
-#define TS_HRTIME_WEEK (7 * TS_HRTIME_DAY)
-#define TS_HRTIME_DAY (24 * TS_HRTIME_HOUR)
-#define TS_HRTIME_HOUR (60 * TS_HRTIME_MINUTE)
-#define TS_HRTIME_MINUTE (60 * TS_HRTIME_SECOND)
-#define TS_HRTIME_SECOND (1000 * TS_HRTIME_MSECOND)
+#define TS_HRTIME_DECADE  (10 * TS_HRTIME_YEAR)
+#define TS_HRTIME_YEAR    (365 * TS_HRTIME_DAY + TS_HRTIME_DAY / 4)
+#define TS_HRTIME_WEEK    (7 * TS_HRTIME_DAY)
+#define TS_HRTIME_DAY     (24 * TS_HRTIME_HOUR)
+#define TS_HRTIME_HOUR    (60 * TS_HRTIME_MINUTE)
+#define TS_HRTIME_MINUTE  (60 * TS_HRTIME_SECOND)
+#define TS_HRTIME_SECOND  (1000 * TS_HRTIME_MSECOND)
 #define TS_HRTIME_MSECOND (1000 * TS_HRTIME_USECOND)
 #define TS_HRTIME_USECOND (1000 * TS_HRTIME_NSECOND)
 #define TS_HRTIME_NSECOND (1LL)
 
 #define TS_HRTIME_APPROX_SECONDS(_x) ((_x) >> 30) /*  off by 7.3% */
-#define TS_HRTIME_APPROX_FACTOR (((float)(1 << 30)) / (((float)HRTIME_SECOND)))
+#define TS_HRTIME_APPROX_FACTOR      (((float)(1 << 30)) / (((float)HRTIME_SECOND)))
 
 /*
 ////////////////////////////////////////////////////////////////////
@@ -118,12 +118,12 @@ tsapi void TSHttpTxnServerRequestBodySet(TSHttpTxn txnp, char *buf, int64_t bufl
 //
 ////////////////////////////////////////////////////////////////////
 */
-#define TS_HRTIME_YEARS(_x) ((_x)*TS_HRTIME_YEAR)
-#define TS_HRTIME_WEEKS(_x) ((_x)*TS_HRTIME_WEEK)
-#define TS_HRTIME_DAYS(_x) ((_x)*TS_HRTIME_DAY)
-#define TS_HRTIME_HOURS(_x) ((_x)*TS_HRTIME_HOUR)
-#define TS_HRTIME_MINUTES(_x) ((_x)*TS_HRTIME_MINUTE)
-#define TS_HRTIME_SECONDS(_x) ((_x)*TS_HRTIME_SECOND)
+#define TS_HRTIME_YEARS(_x)    ((_x)*TS_HRTIME_YEAR)
+#define TS_HRTIME_WEEKS(_x)    ((_x)*TS_HRTIME_WEEK)
+#define TS_HRTIME_DAYS(_x)     ((_x)*TS_HRTIME_DAY)
+#define TS_HRTIME_HOURS(_x)    ((_x)*TS_HRTIME_HOUR)
+#define TS_HRTIME_MINUTES(_x)  ((_x)*TS_HRTIME_MINUTE)
+#define TS_HRTIME_SECONDS(_x)  ((_x)*TS_HRTIME_SECOND)
 #define TS_HRTIME_MSECONDS(_x) ((_x)*TS_HRTIME_MSECOND)
 #define TS_HRTIME_USECONDS(_x) ((_x)*TS_HRTIME_USECOND)
 #define TS_HRTIME_NSECONDS(_x) ((_x)*TS_HRTIME_NSECOND)
@@ -335,13 +335,13 @@ tsapi TSReturnCode TSMgmtConfigFileAdd(const char *parent, const char *fileName)
  * Interfaces used by Wireless group
  * ---------------------------------------------------------------------- */
 
-#define TS_NET_EVENT_DATAGRAM_READ_COMPLETE TS_EVENT_INTERNAL_206
-#define TS_NET_EVENT_DATAGRAM_READ_ERROR TS_EVENT_INTERNAL_207
+#define TS_NET_EVENT_DATAGRAM_READ_COMPLETE  TS_EVENT_INTERNAL_206
+#define TS_NET_EVENT_DATAGRAM_READ_ERROR     TS_EVENT_INTERNAL_207
 #define TS_NET_EVENT_DATAGRAM_WRITE_COMPLETE TS_EVENT_INTERNAL_208
-#define TS_NET_EVENT_DATAGRAM_WRITE_ERROR TS_EVENT_INTERNAL_209
-#define TS_NET_EVENT_DATAGRAM_READ_READY TS_EVENT_INTERNAL_210
-#define TS_NET_EVENT_DATAGRAM_OPEN TS_EVENT_INTERNAL_211
-#define TS_NET_EVENT_DATAGRAM_ERROR TS_EVENT_INTERNAL_212
+#define TS_NET_EVENT_DATAGRAM_WRITE_ERROR    TS_EVENT_INTERNAL_209
+#define TS_NET_EVENT_DATAGRAM_READ_READY     TS_EVENT_INTERNAL_210
+#define TS_NET_EVENT_DATAGRAM_OPEN           TS_EVENT_INTERNAL_211
+#define TS_NET_EVENT_DATAGRAM_ERROR          TS_EVENT_INTERNAL_212
 
 /**
  * Extended FetchSM's AIPs
diff --git a/include/ts/remap.h b/include/ts/remap.h
index 49a38e019c6..2d3d31b8e10 100644
--- a/include/ts/remap.h
+++ b/include/ts/remap.h
@@ -31,8 +31,8 @@
 extern "C" {
 #endif /* __cplusplus */
 
-#define TSREMAP_VMAJOR 3 /* major version number */
-#define TSREMAP_VMINOR 0 /* minor version number */
+#define TSREMAP_VMAJOR  3 /* major version number */
+#define TSREMAP_VMINOR  0 /* minor version number */
 #define TSREMAP_VERSION ((TSREMAP_VMAJOR << 16) | TSREMAP_VMINOR)
 
 typedef struct _tsremap_api_info {
diff --git a/include/ts/sdt.h b/include/ts/sdt.h
index 68f8d926af8..9072723caf3 100644
--- a/include/ts/sdt.h
+++ b/include/ts/sdt.h
@@ -27,8 +27,8 @@
 
 #include 
 
-#define ATS_PROBE(probe) DTRACE_PROBE(trafficserver, probe)
-#define ATS_PROBE1(probe, param1) DTRACE_PROBE1(trafficserver, probe, param1)
+#define ATS_PROBE(probe)                  DTRACE_PROBE(trafficserver, probe)
+#define ATS_PROBE1(probe, param1)         DTRACE_PROBE1(trafficserver, probe, param1)
 #define ATS_PROBE2(probe, param1, param2) DTRACE_PROBE2(trafficserver, probe, param1, param2)
 
 #else
diff --git a/include/ts/ts.h b/include/ts/ts.h
index 3cda607958e..d3f5a6d6153 100644
--- a/include/ts/ts.h
+++ b/include/ts/ts.h
@@ -38,13 +38,13 @@ extern "C" {
 
 /* --------------------------------------------------------------------------
    Memory */
-#define TSmalloc(s) _TSmalloc((s), TS_RES_MEM_PATH)
-#define TSrealloc(p, s) _TSrealloc((p), (s), TS_RES_MEM_PATH)
-#define TSstrdup(p) _TSstrdup((p), -1, TS_RES_MEM_PATH)
-#define TSstrndup(p, n) _TSstrdup((p), (n), TS_RES_MEM_PATH)
+#define TSmalloc(s)        _TSmalloc((s), TS_RES_MEM_PATH)
+#define TSrealloc(p, s)    _TSrealloc((p), (s), TS_RES_MEM_PATH)
+#define TSstrdup(p)        _TSstrdup((p), -1, TS_RES_MEM_PATH)
+#define TSstrndup(p, n)    _TSstrdup((p), (n), TS_RES_MEM_PATH)
 #define TSstrlcpy(d, s, l) _TSstrlcpy((d), (s), (l))
 #define TSstrlcat(d, s, l) _TSstrlcat((d), (s), (l))
-#define TSfree(p) _TSfree(p)
+#define TSfree(p)          _TSfree(p)
 
 tsapi void *_TSmalloc(size_t size, const char *path);
 tsapi void *_TSrealloc(void *ptr, size_t size, const char *path);
@@ -1301,9 +1301,11 @@ tsapi TSReturnCode TSSslClientCertUpdate(const char *cert_path, const char *key_
 tsapi TSReturnCode TSSslServerCertUpdate(const char *cert_path, const char *key_path);
 
 /* Update the transient secret table for SSL_CTX loading */
-tsapi TSReturnCode TSSslSecretSet(const char *secret_name, int secret_name_length, const char *secret_data, int secret_data_len);
-tsapi TSReturnCode TSSslSecretGet(const char *secret_name, int secret_name_length, const char **secret_data_return,
-                                  int *secret_data_len);
+tsapi TSReturnCode TSSslSecretSet(const char *secret_name, int secret_name_length, const char *secret_data, int secret_data_length);
+
+/* Returns secret with given name (not null terminted).  If there is no secret with the given name, return value will
+** be null and secret_data_lenght will be zero.  Calling code must free data buffer by calling TSfree(). */
+tsapi char *TSSslSecretGet(const char *secret_name, int secret_name_length, int *secret_data_length);
 
 tsapi TSReturnCode TSSslSecretUpdate(const char *secret_name, int secret_name_length);
 
diff --git a/include/tscore/AcidPtr.h b/include/tscore/AcidPtr.h
index bc4fc6fdab2..74f10d9e854 100644
--- a/include/tscore/AcidPtr.h
+++ b/include/tscore/AcidPtr.h
@@ -102,7 +102,7 @@ template  class AcidPtr
   std::shared_ptr data_ptr;
 
 public:
-  AcidPtr(const AcidPtr &) = delete;
+  AcidPtr(const AcidPtr &)            = delete;
   AcidPtr &operator=(const AcidPtr &) = delete;
 
   AcidPtr() : data_ptr(new T()) {}
@@ -165,8 +165,8 @@ template  class AcidCommitPtr : public std::unique_ptr
   AcidPtr &data;           // data location
 
 public:
-  AcidCommitPtr()                      = delete;
-  AcidCommitPtr(const AcidCommitPtr &) = delete;
+  AcidCommitPtr()                                    = delete;
+  AcidCommitPtr(const AcidCommitPtr &)               = delete;
   AcidCommitPtr &operator=(const AcidCommitPtr &) = delete;
 
   AcidCommitPtr(AcidPtr &data_ptr) : commit_lock(AcidCommitMutexGet(&data_ptr)), data(data_ptr)
diff --git a/include/tscore/Allocator.h b/include/tscore/Allocator.h
index 00e1ce6a801..309dd571273 100644
--- a/include/tscore/Allocator.h
+++ b/include/tscore/Allocator.h
@@ -240,7 +240,7 @@ template 
   C *
-  alloc(Args &&... args)
+  alloc(Args &&...args)
   {
     void *ptr = this->alloc_void();
 
diff --git a/include/tscore/Arena.h b/include/tscore/Arena.h
index 4a456db82bf..9978f773b28 100644
--- a/include/tscore/Arena.h
+++ b/include/tscore/Arena.h
@@ -105,7 +105,7 @@ Arena::str_alloc(size_t len)
 
   while (tmp >= 128) {
     size += 1;
-    tmp /= 128;
+    tmp  /= 128;
   }
 
   mem = (unsigned char *)alloc(size, 1);
@@ -116,7 +116,7 @@ Arena::str_alloc(size_t len)
 
   while (tmp >= 128) {
     *p-- = (unsigned char)(255 - (tmp % 128));
-    tmp /= 128;
+    tmp  /= 128;
   }
   *p = (unsigned char)tmp;
 
diff --git a/include/tscore/BaseLogFile.h b/include/tscore/BaseLogFile.h
index aad473586d1..ed325fbec67 100644
--- a/include/tscore/BaseLogFile.h
+++ b/include/tscore/BaseLogFile.h
@@ -41,8 +41,8 @@
 
 #define LOGFILE_ROLLED_EXTENSION ".old"
 #define LOGFILE_SEPARATOR_STRING "_"
-#define LOGFILE_DEFAULT_PERMS (0644)
-#define LOGFILE_ROLL_MAXPATHLEN 4096
+#define LOGFILE_DEFAULT_PERMS    (0644)
+#define LOGFILE_ROLL_MAXPATHLEN  4096
 #define BASELOGFILE_DEBUG_MODE \
   0 // change this to 1 to enable debug messages
     // TODO find a way to enable this from autotools
@@ -166,7 +166,7 @@ class BaseLogFile
 {
 public:
   // member functions
-  BaseLogFile()        = delete;
+  BaseLogFile()                               = delete;
   BaseLogFile &operator=(const BaseLogFile &) = delete;
   BaseLogFile(const char *name);
   BaseLogFile(const char *name, uint64_t sig);
diff --git a/include/tscore/BufferWriter.h b/include/tscore/BufferWriter.h
index 0d1758ab29f..f58dbcf13c7 100644
--- a/include/tscore/BufferWriter.h
+++ b/include/tscore/BufferWriter.h
@@ -186,14 +186,14 @@ class BufferWriter
       "{} {1} {}", and "{0} {1} {2}" are equivalent. Using an explicit index does not reset the
       position of subsequent substitutions, therefore "{} {0} {}" is equivalent to "{0} {0} {2}".
   */
-  template  BufferWriter &print(TextView fmt, Rest &&... rest);
+  template  BufferWriter &print(TextView fmt, Rest &&...rest);
   /** Print overload to take arguments as a tuple instead of explicitly.
       This is useful for forwarding variable arguments from other functions / methods.
   */
   template  BufferWriter &printv(TextView fmt, std::tuple const &args);
 
   /// Print using a preparsed @a fmt.
-  template  BufferWriter &print(BWFormat const &fmt, Args &&... args);
+  template  BufferWriter &print(BWFormat const &fmt, Args &&...args);
   /** Print overload to take arguments as a tuple instead of explicitly.
       This is useful for forwarding variable arguments from other functions / methods.
   */
@@ -233,10 +233,10 @@ class FixedBufferWriter : public BufferWriter
    */
   FixedBufferWriter(std::nullptr_t);
 
-  FixedBufferWriter(const FixedBufferWriter &) = delete;
+  FixedBufferWriter(const FixedBufferWriter &)            = delete;
   FixedBufferWriter &operator=(const FixedBufferWriter &) = delete;
   FixedBufferWriter(FixedBufferWriter &&)                 = delete;
-  FixedBufferWriter &operator=(FixedBufferWriter &&) = delete;
+  FixedBufferWriter &operator=(FixedBufferWriter &&)      = delete;
 
   FixedBufferWriter(swoc::MemSpan &span) : _buf(span.begin()), _capacity(static_cast(span.size())) {}
 
@@ -395,9 +395,9 @@ class FixedBufferWriter : public BufferWriter
   ssize_t operator>>(int fd) const override;
 
   // Overrides for co-variance
-  template  self_type &print(TextView fmt, Rest &&... rest);
+  template  self_type &print(TextView fmt, Rest &&...rest);
   template  self_type &printv(TextView fmt, std::tuple const &args);
-  template  self_type &print(BWFormat const &fmt, Args &&... args);
+  template  self_type &print(BWFormat const &fmt, Args &&...args);
   template  self_type &printv(BWFormat const &fmt, std::tuple const &args);
 
 protected:
@@ -530,7 +530,9 @@ namespace bw_fmt
   /// @a TUPLE.  Due to language limitations it cannot be done directly. The formatters can be
   /// accessed via standard array access in contrast to templated tuple access. The actual array is
   /// static and therefore at run time the only operation is loading the address of the array.
-  template  ArgFormatterSignature *Get_Arg_Formatter_Array(std::index_sequence)
+  template 
+  ArgFormatterSignature *
+  Get_Arg_Formatter_Array(std::index_sequence)
   {
     static ArgFormatterSignature fa[sizeof...(N)] = {&bw_fmt::Arg_Formatter...};
     return fa;
@@ -609,7 +611,7 @@ class BWFormat
 
 template 
 BufferWriter &
-BufferWriter::print(TextView fmt, Args &&... args)
+BufferWriter::print(TextView fmt, Args &&...args)
 {
   return this->printv(fmt, std::forward_as_tuple(args...));
 }
@@ -670,7 +672,7 @@ BufferWriter::printv(TextView fmt, std::tuple const &args)
 
 template 
 BufferWriter &
-BufferWriter::print(BWFormat const &fmt, Args &&... args)
+BufferWriter::print(BWFormat const &fmt, Args &&...args)
 {
   return this->printv(fmt, std::forward_as_tuple(args...));
 }
@@ -865,7 +867,7 @@ bwprintv(std::string &s, ts::TextView fmt, std::tuple const &args)
 
 template 
 std::string &
-bwprint(std::string &s, ts::TextView fmt, Args &&... args)
+bwprint(std::string &s, ts::TextView fmt, Args &&...args)
 {
   return bwprintv(s, fmt, std::forward_as_tuple(args...));
 }
@@ -880,7 +882,7 @@ inline FixedBufferWriter::FixedBufferWriter(char *buffer, size_t capacity) : _bu
 
 template 
 inline auto
-FixedBufferWriter::print(TextView fmt, Args &&... args) -> self_type &
+FixedBufferWriter::print(TextView fmt, Args &&...args) -> self_type &
 {
   return static_cast(this->super_type::printv(fmt, std::forward_as_tuple(args...)));
 }
@@ -894,7 +896,7 @@ FixedBufferWriter::printv(TextView fmt, std::tuple const &args) -> self
 
 template 
 inline auto
-FixedBufferWriter::print(BWFormat const &fmt, Args &&... args) -> self_type &
+FixedBufferWriter::print(BWFormat const &fmt, Args &&...args) -> self_type &
 {
   return static_cast(this->super_type::printv(fmt, std::forward_as_tuple(args...)));
 }
diff --git a/include/tscore/Diags.h b/include/tscore/Diags.h
index d87baec412c..7e2b872fb2d 100644
--- a/include/tscore/Diags.h
+++ b/include/tscore/Diags.h
@@ -82,12 +82,12 @@ diags()
     DiagsError_log_message.message(LEVEL, DiagsError_loc, __VA_ARGS__); \
   } while (false)
 
-#define Status(...) DiagsError(DL_Status, __VA_ARGS__)       // Log information
-#define Note(...) DiagsError(DL_Note, __VA_ARGS__)           // Log significant information
-#define Warning(...) DiagsError(DL_Warning, __VA_ARGS__)     // Log concerning information
-#define Error(...) DiagsError(DL_Error, __VA_ARGS__)         // Log operational failure, fail CI
-#define Fatal(...) DiagsError(DL_Fatal, __VA_ARGS__)         // Log recoverable crash, fail CI, exit & allow restart
-#define Alert(...) DiagsError(DL_Alert, __VA_ARGS__)         // Log recoverable crash, fail CI, exit & restart, Ops attention
+#define Status(...)    DiagsError(DL_Status, __VA_ARGS__)    // Log information
+#define Note(...)      DiagsError(DL_Note, __VA_ARGS__)      // Log significant information
+#define Warning(...)   DiagsError(DL_Warning, __VA_ARGS__)   // Log concerning information
+#define Error(...)     DiagsError(DL_Error, __VA_ARGS__)     // Log operational failure, fail CI
+#define Fatal(...)     DiagsError(DL_Fatal, __VA_ARGS__)     // Log recoverable crash, fail CI, exit & allow restart
+#define Alert(...)     DiagsError(DL_Alert, __VA_ARGS__)     // Log recoverable crash, fail CI, exit & restart, Ops attention
 #define Emergency(...) DiagsError(DL_Emergency, __VA_ARGS__) // Log unrecoverable crash, fail CI, exit, Ops attention
 
 /** Apply throttling to a log site.
@@ -108,10 +108,10 @@ diags()
     STDE_log_message.message(LEVEL, STDE_loc, __VA_ARGS__);      \
   } while (false)
 
-#define SiteThrottledStatus(...) SiteThrottledDiagsError(DL_Status, __VA_ARGS__)   // Log information
-#define SiteThrottledNote(...) SiteThrottledDiagsError(DL_Note, __VA_ARGS__)       // Log significant information
+#define SiteThrottledStatus(...)  SiteThrottledDiagsError(DL_Status, __VA_ARGS__)  // Log information
+#define SiteThrottledNote(...)    SiteThrottledDiagsError(DL_Note, __VA_ARGS__)    // Log significant information
 #define SiteThrottledWarning(...) SiteThrottledDiagsError(DL_Warning, __VA_ARGS__) // Log concerning information
-#define SiteThrottledError(...) SiteThrottledDiagsError(DL_Error, __VA_ARGS__)     // Log operational failure, fail CI
+#define SiteThrottledError(...)   SiteThrottledDiagsError(DL_Error, __VA_ARGS__)   // Log operational failure, fail CI
 #define SiteThrottledFatal(...) \
   SiteThrottledDiagsError(DL_Fatal, __VA_ARGS__) // Log recoverable crash, fail CI, exit & allow restart
 #define SiteThrottledAlert(...) \
@@ -126,12 +126,12 @@ diags()
     DiagsErrorV_log_message.message_va(LEVEL, DiagsErrorV_loc, FMT, AP); \
   } while (false)
 
-#define StatusV(fmt, ap) DiagsErrorV(DL_Status, fmt, ap)
-#define NoteV(fmt, ap) DiagsErrorV(DL_Note, fmt, ap)
-#define WarningV(fmt, ap) DiagsErrorV(DL_Warning, fmt, ap)
-#define ErrorV(fmt, ap) DiagsErrorV(DL_Error, fmt, ap)
-#define FatalV(fmt, ap) DiagsErrorV(DL_Fatal, fmt, ap)
-#define AlertV(fmt, ap) DiagsErrorV(DL_Alert, fmt, ap)
+#define StatusV(fmt, ap)    DiagsErrorV(DL_Status, fmt, ap)
+#define NoteV(fmt, ap)      DiagsErrorV(DL_Note, fmt, ap)
+#define WarningV(fmt, ap)   DiagsErrorV(DL_Warning, fmt, ap)
+#define ErrorV(fmt, ap)     DiagsErrorV(DL_Error, fmt, ap)
+#define FatalV(fmt, ap)     DiagsErrorV(DL_Fatal, fmt, ap)
+#define AlertV(fmt, ap)     DiagsErrorV(DL_Alert, fmt, ap)
 #define EmergencyV(fmt, ap) DiagsErrorV(DL_Emergency, fmt, ap)
 
 /** See the comment above SiteThrottledDiagsError for an explanation of how the
@@ -143,12 +143,12 @@ diags()
     STDEV_log_message.message_va(LEVEL, STDEV_loc, FMT, AP);      \
   } while (false)
 
-#define SiteThrottledStatusV(fmt, ap) SiteThrottledDiagsErrorV(DL_Status, fmt, ap)
-#define SiteThrottledNoteV(fmt, ap) SiteThrottledDiagsErrorV(DL_Note, fmt, ap)
-#define SiteThrottledWarningV(fmt, ap) SiteThrottledDiagsErrorV(DL_Warning, fmt, ap)
-#define SiteThrottledErrorV(fmt, ap) SiteThrottledDiagsErrorV(DL_Error, fmt, ap)
-#define SiteThrottledFatalV(fmt, ap) SiteThrottledDiagsErrorV(DL_Fatal, fmt, ap)
-#define SiteThrottledAlertV(fmt, ap) SiteThrottledDiagsErrorV(DL_Alert, fmt, ap)
+#define SiteThrottledStatusV(fmt, ap)    SiteThrottledDiagsErrorV(DL_Status, fmt, ap)
+#define SiteThrottledNoteV(fmt, ap)      SiteThrottledDiagsErrorV(DL_Note, fmt, ap)
+#define SiteThrottledWarningV(fmt, ap)   SiteThrottledDiagsErrorV(DL_Warning, fmt, ap)
+#define SiteThrottledErrorV(fmt, ap)     SiteThrottledDiagsErrorV(DL_Error, fmt, ap)
+#define SiteThrottledFatalV(fmt, ap)     SiteThrottledDiagsErrorV(DL_Fatal, fmt, ap)
+#define SiteThrottledAlertV(fmt, ap)     SiteThrottledDiagsErrorV(DL_Alert, fmt, ap)
 #define SiteThrottledEmergencyV(fmt, ap) SiteThrottledDiagsErrorV(DL_Emergency, fmt, ap)
 
 #if TS_USE_DIAGS
@@ -243,10 +243,10 @@ is_dbg_ctl_enabled(DbgCtl const &ctl)
     }                                               \
   } while (false)
 
-#define is_action_tag_set(_t) unlikely(diags()->on(_t, DiagsTagType_Action))
-#define debug_tag_assert(_t, _a) (is_debug_tag_set(_t) ? (ink_release_assert(_a), 0) : 0)
+#define is_action_tag_set(_t)     unlikely(diags()->on(_t, DiagsTagType_Action))
+#define debug_tag_assert(_t, _a)  (is_debug_tag_set(_t) ? (ink_release_assert(_a), 0) : 0)
 #define action_tag_assert(_t, _a) (is_action_tag_set(_t) ? (ink_release_assert(_a), 0) : 0)
-#define is_diags_on(_t) is_debug_tag_set(_t) // Deprecated.
+#define is_diags_on(_t)           is_debug_tag_set(_t) // Deprecated.
 
 #else // TS_USE_DIAGS
 
@@ -255,10 +255,10 @@ is_dbg_ctl_enabled(DbgCtl const &ctl)
 #define Debug(...)
 #define SpecificDbg(...)
 
-#define is_debug_tag_set(_t) 0
-#define is_action_tag_set(_t) 0
+#define is_debug_tag_set(_t)      0
+#define is_action_tag_set(_t)     0
 #define debug_tag_assert(_t, _a)  /**/
 #define action_tag_assert(_t, _a) /**/
-#define is_diags_on(_t) 0
+#define is_diags_on(_t)           0
 
 #endif // TS_USE_DIAGS
diff --git a/include/tscore/Errata.h b/include/tscore/Errata.h
index 227a9456a02..c320664056e 100644
--- a/include/tscore/Errata.h
+++ b/include/tscore/Errata.h
@@ -194,7 +194,7 @@ class Errata
       to strings and concatenated to form the message text.
       @return A reference to this object.
   */
-  template  self &push(Id id, Code code, Args const &... args);
+  template  self &push(Id id, Code code, Args const &...args);
 
   /** Push a nested status.
       @a err becomes the top item.
@@ -403,7 +403,7 @@ struct Errata::Message {
   template 
   Message(Id id,     ///< Message Id.
           Code code, ///< Message Code.
-          Args const &... text);
+          Args const &...text);
 
   /// Reset to the message to default state.
   self &clear();
@@ -470,7 +470,7 @@ struct Errata::Message {
 
   static SuccessTest const DEFAULT_SUCCESS_TEST;
 
-  template  static std::string stringify(Args const &... items);
+  template  static std::string stringify(Args const &...items);
 
   Id m_id     = 0;            ///< Message ID.
   Code m_code = Default_Code; ///< Message code.
@@ -740,7 +740,7 @@ inline Errata::Message::Message(std::string const &text) : m_text(text) {}
 inline Errata::Message::Message(Id id, std::string const &text) : m_id(id), m_text(text) {}
 inline Errata::Message::Message(Id id, Code code, std::string const &text) : m_id(id), m_code(code), m_text(text) {}
 template 
-Errata::Message::Message(Id id, Code code, Args const &... text) : m_id(id), m_code(code), m_text(stringify(text...))
+Errata::Message::Message(Id id, Code code, Args const &...text) : m_id(id), m_code(code), m_text(stringify(text...))
 {
 }
 
@@ -804,7 +804,7 @@ Errata::Message::set(Errata const &err)
 
 template 
 std::string
-Errata::Message::stringify(Args const &... items)
+Errata::Message::stringify(Args const &...items)
 {
   std::ostringstream s;
   (void)(int[]){0, ((s << items), 0)...};
@@ -871,7 +871,7 @@ Errata::push(Id id, Code code, std::string const &text)
 
 template 
 auto
-Errata::push(Id id, Code code, Args const &... args) -> self &
+Errata::push(Id id, Code code, Args const &...args) -> self &
 {
   this->push(Message(id, code, args...));
   return *this;
diff --git a/include/tscore/Extendible.h b/include/tscore/Extendible.h
index 2cae57f9c79..723256debd5 100644
--- a/include/tscore/Extendible.h
+++ b/include/tscore/Extendible.h
@@ -53,10 +53,19 @@
 
 //////////////////////////////////////////
 /// SUPPORT MACRO
-#define DEF_EXT_NEW_DEL(cls)                                               \
-  void *operator new(size_t sz) { return ats_malloc(ext::sizeOf()); } \
-  void *operator new(size_t sz, void *ptr) { return ptr; }                 \
-  void operator delete(void *ptr) { free(ptr); }
+#define DEF_EXT_NEW_DEL(cls)               \
+  void *operator new(size_t sz)            \
+  {                                        \
+    return ats_malloc(ext::sizeOf()); \
+  }                                        \
+  void *operator new(size_t sz, void *ptr) \
+  {                                        \
+    return ptr;                            \
+  }                                        \
+  void operator delete(void *ptr)          \
+  {                                        \
+    free(ptr);                             \
+  }
 
 //////////////////////////////////////////
 /// HELPER CLASSES
@@ -233,9 +242,9 @@ template  class Extendible
 // define the static schema per derived type
 template  details::Schema Extendible::schema;
 
-//####################################################
-//####################################################
-// UTILITY Functions
+// ####################################################
+// ####################################################
+//  UTILITY Functions
 
 //////////////////////////////////////////////////////
 /// HexToString function for serializing untyped C storage
@@ -269,9 +278,9 @@ serializeField(std::ostream &os, Field_t const &f)
     os << f;
   }
 }
-//####################################################
-//####################################################
-//####################################################
+// ####################################################
+// ####################################################
+// ####################################################
 
 /////////////////////////////////////////////////////////////////////
 // FieldId
@@ -283,7 +292,7 @@ template  class FieldId
   bool isValid() const;
   FieldId(ext::details::FieldDesc const &);
   FieldId() {}
-  FieldId(FieldId const &) = default;
+  FieldId(FieldId const &)            = default;
   FieldId &operator=(FieldId const &) = default;
 };
 
@@ -448,10 +457,10 @@ FieldId::isValid() const
   return desc != nullptr;
 }
 
-//####################################################
-//####################################################
-//####################################################
-// Functional API for Extendible Field Access
+// ####################################################
+// ####################################################
+// ####################################################
+//  Functional API for Extendible Field Access
 //
 
 ////////////////////////////////////////////////////
@@ -637,7 +646,7 @@ namespace details
 // allocate and initialize an extendible data structure
 template 
 Derived_t *
-create(Args &&... args)
+create(Args &&...args)
 {
   // don't instantiate until all Fields are finalized.
   ink_assert(ext::details::areFieldsFinalized());
diff --git a/include/tscore/HTTPVersion.h b/include/tscore/HTTPVersion.h
index b6e3b66f32f..6425c2d6675 100644
--- a/include/tscore/HTTPVersion.h
+++ b/include/tscore/HTTPVersion.h
@@ -27,7 +27,7 @@ class HTTPVersion
 {
 public:
   HTTPVersion() {}
-  HTTPVersion(HTTPVersion const &that) = default;
+  HTTPVersion(HTTPVersion const &that)        = default;
   HTTPVersion &operator=(const HTTPVersion &) = default;
 
   explicit HTTPVersion(int version);
diff --git a/include/tscore/History.h b/include/tscore/History.h
index 203e08a38ad..3a91d7adac2 100644
--- a/include/tscore/History.h
+++ b/include/tscore/History.h
@@ -26,8 +26,8 @@
 #include "tscore/SourceLocation.h"
 #include "tscore/ink_memory.h"
 
-#define NO_REENTRANT 99999
-#define NO_EVENT NO_REENTRANT
+#define NO_REENTRANT         99999
+#define NO_EVENT             NO_REENTRANT
 #define HISTORY_DEFAULT_SIZE 65
 
 struct HistoryEntry {
diff --git a/include/tscore/InkErrno.h b/include/tscore/InkErrno.h
index 3b6a89d5e81..85e135359c2 100644
--- a/include/tscore/InkErrno.h
+++ b/include/tscore/InkErrno.h
@@ -32,30 +32,30 @@
 
 #define INK_START_ERRNO 20000
 
-#define SOCK_ERRNO INK_START_ERRNO
-#define NET_ERRNO INK_START_ERRNO + 100
+#define SOCK_ERRNO  INK_START_ERRNO
+#define NET_ERRNO   INK_START_ERRNO + 100
 #define CACHE_ERRNO INK_START_ERRNO + 400
-#define HTTP_ERRNO INK_START_ERRNO + 600
+#define HTTP_ERRNO  INK_START_ERRNO + 600
 
-#define ENET_THROTTLING (NET_ERRNO + 1)
-#define ENET_CONNECT_TIMEOUT (NET_ERRNO + 2)
-#define ENET_CONNECT_FAILED (NET_ERRNO + 3)
+#define ENET_THROTTLING         (NET_ERRNO + 1)
+#define ENET_CONNECT_TIMEOUT    (NET_ERRNO + 2)
+#define ENET_CONNECT_FAILED     (NET_ERRNO + 3)
 #define ENET_SSL_CONNECT_FAILED (NET_ERRNO + 4)
-#define ENET_SSL_FAILED (NET_ERRNO + 5)
+#define ENET_SSL_FAILED         (NET_ERRNO + 5)
 
-#define ESOCK_DENIED (SOCK_ERRNO + 0)
-#define ESOCK_TIMEOUT (SOCK_ERRNO + 1)
+#define ESOCK_DENIED              (SOCK_ERRNO + 0)
+#define ESOCK_TIMEOUT             (SOCK_ERRNO + 1)
 #define ESOCK_NO_SOCK_SERVER_CONN (SOCK_ERRNO + 2)
 
-#define ECACHE_NO_DOC (CACHE_ERRNO + 0)
-#define ECACHE_DOC_BUSY (CACHE_ERRNO + 1)
-#define ECACHE_DIR_BAD (CACHE_ERRNO + 2)
-#define ECACHE_BAD_META_DATA (CACHE_ERRNO + 3)
-#define ECACHE_READ_FAIL (CACHE_ERRNO + 4)
-#define ECACHE_WRITE_FAIL (CACHE_ERRNO + 5)
+#define ECACHE_NO_DOC           (CACHE_ERRNO + 0)
+#define ECACHE_DOC_BUSY         (CACHE_ERRNO + 1)
+#define ECACHE_DIR_BAD          (CACHE_ERRNO + 2)
+#define ECACHE_BAD_META_DATA    (CACHE_ERRNO + 3)
+#define ECACHE_READ_FAIL        (CACHE_ERRNO + 4)
+#define ECACHE_WRITE_FAIL       (CACHE_ERRNO + 5)
 #define ECACHE_MAX_ALT_EXCEEDED (CACHE_ERRNO + 6)
-#define ECACHE_NOT_READY (CACHE_ERRNO + 7)
-#define ECACHE_ALT_MISS (CACHE_ERRNO + 8)
+#define ECACHE_NOT_READY        (CACHE_ERRNO + 7)
+#define ECACHE_ALT_MISS         (CACHE_ERRNO + 8)
 #define ECACHE_BAD_READ_REQUEST (CACHE_ERRNO + 9)
 
 #define EHTTP_ERROR (HTTP_ERRNO + 0)
diff --git a/include/tscore/IntrusiveHashMap.h b/include/tscore/IntrusiveHashMap.h
index 83bad931b71..bbf90a77ccb 100644
--- a/include/tscore/IntrusiveHashMap.h
+++ b/include/tscore/IntrusiveHashMap.h
@@ -302,14 +302,15 @@ template  class IntrusiveHashMap
   size_t _expansion_limit{DEFAULT_EXPANSION_LIMIT};            ///< Limit value for expansion.
 
   // noncopyable
-  IntrusiveHashMap(const IntrusiveHashMap &) = delete;
+  IntrusiveHashMap(const IntrusiveHashMap &)            = delete;
   IntrusiveHashMap &operator=(const IntrusiveHashMap &) = delete;
 
   // Hash table size prime list.
-  static constexpr std::array PRIME = {{1,        3,        7,         13,        31,       61,      127,     251,
-                                                    509,      1021,     2039,      4093,      8191,     16381,   32749,   65521,
-                                                    131071,   262139,   524287,    1048573,   2097143,  4194301, 8388593, 16777213,
-                                                    33554393, 67108859, 134217689, 268435399, 536870909}};
+  static constexpr std::array PRIME = {
+    {1, 3, 7, 13, 31, 61, 127, 251, 509, 1021,
+     2039, 4093, 8191, 16381, 32749, 65521, 131071, 262139, 524287, 1048573,
+     2097143, 4194301, 8388593, 16777213, 33554393, 67108859, 134217689, 268435399, 536870909}
+  };
 };
 
 template 
diff --git a/include/tscore/IpMap.h b/include/tscore/IpMap.h
index 4268afa9cd4..72c54482ee4 100644
--- a/include/tscore/IpMap.h
+++ b/include/tscore/IpMap.h
@@ -201,7 +201,7 @@ class IpMap
   ~IpMap(); ///< Destructor.
 
   self_type &operator=(self_type const &that) = delete;
-  self_type &operator                         =(self_type &&that);
+  self_type &operator=(self_type &&that);
 
   /** Mark a range.
       All addresses in the range [ @a min , @a max ] are marked with @a data.
diff --git a/include/tscore/List.h b/include/tscore/List.h
index db5a8bca23c..695fd4715ad 100644
--- a/include/tscore/List.h
+++ b/include/tscore/List.h
@@ -150,9 +150,15 @@ template  struct Link : public SLink {
     static _c *&next_link(_c *c);            \
     static _c *&prev_link(_c *c);            \
   };
-#define LINK_DEFINITION(_c, _f)                                           \
-  inline _c *&Link##_##_c##_##_f::next_link(_c *c) { return c->_f.next; } \
-  inline _c *&Link##_##_c##_##_f::prev_link(_c *c) { return c->_f.prev; }
+#define LINK_DEFINITION(_c, _f)                    \
+  inline _c *&Link##_##_c##_##_f::next_link(_c *c) \
+  {                                                \
+    return c->_f.next;                             \
+  }                                                \
+  inline _c *&Link##_##_c##_##_f::prev_link(_c *c) \
+  {                                                \
+    return c->_f.prev;                             \
+  }
 //
 //      List descriptor for singly-linked list of objects of type C.
 //
@@ -186,9 +192,9 @@ template  class SLL
   SLL() : head(nullptr) {}
   SLL(C *c) : head(c) {}
 };
-#define SList(_c, _f) SLL<_c, _c::Link##_##_f>
+#define SList(_c, _f)           SLL<_c, _c::Link##_##_f>
 #define SListM(_c, _m, _ml, _l) SLL<_c, _c::Link##_##_ml##_##_l>
-#define forl_LL(_c, _p, _l) for (_c *_p = (_l).head; _p; _p = (_l).next(_p))
+#define forl_LL(_c, _p, _l)     for (_c *_p = (_l).head; _p; _p = (_l).next(_p))
 
 template 
 inline void
@@ -344,7 +350,7 @@ template  struct DLL {
   const_iterator end() const;
 };
 
-#define DList(_c, _f) DLL<_c, _c::Link##_##_f>
+#define DList(_c, _f)           DLL<_c, _c::Link##_##_f>
 #define DListM(_c, _m, _ml, _l) DLL<_c, _c::Link##_##_ml##_##_l>
 
 template 
@@ -552,7 +558,7 @@ template  class Queue : public DLL
+#define Que(_c, _f)           Queue<_c, _c::Link##_##_f>
 #define QueM(_c, _m, _mf, _f) Queue<_c, _c::Link##_##_mf##_##_f>
 
 template 
@@ -722,7 +728,7 @@ template  struct CountQueue : public Q
   inline void append(CountQueue &q);
   inline void append_clear(CountQueue &q);
 };
-#define CountQue(_c, _f) CountQueue<_c, _c::Link##_##_f>
+#define CountQue(_c, _f)           CountQueue<_c, _c::Link##_##_f>
 #define CountQueM(_c, _m, _mf, _f) CountQueue<_c, _c::Link##_##_mf##_##_f>
 
 template 
@@ -939,7 +945,7 @@ template  struct AtomicSLL {
   AtomicSLL();
 };
 
-#define ASLL(_c, _l) AtomicSLL<_c, _c::Link##_##_l>
+#define ASLL(_c, _l)           AtomicSLL<_c, _c::Link##_##_l>
 #define ASLLM(_c, _m, _ml, _l) AtomicSLL<_c, _c::Link##_##_ml##_##_l>
 
 template  inline AtomicSLL::AtomicSLL()
diff --git a/include/tscore/MT_hashtable.h b/include/tscore/MT_hashtable.h
index 92ada4d8863..363a856e56f 100644
--- a/include/tscore/MT_hashtable.h
+++ b/include/tscore/MT_hashtable.h
@@ -31,9 +31,9 @@
  ****************************************************************************/
 #pragma once
 
-#define MT_HASHTABLE_PARTITION_BITS 6
-#define MT_HASHTABLE_PARTITIONS (1 << MT_HASHTABLE_PARTITION_BITS)
-#define MT_HASHTABLE_PARTITION_MASK (MT_HASHTABLE_PARTITIONS - 1)
+#define MT_HASHTABLE_PARTITION_BITS    6
+#define MT_HASHTABLE_PARTITIONS        (1 << MT_HASHTABLE_PARTITION_BITS)
+#define MT_HASHTABLE_PARTITION_MASK    (MT_HASHTABLE_PARTITIONS - 1)
 #define MT_HASHTABLE_MAX_CHAIN_AVG_LEN 4
 template  struct HashTableEntry {
   key_t key;
diff --git a/include/tscore/MemArena.h b/include/tscore/MemArena.h
index c64dbe61c75..b5d9dd66512 100644
--- a/include/tscore/MemArena.h
+++ b/include/tscore/MemArena.h
@@ -145,7 +145,7 @@ class MemArena
       deleted, the memory will all be reclaimed when the Arena is destroyed. In general it is a bad idea
       to make objects in the Arena that own memory that is not also in the Arena.
   */
-  template  T *make(Args &&... args);
+  template  T *make(Args &&...args);
 
   /** Freeze reserved memory.
 
@@ -265,13 +265,13 @@ MemArena::Block::alloc(size_t n)
 {
   ink_assert(n <= this->remaining());
   swoc::MemSpan zret = this->remnant().prefix(n);
-  allocated += n;
+  allocated                += n;
   return zret;
 }
 
 template 
 T *
-MemArena::make(Args &&... args)
+MemArena::make(Args &&...args)
 {
   return new (this->alloc(sizeof(T)).data()) T(std::forward(args)...);
 }
diff --git a/include/tscore/ParseRules.h b/include/tscore/ParseRules.h
index 92bd687da04..fdaadf3f741 100644
--- a/include/tscore/ParseRules.h
+++ b/include/tscore/ParseRules.h
@@ -37,36 +37,36 @@ typedef unsigned int CTypeResult;
 // decimal multipliers
 #define USE_SI_MULTIPLIERS 1
 
-#define is_char_BIT (1 << 0)
-#define is_upalpha_BIT (1 << 1)
-#define is_loalpha_BIT (1 << 2)
-#define is_alpha_BIT (1 << 3)
-#define is_digit_BIT (1 << 4)
-#define is_ctl_BIT (1 << 5)
-#define is_ws_BIT (1 << 6)
-#define is_hex_BIT (1 << 7)
-#define is_pchar_BIT (1 << 8)
-#define is_extra_BIT (1 << 9)
-#define is_safe_BIT (1 << 10)
-#define is_unsafe_BIT (1 << 11)
-#define is_national_BIT (1 << 12)
-#define is_reserved_BIT (1 << 13)
-#define is_unreserved_BIT (1 << 14)
-#define is_punct_BIT (1 << 15)
-#define is_end_of_url_BIT (1 << 16)
-#define is_tspecials_BIT (1 << 17)
-#define is_spcr_BIT (1 << 18)
-#define is_splf_BIT (1 << 19)
-#define is_wslfcr_BIT (1 << 20)
-#define is_eow_BIT (1 << 21)
-#define is_token_BIT (1 << 22)
-#define is_uri_BIT (1 << 23)
-#define is_sep_BIT (1 << 24)
-#define is_empty_BIT (1 << 25)
-#define is_alnum_BIT (1 << 26)
-#define is_space_BIT (1 << 27)
-#define is_control_BIT (1 << 28)
-#define is_mime_sep_BIT (1 << 29)
+#define is_char_BIT            (1 << 0)
+#define is_upalpha_BIT         (1 << 1)
+#define is_loalpha_BIT         (1 << 2)
+#define is_alpha_BIT           (1 << 3)
+#define is_digit_BIT           (1 << 4)
+#define is_ctl_BIT             (1 << 5)
+#define is_ws_BIT              (1 << 6)
+#define is_hex_BIT             (1 << 7)
+#define is_pchar_BIT           (1 << 8)
+#define is_extra_BIT           (1 << 9)
+#define is_safe_BIT            (1 << 10)
+#define is_unsafe_BIT          (1 << 11)
+#define is_national_BIT        (1 << 12)
+#define is_reserved_BIT        (1 << 13)
+#define is_unreserved_BIT      (1 << 14)
+#define is_punct_BIT           (1 << 15)
+#define is_end_of_url_BIT      (1 << 16)
+#define is_tspecials_BIT       (1 << 17)
+#define is_spcr_BIT            (1 << 18)
+#define is_splf_BIT            (1 << 19)
+#define is_wslfcr_BIT          (1 << 20)
+#define is_eow_BIT             (1 << 21)
+#define is_token_BIT           (1 << 22)
+#define is_uri_BIT             (1 << 23)
+#define is_sep_BIT             (1 << 24)
+#define is_empty_BIT           (1 << 25)
+#define is_alnum_BIT           (1 << 26)
+#define is_space_BIT           (1 << 27)
+#define is_control_BIT         (1 << 28)
+#define is_mime_sep_BIT        (1 << 29)
 #define is_http_field_name_BIT (1 << 30)
 /* shut up the DEC compiler */
 #define is_http_field_value_BIT (((CTypeResult)1) << 31)
@@ -163,7 +163,7 @@ class ParseRules
   static const char *strchr(const char *s, char c);
 
   // noncopyable
-  ParseRules(const ParseRules &) = delete;
+  ParseRules(const ParseRules &)            = delete;
   ParseRules &operator=(const ParseRules &) = delete;
 };
 
diff --git a/include/tscore/PluginUserArgs.h b/include/tscore/PluginUserArgs.h
index b466829c1fb..d6fc52bdb2e 100644
--- a/include/tscore/PluginUserArgs.h
+++ b/include/tscore/PluginUserArgs.h
@@ -28,12 +28,14 @@
 #include "tscore/ink_assert.h"
 #include "tscore/PluginUserArgs.h"
 
-static constexpr std::array MAX_USER_ARGS = {{
-  16, /* max number of user arguments for TXN */
-  8,  /* max number of user arguments for SSN */
-  4,  /* max number of user arguments for VCONN */
-  128 /* max number of user arguments for GLB */
-}};
+static constexpr std::array MAX_USER_ARGS = {
+  {
+   16, /* max number of user arguments for TXN */
+    8, /* max number of user arguments for SSN */
+    4, /* max number of user arguments for VCONN */
+    128 /* max number of user arguments for GLB */
+  }
+};
 
 /** Stagger each user argument value so we can detect mismatched
  * indices.
diff --git a/include/tscore/Regression.h b/include/tscore/Regression.h
index 6c58973817a..51590490755 100644
--- a/include/tscore/Regression.h
+++ b/include/tscore/Regression.h
@@ -44,15 +44,15 @@
 //   }
 
 // status values
-#define REGRESSION_TEST_PASSED 1
+#define REGRESSION_TEST_PASSED     1
 #define REGRESSION_TEST_INPROGRESS 0 // initial value
-#define REGRESSION_TEST_FAILED -1
-#define REGRESSION_TEST_NOT_RUN -2
+#define REGRESSION_TEST_FAILED     -1
+#define REGRESSION_TEST_NOT_RUN    -2
 
 // regression types
-#define REGRESSION_TEST_NONE 0
-#define REGRESSION_TEST_QUICK 1
-#define REGRESSION_TEST_NIGHTLY 2
+#define REGRESSION_TEST_NONE     0
+#define REGRESSION_TEST_QUICK    1
+#define REGRESSION_TEST_NIGHTLY  2
 #define REGRESSION_TEST_EXTENDED 3
 
 // regression options
diff --git a/include/tscore/Tokenizer.h b/include/tscore/Tokenizer.h
index 305d2c270d6..9ed214dce05 100644
--- a/include/tscore/Tokenizer.h
+++ b/include/tscore/Tokenizer.h
@@ -103,10 +103,10 @@
 
 #include "tscore/ink_apidefs.h"
 
-#define COPY_TOKS (1u << 0)
-#define SHARE_TOKS (1u << 1)
+#define COPY_TOKS        (1u << 0)
+#define SHARE_TOKS       (1u << 1)
 #define ALLOW_EMPTY_TOKS (1u << 2)
-#define ALLOW_SPACES (1u << 3)
+#define ALLOW_SPACES     (1u << 3)
 
 #define TOK_NODE_ELEMENTS 16
 
diff --git a/include/tscore/TsBuffer.h b/include/tscore/TsBuffer.h
index a823641472f..a1921317f04 100644
--- a/include/tscore/TsBuffer.h
+++ b/include/tscore/TsBuffer.h
@@ -433,7 +433,7 @@ ConstBuffer::operator++()
 inline ConstBuffer &
 ConstBuffer::operator+=(size_t n)
 {
-  _ptr += n;
+  _ptr  += n;
   _size -= n;
   return *this;
 }
@@ -465,7 +465,7 @@ ConstBuffer::splitOn(char const *p)
   if (this->contains(p)) {
     size_t n = p - _ptr;
     zret.set(_ptr, n);
-    _ptr = p + 1;
+    _ptr  = p + 1;
     _size -= n + 1;
   }
   return zret;
diff --git a/include/tscore/bwf_std_format.h b/include/tscore/bwf_std_format.h
index cb060edd170..20595631678 100644
--- a/include/tscore/bwf_std_format.h
+++ b/include/tscore/bwf_std_format.h
@@ -88,7 +88,11 @@ namespace bwf
   namespace detail
   {
     // Special case conversions - these handle nullptr because the @c std::string_view spec is stupid.
-    inline std::string_view FirstOfConverter(std::nullptr_t) { return std::string_view{}; }
+    inline std::string_view
+    FirstOfConverter(std::nullptr_t)
+    {
+      return std::string_view{};
+    }
     inline std::string_view
     FirstOfConverter(char const *s)
     {
@@ -106,7 +110,7 @@ namespace bwf
   /// All arguments must be convertible to @c std::string.
   template 
   std::string_view
-  FirstOf(Args &&... args)
+  FirstOf(Args &&...args)
   {
     std::array strings{{detail::FirstOfConverter(args)...}};
     for (auto &s : strings) {
diff --git a/include/tscore/ink_aiocb.h b/include/tscore/ink_aiocb.h
index 3a7b30e7505..a4260c5ede5 100644
--- a/include/tscore/ink_aiocb.h
+++ b/include/tscore/ink_aiocb.h
@@ -35,7 +35,7 @@
 
 /* TODO use native aiocb where possible */
 
-#define LIO_READ 0x1
+#define LIO_READ  0x1
 #define LIO_WRITE 0x2
 
 struct ink_aiocb {
diff --git a/include/tscore/ink_config.h.in b/include/tscore/ink_config.h.in
index 30737e19c4c..90841cd8aec 100644
--- a/include/tscore/ink_config.h.in
+++ b/include/tscore/ink_config.h.in
@@ -41,7 +41,7 @@
 
 // Helper macro to convert integer defines into string literals
 #define _TS_STR(x) #x
-#define TS_STR(x) _TS_STR(x)
+#define TS_STR(x)  _TS_STR(x)
 
 /* clang-format off */
 #define BUILD_MACHINE "@build_machine@"
diff --git a/include/tscore/ink_defs.h b/include/tscore/ink_defs.h
index 2fe7351089d..70ec3767219 100644
--- a/include/tscore/ink_defs.h
+++ b/include/tscore/ink_defs.h
@@ -71,14 +71,14 @@ countof(const T (&)[N])
 #define countof(x) ((unsigned)(sizeof(x) / sizeof((x)[0])))
 #endif
 
-#define SOCKOPT_ON ((char *)&on)
+#define SOCKOPT_ON  ((char *)&on)
 #define SOCKOPT_OFF ((char *)&off)
 
 #ifndef ABS
 #define ABS(x) (((x) < 0) ? (-(x)) : (x))
 #endif
 
-#define ATS_UNUSED __attribute__((unused))
+#define ATS_UNUSED         __attribute__((unused))
 #define ATS_WARN_IF_UNUSED __attribute__((warn_unused_result))
 #define ATS_UNUSED_RETURN(x) \
   if (x) {                   \
diff --git a/include/tscore/ink_hrtime.h b/include/tscore/ink_hrtime.h
index 9358b6358db..39829428be3 100644
--- a/include/tscore/ink_hrtime.h
+++ b/include/tscore/ink_hrtime.h
@@ -49,19 +49,19 @@ char *int64_to_str(char *buf, unsigned int buf_size, int64_t val, unsigned int *
 //////////////////////////////////////////////////////////////////////////////
 
 #define HRTIME_FOREVER (10 * HRTIME_DECADE)
-#define HRTIME_DECADE (10 * HRTIME_YEAR)
-#define HRTIME_YEAR (365 * HRTIME_DAY + HRTIME_DAY / 4)
-#define HRTIME_WEEK (7 * HRTIME_DAY)
-#define HRTIME_DAY (24 * HRTIME_HOUR)
-#define HRTIME_HOUR (60 * HRTIME_MINUTE)
-#define HRTIME_MINUTE (60 * HRTIME_SECOND)
-#define HRTIME_SECOND (1000 * HRTIME_MSECOND)
+#define HRTIME_DECADE  (10 * HRTIME_YEAR)
+#define HRTIME_YEAR    (365 * HRTIME_DAY + HRTIME_DAY / 4)
+#define HRTIME_WEEK    (7 * HRTIME_DAY)
+#define HRTIME_DAY     (24 * HRTIME_HOUR)
+#define HRTIME_HOUR    (60 * HRTIME_MINUTE)
+#define HRTIME_MINUTE  (60 * HRTIME_SECOND)
+#define HRTIME_SECOND  (1000 * HRTIME_MSECOND)
 #define HRTIME_MSECOND (1000 * HRTIME_USECOND)
 #define HRTIME_USECOND (1000 * HRTIME_NSECOND)
 #define HRTIME_NSECOND (static_cast(1))
 
 #define HRTIME_APPROX_SECONDS(_x) ((_x) >> 30) // off by 7.3%
-#define HRTIME_APPROX_FACTOR (((float)(1 << 30)) / (((float)HRTIME_SECOND)))
+#define HRTIME_APPROX_FACTOR      (((float)(1 << 30)) / (((float)HRTIME_SECOND)))
 
 //////////////////////////////////////////////////////////////////////////////
 //
@@ -71,12 +71,12 @@ char *int64_to_str(char *buf, unsigned int buf_size, int64_t val, unsigned int *
 
 // simple macros
 
-#define HRTIME_YEARS(_x) ((_x)*HRTIME_YEAR)
-#define HRTIME_WEEKS(_x) ((_x)*HRTIME_WEEK)
-#define HRTIME_DAYS(_x) ((_x)*HRTIME_DAY)
-#define HRTIME_HOURS(_x) ((_x)*HRTIME_HOUR)
-#define HRTIME_MINUTES(_x) ((_x)*HRTIME_MINUTE)
-#define HRTIME_SECONDS(_x) ((_x)*HRTIME_SECOND)
+#define HRTIME_YEARS(_x)    ((_x)*HRTIME_YEAR)
+#define HRTIME_WEEKS(_x)    ((_x)*HRTIME_WEEK)
+#define HRTIME_DAYS(_x)     ((_x)*HRTIME_DAY)
+#define HRTIME_HOURS(_x)    ((_x)*HRTIME_HOUR)
+#define HRTIME_MINUTES(_x)  ((_x)*HRTIME_MINUTE)
+#define HRTIME_SECONDS(_x)  ((_x)*HRTIME_SECOND)
 #define HRTIME_MSECONDS(_x) ((_x)*HRTIME_MSECOND)
 #define HRTIME_USECONDS(_x) ((_x)*HRTIME_USECOND)
 #define HRTIME_NSECONDS(_x) ((_x)*HRTIME_NSECOND)
diff --git a/include/tscore/ink_inet.h b/include/tscore/ink_inet.h
index 1c70107512e..5bd45fc5eb8 100644
--- a/include/tscore/ink_inet.h
+++ b/include/tscore/ink_inet.h
@@ -1246,10 +1246,9 @@ struct IpAddr {
   bool
   operator==(self const &that) const
   {
-    return _family == AF_INET ?
-             (that._family == AF_INET && _addr._ip4 == that._addr._ip4) :
-             _family == AF_INET6 ? (that._family == AF_INET6 && 0 == memcmp(&_addr._ip6, &that._addr._ip6, TS_IP6_SIZE)) :
-                                   (_family == AF_UNSPEC && that._family == AF_UNSPEC);
+    return _family == AF_INET  ? (that._family == AF_INET && _addr._ip4 == that._addr._ip4) :
+           _family == AF_INET6 ? (that._family == AF_INET6 && 0 == memcmp(&_addr._ip6, &that._addr._ip6, TS_IP6_SIZE)) :
+                                 (_family == AF_UNSPEC && that._family == AF_UNSPEC);
   }
 
   /// Inequality.
diff --git a/include/tscore/ink_lockfile.h b/include/tscore/ink_lockfile.h
index dab70612374..dfe90056f68 100644
--- a/include/tscore/ink_lockfile.h
+++ b/include/tscore/ink_lockfile.h
@@ -26,9 +26,9 @@
 #include "tscore/ink_defs.h"
 #include "tscore/ink_string.h"
 
-#define COP_LOCK "cop.lock"
+#define COP_LOCK     "cop.lock"
 #define MANAGER_LOCK "manager.lock"
-#define SERVER_LOCK "server.lock"
+#define SERVER_LOCK  "server.lock"
 
 class Lockfile
 {
diff --git a/include/tscore/ink_memory.h b/include/tscore/ink_memory.h
index d461f9b9b89..9974a98f72a 100644
--- a/include/tscore/ink_memory.h
+++ b/include/tscore/ink_memory.h
@@ -165,7 +165,9 @@ make_iovec(PtrType ptr, SizeType sz)
   return iov;
 }
 
-template  static inline IOVec make_iovec(PtrType (&array)[N])
+template 
+static inline IOVec
+make_iovec(PtrType (&array)[N])
 {
   IOVec iov = {&array[0], static_cast(sizeof(array))};
   return iov;
@@ -382,7 +384,7 @@ class ats_scoped_resource
   value_type _r; ///< Resource.
 private:
   ats_scoped_resource(self const &) = delete; ///< Copy constructor not permitted.
-  self &operator=(self const &) = delete;     ///< Self assignment not permitted.
+  self &operator=(self const &)     = delete; ///< Self assignment not permitted.
 };
 
 namespace detail
diff --git a/include/tscore/ink_queue.h b/include/tscore/ink_queue.h
index 517fdab1e1d..53ce721f69b 100644
--- a/include/tscore/ink_queue.h
+++ b/include/tscore/ink_queue.h
@@ -121,10 +121,10 @@ union head_p {
 
 #ifdef DEBUG
 #define FROM_PTR(_x) (void *)(((uintptr_t)_x) + 1)
-#define TO_PTR(_x) (void *)(((uintptr_t)_x) - 1)
+#define TO_PTR(_x)   (void *)(((uintptr_t)_x) - 1)
 #else
 #define FROM_PTR(_x) ((void *)(_x))
-#define TO_PTR(_x) ((void *)(_x))
+#define TO_PTR(_x)   ((void *)(_x))
 #endif
 
 #if (defined(__i386__) || defined(__arm__) || defined(__mips__)) && (SIZEOF_VOIDP == 4)
@@ -161,7 +161,7 @@ union head_p {
   ((void *)((((intptr_t)(_x).data) & 0x0000FFFFFFFFFFFFLL) | ((~((((intptr_t)(_x).data) >> 63) - 1)) << 48)))
 #endif
 
-#define FREELIST_VERSION(_x) ((((intptr_t)(_x).data) & 0x7FFF000000000000LL) >> 48)
+#define FREELIST_VERSION(_x)                     ((((intptr_t)(_x).data) & 0x7FFF000000000000LL) >> 48)
 #define SET_FREELIST_POINTER_VERSION(_x, _p, _v) (_x).data = ((((intptr_t)(_p)) & 0x8000FFFFFFFFFFFFLL) | (((_v)&0x7FFFLL) << 48))
 #elif defined(__aarch64__)
 /* Layout of FREELIST_POINTER
@@ -180,7 +180,7 @@ union head_p {
   ((void *)((((intptr_t)(_x).data) & 0x000FFFFFFFFFFFFFLL) | ((~((((intptr_t)(_x).data) >> 63) - 1)) << 52)))
 #endif
 
-#define FREELIST_VERSION(_x) ((((intptr_t)(_x).data) & 0x7FF0000000000000LL) >> 52)
+#define FREELIST_VERSION(_x)                     ((((intptr_t)(_x).data) & 0x7FF0000000000000LL) >> 52)
 #define SET_FREELIST_POINTER_VERSION(_x, _p, _v) (_x).data = ((((intptr_t)(_p)) & 0x800FFFFFFFFFFFFFLL) | (((_v)&0x7FFLL) << 52))
 #else
 #error "unsupported processor"
diff --git a/include/tscore/ink_resolver.h b/include/tscore/ink_resolver.h
index ab666114edc..924f518052b 100644
--- a/include/tscore/ink_resolver.h
+++ b/include/tscore/ink_resolver.h
@@ -77,56 +77,56 @@
 #include 
 
 #if defined(openbsd)
-#define NS_INT16SZ INT16SZ
-#define NS_INT32SZ INT32SZ
+#define NS_INT16SZ   INT16SZ
+#define NS_INT32SZ   INT32SZ
 #define NS_CMPRSFLGS INDIR_MASK
-#define NS_GET16 GETSHORT
-#define NS_GET32 GETLONG
-#define NS_PUT16 PUTSHORT
-#define NS_PUT32 PUTLONG
+#define NS_GET16     GETSHORT
+#define NS_GET32     GETLONG
+#define NS_PUT16     PUTSHORT
+#define NS_PUT32     PUTLONG
 #endif
 
 #ifndef T_DNAME
 #define T_DNAME ns_t_dname
 #endif
-#define INK_RES_F_VC 0x00000001       /*%< socket is TCP */
-#define INK_RES_F_CONN 0x00000002     /*%< socket is connected */
-#define INK_RES_F_EDNS0ERR 0x00000004 /*%< EDNS0 caused errors */
-#define INK_RES_F__UNUSED 0x00000008  /*%< (unused) */
-#define INK_RES_F_LASTMASK 0x000000F0 /*%< ordinal server of last res_nsend */
-#define INK_RES_F_LASTSHIFT 4         /*%< bit position of LASTMASK "flag" */
+#define INK_RES_F_VC         0x00000001 /*%< socket is TCP */
+#define INK_RES_F_CONN       0x00000002 /*%< socket is connected */
+#define INK_RES_F_EDNS0ERR   0x00000004 /*%< EDNS0 caused errors */
+#define INK_RES_F__UNUSED    0x00000008 /*%< (unused) */
+#define INK_RES_F_LASTMASK   0x000000F0 /*%< ordinal server of last res_nsend */
+#define INK_RES_F_LASTSHIFT  4          /*%< bit position of LASTMASK "flag" */
 #define INK_RES_GETLAST(res) (((res)._flags & INK_RES_F_LASTMASK) >> INK_RES_F_LASTSHIFT)
 
 /* res_findzonecut2() options */
 #define INK_RES_EXHAUSTIVE 0x00000001 /*%< always do all queries */
-#define INK_RES_IPV4ONLY 0x00000002   /*%< IPv4 only */
-#define INK_RES_IPV6ONLY 0x00000004   /*%< IPv6 only */
+#define INK_RES_IPV4ONLY   0x00000002 /*%< IPv4 only */
+#define INK_RES_IPV6ONLY   0x00000004 /*%< IPv6 only */
 
 /*%
  *  * Resolver options (keep these in synch with res_debug.c, please)
  [amc] Most of these are never used. AFAICT it's RECURSE and DEBUG only.
  *   */
-#define INK_RES_INIT 0x00000001           /*%< address initialized */
-#define INK_RES_DEBUG 0x00000002          /*%< print debug messages */
-#define INK_RES_AAONLY 0x00000004         /*%< authoritative answers only (!IMPL)*/
-#define INK_RES_USEVC 0x00000008          /*%< use virtual circuit */
-#define INK_RES_PRIMARY 0x00000010        /*%< query primary server only (!IMPL) */
-#define INK_RES_IGNTC 0x00000020          /*%< ignore truncation errors */
-#define INK_RES_RECURSE 0x00000040        /*%< recursion desired */
-#define INK_RES_DEFNAMES 0x00000080       /*%< use default domain name */
-#define INK_RES_STAYOPEN 0x00000100       /*%< Keep TCP socket open */
-#define INK_RES_DNSRCH 0x00000200         /*%< search up local domain tree */
-#define INK_RES_INSECURE1 0x00000400      /*%< type 1 security disabled */
-#define INK_RES_INSECURE2 0x00000800      /*%< type 2 security disabled */
-#define INK_RES_NOALIASES 0x00001000      /*%< shuts off HOSTALIASES feature */
-#define INK_RES_USE_INET6 0x00002000      /*%< use/map IPv6 in gethostbyname() */
-#define INK_RES_ROTATE 0x00004000         /*%< rotate ns list after each query */
+#define INK_RES_INIT        0x00000001    /*%< address initialized */
+#define INK_RES_DEBUG       0x00000002    /*%< print debug messages */
+#define INK_RES_AAONLY      0x00000004    /*%< authoritative answers only (!IMPL)*/
+#define INK_RES_USEVC       0x00000008    /*%< use virtual circuit */
+#define INK_RES_PRIMARY     0x00000010    /*%< query primary server only (!IMPL) */
+#define INK_RES_IGNTC       0x00000020    /*%< ignore truncation errors */
+#define INK_RES_RECURSE     0x00000040    /*%< recursion desired */
+#define INK_RES_DEFNAMES    0x00000080    /*%< use default domain name */
+#define INK_RES_STAYOPEN    0x00000100    /*%< Keep TCP socket open */
+#define INK_RES_DNSRCH      0x00000200    /*%< search up local domain tree */
+#define INK_RES_INSECURE1   0x00000400    /*%< type 1 security disabled */
+#define INK_RES_INSECURE2   0x00000800    /*%< type 2 security disabled */
+#define INK_RES_NOALIASES   0x00001000    /*%< shuts off HOSTALIASES feature */
+#define INK_RES_USE_INET6   0x00002000    /*%< use/map IPv6 in gethostbyname() */
+#define INK_RES_ROTATE      0x00004000    /*%< rotate ns list after each query */
 #define INK_RES_NOCHECKNAME 0x00008000    /*%< do not check names for sanity. */
-#define INK_RES_KEEPTSIG 0x00010000       /*%< do not strip TSIG records */
-#define INK_RES_BLAST 0x00020000          /*%< blast all recursive servers */
-#define INK_RES_NSID 0x00040000           /*%< request name server ID */
-#define INK_RES_NOTLDQUERY 0x00100000     /*%< don't unqualified name as a tld */
-#define INK_RES_USE_DNSSEC 0x00200000     /*%< use DNSSEC using OK bit in OPT */
+#define INK_RES_KEEPTSIG    0x00010000    /*%< do not strip TSIG records */
+#define INK_RES_BLAST       0x00020000    /*%< blast all recursive servers */
+#define INK_RES_NSID        0x00040000    /*%< request name server ID */
+#define INK_RES_NOTLDQUERY  0x00100000    /*%< don't unqualified name as a tld */
+#define INK_RES_USE_DNSSEC  0x00200000    /*%< use DNSSEC using OK bit in OPT */
 /* #define INK_RES_DEBUG2   0x00400000 */ /* nslookup internal */
 /* KAME extensions: use higher bit to avoid conflict with ISC use */
 #define INK_RES_USE_DNAME 0x10000000 /*%< use DNAME */
@@ -134,19 +134,19 @@
 
 #define INK_RES_DEFAULT (INK_RES_RECURSE | INK_RES_DEFNAMES | INK_RES_DNSRCH)
 
-#define INK_MAXNS 32           /*%< max # name servers we'll track */
-#define INK_MAXDFLSRCH 3       /*%< # default domain levels to try */
-#define INK_MAXDNSRCH 6        /*%< max # domains in search path */
-#define INK_LOCALDOMAINPARTS 2 /*%< min levels in name that is "local" */
-#define INK_RES_TIMEOUT 5      /*%< min. seconds between retries */
-#define INK_RES_TIMEOUT 5      /*%< min. seconds between retries */
-#define INK_RES_MAXNDOTS 15    /*%< should reflect bit field size */
-#define INK_RES_MAXRETRANS 30  /*%< only for resolv.conf/RES_OPTIONS */
-#define INK_RES_MAXRETRY 5     /*%< only for resolv.conf/RES_OPTIONS */
-#define INK_RES_DFLRETRY 2     /*%< Default #/tries. */
-#define INK_RES_MAXTIME 65535  /*%< Infinity, in milliseconds. */
-
-#define INK_NS_TYPE_ELT 0x40 /*%< EDNS0 extended label type */
+#define INK_MAXNS            32    /*%< max # name servers we'll track */
+#define INK_MAXDFLSRCH       3     /*%< # default domain levels to try */
+#define INK_MAXDNSRCH        6     /*%< max # domains in search path */
+#define INK_LOCALDOMAINPARTS 2     /*%< min levels in name that is "local" */
+#define INK_RES_TIMEOUT      5     /*%< min. seconds between retries */
+#define INK_RES_TIMEOUT      5     /*%< min. seconds between retries */
+#define INK_RES_MAXNDOTS     15    /*%< should reflect bit field size */
+#define INK_RES_MAXRETRANS   30    /*%< only for resolv.conf/RES_OPTIONS */
+#define INK_RES_MAXRETRY     5     /*%< only for resolv.conf/RES_OPTIONS */
+#define INK_RES_DFLRETRY     2     /*%< Default #/tries. */
+#define INK_RES_MAXTIME      65535 /*%< Infinity, in milliseconds. */
+
+#define INK_NS_TYPE_ELT             0x40 /*%< EDNS0 extended label type */
 #define INK_DNS_LABELTYPE_BITSTRING 0x41
 
 /// IP family preference for DNS resolution.
@@ -209,7 +209,7 @@ struct HostResData {
   do {                                                                   \
     const u_char *t_cp = (const u_char *)(cp);                           \
     (s)                = ((uint16_t)t_cp[0] << 8) | ((uint16_t)t_cp[1]); \
-    (cp) += NS_INT16SZ;                                                  \
+    (cp)               += NS_INT16SZ;                                    \
   } while (0)
 #endif
 
@@ -218,7 +218,7 @@ struct HostResData {
   do {                                                                                                                           \
     const u_char *t_cp = (const u_char *)(cp);                                                                                   \
     (l)                = ((uint32_t)t_cp[0] << 24) | ((uint32_t)t_cp[1] << 16) | ((uint32_t)t_cp[2] << 8) | ((uint32_t)t_cp[3]); \
-    (cp) += NS_INT32SZ;                                                                                                          \
+    (cp)               += NS_INT32SZ;                                                                                            \
   } while (0)
 #endif
 
@@ -229,7 +229,7 @@ struct HostResData {
     u_char *t_cp = (u_char *)(cp); \
     *t_cp++      = t_s >> 8;       \
     *t_cp        = t_s;            \
-    (cp) += NS_INT16SZ;            \
+    (cp)         += NS_INT16SZ;    \
   } while (0)
 #endif
 
@@ -242,7 +242,7 @@ struct HostResData {
     *t_cp++      = t_l >> 16;      \
     *t_cp++      = t_l >> 8;       \
     *t_cp        = t_l;            \
-    (cp) += NS_INT32SZ;            \
+    (cp)         += NS_INT32SZ;    \
   } while (0)
 #endif
 
diff --git a/include/tscore/ink_resource.h b/include/tscore/ink_resource.h
index 578fb5785d9..5c17b3dd14e 100644
--- a/include/tscore/ink_resource.h
+++ b/include/tscore/ink_resource.h
@@ -32,8 +32,8 @@ extern uint64_t ssl_memory_allocated;
 extern uint64_t ssl_memory_freed;
 
 #define __RES_PATH(x) #x
-#define _RES_PATH(x) __RES_PATH(x)
-#define RES_PATH(x) x __FILE__ ":" _RES_PATH(__LINE__)
+#define _RES_PATH(x)  __RES_PATH(x)
+#define RES_PATH(x)   x __FILE__ ":" _RES_PATH(__LINE__)
 
 class Resource;
 
diff --git a/include/tscore/ink_string++.h b/include/tscore/ink_string++.h
index fc9d86c343e..69c99c1b144 100644
--- a/include/tscore/ink_string++.h
+++ b/include/tscore/ink_string++.h
@@ -84,9 +84,9 @@ struct Str {
  *                                                                     *
  ***********************************************************************/
 
-#define STRLIST_BASE_HEAP_SIZE 128
+#define STRLIST_BASE_HEAP_SIZE     128
 #define STRLIST_OVERFLOW_HEAP_SIZE 1024
-#define STRLIST_BASE_CELLS 5
+#define STRLIST_BASE_CELLS         5
 
 struct StrListOverflow;
 
@@ -181,7 +181,7 @@ StrList::base_heap_alloc(int size)
   char *p;
 
   if (size <= (base_heap_size - base_heap_used)) {
-    p = &(base_heap[base_heap_used]);
+    p              = &(base_heap[base_heap_used]);
     base_heap_used += size;
     return ((void *)p);
   } else {
diff --git a/include/tscore/ink_string.h b/include/tscore/ink_string.h
index 59fef765f60..7d009f7eb70 100644
--- a/include/tscore/ink_string.h
+++ b/include/tscore/ink_string.h
@@ -139,7 +139,7 @@ ptr_len_str(const char *p1, int l1, const char *str)
           return match_start;
         }
       } else if (str_index > 0) {
-        l1 += (p1 - match_start);
+        l1        += (p1 - match_start);
         p1        = match_start;
         str_index = 0;
       }
@@ -310,34 +310,34 @@ ink_small_itoa(int val, char *buf, int buf_len)
     return 1;
   } else if (val < 100) { // 10 - 99
     buf[1] = '0' + (val % 10);
-    val /= 10;
+    val    /= 10;
     buf[0] = '0' + (val % 10);
     return 2;
   } else if (val < 1000) { // 100 - 999
     buf[2] = '0' + (val % 10);
-    val /= 10;
+    val    /= 10;
     buf[1] = '0' + (val % 10);
-    val /= 10;
+    val    /= 10;
     buf[0] = '0' + (val % 10);
     return 3;
   } else if (val < 10000) { // 1000 - 9999
     buf[3] = '0' + (val % 10);
-    val /= 10;
+    val    /= 10;
     buf[2] = '0' + (val % 10);
-    val /= 10;
+    val    /= 10;
     buf[1] = '0' + (val % 10);
-    val /= 10;
+    val    /= 10;
     buf[0] = '0' + (val % 10);
     return 4;
   } else { // 10000 - 99999
     buf[4] = '0' + (val % 10);
-    val /= 10;
+    val    /= 10;
     buf[3] = '0' + (val % 10);
-    val /= 10;
+    val    /= 10;
     buf[2] = '0' + (val % 10);
-    val /= 10;
+    val    /= 10;
     buf[1] = '0' + (val % 10);
-    val /= 10;
+    val    /= 10;
     buf[0] = '0' + (val % 10);
     return 5;
   }
diff --git a/include/tscore/ink_thread.h b/include/tscore/ink_thread.h
index 84747d2ef60..644c587a425 100644
--- a/include/tscore/ink_thread.h
+++ b/include/tscore/ink_thread.h
@@ -51,7 +51,7 @@
 #include 
 #endif
 
-#define INK_MUTEX_INIT PTHREAD_MUTEX_INITIALIZER
+#define INK_MUTEX_INIT       PTHREAD_MUTEX_INITIALIZER
 #define INK_THREAD_STACK_MIN PTHREAD_STACK_MIN
 
 typedef pthread_t ink_thread;
diff --git a/include/tscpp/api/Continuation.h b/include/tscpp/api/Continuation.h
index 1557ecc964b..259bc67ebd1 100644
--- a/include/tscpp/api/Continuation.h
+++ b/include/tscpp/api/Continuation.h
@@ -76,7 +76,7 @@ class Continuation
   }
 
   // No copying.
-  Continuation(const Continuation &) = delete;
+  Continuation(const Continuation &)            = delete;
   Continuation &operator=(const Continuation &) = delete;
 
   // Moving allowed.
diff --git a/include/tscpp/api/Logger.h b/include/tscpp/api/Logger.h
index 08eb50f1eae..bfad9247099 100644
--- a/include/tscpp/api/Logger.h
+++ b/include/tscpp/api/Logger.h
@@ -99,8 +99,8 @@ extern "C" void TSError(const char *fmt, ...) ATSCPPAPI_PRINTFLIKE(1, 2);
 // This is weird, but see the following:
 //   http://stackoverflow.com/questions/5641427/how-to-make-preprocessor-generate-a-string-for-line-keyword
 #define STRINGIFY0(x) #x
-#define STRINGIFY(x) STRINGIFY0(x)
-#define LINE_NO STRINGIFY(__LINE__)
+#define STRINGIFY(x)  STRINGIFY0(x)
+#define LINE_NO       STRINGIFY(__LINE__)
 
 /**
  * A helper macro to get access to the Diag messages available in traffic server. These can be enabled
diff --git a/include/tscpp/api/noncopyable.h b/include/tscpp/api/noncopyable.h
index 304449b0832..a330c4d679c 100644
--- a/include/tscpp/api/noncopyable.h
+++ b/include/tscpp/api/noncopyable.h
@@ -52,7 +52,7 @@ class noncopyable
   noncopyable() {}
   ~noncopyable() {}
 
-  noncopyable(const noncopyable &) = delete;
+  noncopyable(const noncopyable &)                  = delete;
   const noncopyable &operator=(const noncopyable &) = delete;
 };
 
diff --git a/include/tscpp/util/Histogram.h b/include/tscpp/util/Histogram.h
index c69b52c0550..1587ff9e5e7 100644
--- a/include/tscpp/util/Histogram.h
+++ b/include/tscpp/util/Histogram.h
@@ -146,7 +146,7 @@ Histogram::operator()(raw_type sample) -> self_type &
   if (sample < LOWER_BOUND) {
     idx = sample;                    // sample -> bucket is identity in the underflow range.
   } else if (sample < UPPER_BOUND) { // not overflow bucket.
-    idx -= N_SPAN_BUCKETS;           // bottom bucket in the range.
+    idx       -= N_SPAN_BUCKETS;     // bottom bucket in the range.
     auto mask = MSB_MASK;            // Mask to probe for bit set.
     // Shift needed after finding the MSB to put the span bits in the LSBs.
     unsigned normalize_shift_count = N_RANGE_BITS - 1;
diff --git a/include/tscpp/util/PostScript.h b/include/tscpp/util/PostScript.h
index fc46c3b16c6..ac69f263f0a 100644
--- a/include/tscpp/util/PostScript.h
+++ b/include/tscpp/util/PostScript.h
@@ -54,7 +54,7 @@ template  class PostScript
   }
 
   // No copying or moving.
-  PostScript(const PostScript &) = delete;
+  PostScript(const PostScript &)            = delete;
   PostScript &operator=(const PostScript &) = delete;
 
 private:
diff --git a/include/tscpp/util/TextView.h b/include/tscpp/util/TextView.h
index 15638b7a5e6..70583552e2c 100644
--- a/include/tscpp/util/TextView.h
+++ b/include/tscpp/util/TextView.h
@@ -133,9 +133,9 @@ class TextView : public std::string_view
   const char *data_end() const;
 
   /// Assignment.
-  self_type &operator                    =(super_type const &that);
+  self_type &operator=(super_type const &that);
   template  self_type &operator=(const char (&s)[N]);
-  self_type &operator                    =(const std::string &s);
+  self_type &operator=(const std::string &s);
 
   /// Explicitly set the view.
   self_type &assign(char const *ptr, size_t n);
@@ -1197,7 +1197,10 @@ namespace literals
    * rather bizarre to me, but there it is. Update: this depends on the version of the compiler,
    * so hopefully someday this can be removed.
    */
-  constexpr ts::TextView operator"" _tv(const char *s, size_t n) { return {s, n}; }
+  constexpr ts::TextView operator"" _tv(const char *s, size_t n)
+  {
+    return {s, n};
+  }
 } // namespace literals
 
 /** Functor for STL containers that need caseless comparisons of standard string types.
diff --git a/include/tscpp/util/TsSharedMutex.h b/include/tscpp/util/TsSharedMutex.h
index fe1769a3c45..7ee0ab84c21 100644
--- a/include/tscpp/util/TsSharedMutex.h
+++ b/include/tscpp/util/TsSharedMutex.h
@@ -37,7 +37,7 @@
 // Should be plugin code.
 #include 
 #define L_Assert TSAssert
-#define L_Fatal TSFatal
+#define L_Fatal  TSFatal
 #endif
 
 #ifdef X
@@ -67,7 +67,7 @@ class shared_mutex
 
   // No copying or moving.
   //
-  shared_mutex(shared_mutex const &) = delete;
+  shared_mutex(shared_mutex const &)            = delete;
   shared_mutex &operator=(shared_mutex const &) = delete;
 
   void
diff --git a/include/tscpp/util/ts_errata.h b/include/tscpp/util/ts_errata.h
index 729a56740a6..1f500795226 100644
--- a/include/tscpp/util/ts_errata.h
+++ b/include/tscpp/util/ts_errata.h
@@ -37,4 +37,5 @@ static constexpr swoc::Errata::Severity ERRATA_EMERGENCY{DL_Emergency};
 
 // This is treated as an array so must numerically match with @c DiagsLevel
 static constexpr std::array Severity_Names{
-  {"Diag", "Debug", "Status", "Note", "Warn", "Error", "Fatal", "Alert", "Emergency"}};
+  {"Diag", "Debug", "Status", "Note", "Warn", "Error", "Fatal", "Alert", "Emergency"}
+};
diff --git a/iocore/aio/AIO.cc b/iocore/aio/AIO.cc
index 078d2b58d30..26d281194f1 100644
--- a/iocore/aio/AIO.cc
+++ b/iocore/aio/AIO.cc
@@ -549,7 +549,7 @@ DiskHandler::DiskHandler()
   }
 
   if (aio_io_uring_sq_poll_ms > 0) {
-    p.flags |= IORING_SETUP_SQPOLL;
+    p.flags          |= IORING_SETUP_SQPOLL;
     p.sq_thread_idle = aio_io_uring_sq_poll_ms;
   }
 
diff --git a/iocore/aio/I_AIO.h b/iocore/aio/I_AIO.h
index 40a41db345c..eb3cc58eacc 100644
--- a/iocore/aio/I_AIO.h
+++ b/iocore/aio/I_AIO.h
@@ -38,8 +38,8 @@ static constexpr ts::ModuleVersion AIO_MODULE_PUBLIC_VERSION(1, 0, ts::ModuleVer
 
 #define AIO_EVENT_DONE (AIO_EVENT_EVENTS_START + 0)
 
-#define AIO_MODE_THREAD 0
-#define AIO_MODE_NATIVE 1
+#define AIO_MODE_THREAD   0
+#define AIO_MODE_NATIVE   1
 #define AIO_MODE_IO_URING 2
 
 #if TS_USE_LINUX_NATIVE_AIO
@@ -50,7 +50,7 @@ static constexpr ts::ModuleVersion AIO_MODULE_PUBLIC_VERSION(1, 0, ts::ModuleVer
 #define AIO_MODE AIO_MODE_THREAD
 #endif
 
-#define LIO_READ 0x1
+#define LIO_READ  0x1
 #define LIO_WRITE 0x2
 
 #if AIO_MODE == AIO_MODE_NATIVE
@@ -65,7 +65,7 @@ typedef struct io_event ink_io_event_t;
 // XXX hokey old-school compatibility with ink_aiocb.h ...
 #define aio_nbytes u.c.nbytes
 #define aio_offset u.c.offset
-#define aio_buf u.c.buf
+#define aio_buf    u.c.buf
 
 #elif AIO_MODE == AIO_MODE_IO_URING
 #include 
diff --git a/iocore/aio/test_AIO.cc b/iocore/aio/test_AIO.cc
index bef0a8ea3b7..4fb441ef1ef 100644
--- a/iocore/aio/test_AIO.cc
+++ b/iocore/aio/test_AIO.cc
@@ -190,8 +190,8 @@ dump_summary()
     double ops_sec = (dev[i]->seq_reads + dev[i]->seq_writes + dev[i]->rand_reads) / secs;
     printf("%s: #sr:%d #sw:%d #rr:%d %0.1f secs %0.1f ops/sec\n", dev[i]->path, dev[i]->seq_reads, dev[i]->seq_writes,
            dev[i]->rand_reads, secs, ops_sec);
-    total_secs += secs;
-    total_seq_reads += dev[i]->seq_reads;
+    total_secs       += secs;
+    total_seq_reads  += dev[i]->seq_reads;
     total_seq_writes += dev[i]->seq_writes;
     total_rand_reads += dev[i]->rand_reads;
   }
@@ -199,12 +199,12 @@ dump_summary()
   printf("aggregate results\n");
   printf("-----------------\n");
   total_secs /= orig_n_accessors;
-  float sr = (total_seq_reads * seq_read_size) / total_secs;
-  sr /= 1024.0 * 1024.0;
-  float sw = (total_seq_writes * seq_write_size) / total_secs;
-  sw /= 1024.0 * 1024.0;
-  float rr = (total_rand_reads * rand_read_size) / total_secs;
-  rr /= 1024.0 * 1024.0;
+  float sr   = (total_seq_reads * seq_read_size) / total_secs;
+  sr         /= 1024.0 * 1024.0;
+  float sw   = (total_seq_writes * seq_write_size) / total_secs;
+  sw         /= 1024.0 * 1024.0;
+  float rr   = (total_rand_reads * rand_read_size) / total_secs;
+  rr         /= 1024.0 * 1024.0;
   printf("%f ops %0.2f mbytes/sec %0.1f ops/sec %0.1f ops/sec/disk seq_read\n", total_seq_reads, sr, total_seq_reads / total_secs,
          total_seq_reads / total_secs / n_disk_path);
   printf("%f ops %0.2f mbytes/sec %0.1f ops/sec %0.1f ops/sec/disk seq_write\n", total_seq_writes, sw,
@@ -270,7 +270,7 @@ AIO_Device::do_fd(int /* event ATS_UNUSED */, Event * /* e ATS_UNUSED */)
   off_t max_hotset_offset = (static_cast(hotset_size)) * 1024 * 1024; // MB-GB
   off_t seq_read_point    = (static_cast MIN_OFFSET);
   off_t seq_write_point   = (static_cast MIN_OFFSET) + max_offset / 2 + write_after * 1024 * 1024;
-  seq_write_point += (id % n_disk_path) * (max_offset / (threads_per_disk * 4));
+  seq_write_point         += (id % n_disk_path) * (max_offset / (threads_per_disk * 4));
   if (seq_write_point > max_offset) {
     seq_write_point = MIN_OFFSET;
   }
diff --git a/iocore/cache/Cache.cc b/iocore/cache/Cache.cc
index cb64b6ea7f3..80acb209d3e 100644
--- a/iocore/cache/Cache.cc
+++ b/iocore/cache/Cache.cc
@@ -945,14 +945,14 @@ CacheProcessor::cacheInitialized()
             CACHE_VOL_SUM_DYN_STAT(cache_ram_cache_bytes_total_stat, (int64_t)gvol[i]->dirlen());
           }
           vol_total_cache_bytes = gvol[i]->len - gvol[i]->dirlen();
-          total_cache_bytes += vol_total_cache_bytes;
+          total_cache_bytes     += vol_total_cache_bytes;
           Debug("cache_init", "CacheProcessor::cacheInitialized - total_cache_bytes = %" PRId64 " = %" PRId64 "Mb",
                 total_cache_bytes, total_cache_bytes / (1024 * 1024));
 
           CACHE_VOL_SUM_DYN_STAT(cache_bytes_total_stat, vol_total_cache_bytes);
 
           vol_total_direntries = gvol[i]->buckets * gvol[i]->segments * DIR_DEPTH;
-          total_direntries += vol_total_direntries;
+          total_direntries     += vol_total_direntries;
           CACHE_VOL_SUM_DYN_STAT(cache_direntries_total_stat, vol_total_direntries);
 
           vol_used_direntries = dir_entries_used(gvol[i]);
@@ -995,14 +995,14 @@ CacheProcessor::cacheInitialized()
           Debug("cache_init", "CacheProcessor::cacheInitialized[%d] - ram_cache_bytes = %" PRId64 " = %" PRId64 "Mb", i,
                 ram_cache_bytes, ram_cache_bytes / (1024 * 1024));
           vol_total_cache_bytes = gvol[i]->len - gvol[i]->dirlen();
-          total_cache_bytes += vol_total_cache_bytes;
+          total_cache_bytes     += vol_total_cache_bytes;
           CACHE_VOL_SUM_DYN_STAT(cache_bytes_total_stat, vol_total_cache_bytes);
           CACHE_VOL_SUM_DYN_STAT(cache_stripes_stat, 1); // Count the cache stripes
           Debug("cache_init", "CacheProcessor::cacheInitialized - total_cache_bytes = %" PRId64 " = %" PRId64 "Mb",
                 total_cache_bytes, total_cache_bytes / (1024 * 1024));
 
           vol_total_direntries = gvol[i]->buckets * gvol[i]->segments * DIR_DEPTH;
-          total_direntries += vol_total_direntries;
+          total_direntries     += vol_total_direntries;
           CACHE_VOL_SUM_DYN_STAT(cache_direntries_total_stat, vol_total_direntries);
 
           vol_used_direntries = dir_entries_used(gvol[i]);
@@ -1462,15 +1462,15 @@ Vol::handle_recover_from_data(int event, void * /* data ATS_UNUSED */)
       }
       ink_assert(done == to_check);
 
-      got_len = io.aiocb.aio_nbytes - done;
+      got_len     = io.aiocb.aio_nbytes - done;
       recover_pos += io.aiocb.aio_nbytes;
-      s = static_cast(io.aiocb.aio_buf) + done;
-      e = s + got_len;
+      s           = static_cast(io.aiocb.aio_buf) + done;
+      e           = s + got_len;
     } else {
-      got_len = io.aiocb.aio_nbytes;
+      got_len     = io.aiocb.aio_nbytes;
       recover_pos += io.aiocb.aio_nbytes;
-      s = static_cast(io.aiocb.aio_buf);
-      e = s + got_len;
+      s           = static_cast(io.aiocb.aio_buf);
+      e           = s + got_len;
     }
   }
   // examine what we got
@@ -1526,7 +1526,7 @@ Vol::handle_recover_from_data(int event, void * /* data ATS_UNUSED */)
           // case 2
           if (doc->sync_serial > last_sync_serial && doc->sync_serial <= header->sync_serial + 1) {
             last_sync_serial = doc->sync_serial;
-            s += round_to_approx_size(doc->len);
+            s                += round_to_approx_size(doc->len);
             continue;
           }
           // case 3 - we have already recovered some data and
@@ -1561,7 +1561,7 @@ Vol::handle_recover_from_data(int event, void * /* data ATS_UNUSED */)
       }
       // doc->magic == DOC_MAGIC && doc->sync_serial == last_sync_serial
       last_write_serial = doc->write_serial;
-      s += round_to_approx_size(doc->len);
+      s                 += round_to_approx_size(doc->len);
     }
 
     /* if (s > e) then we gone through RECOVERY_SIZE; we need to
@@ -1803,7 +1803,7 @@ build_vol_hash_table(CacheHostRecord *cp)
     }
     mapping[map] = i;
     p[map++]     = cp->vols[i];
-    total += (cp->vols[i]->len >> STORE_BLOCK_SHIFT);
+    total        += (cp->vols[i]->len >> STORE_BLOCK_SHIFT);
   }
 
   num_vols -= bad_vols;
@@ -1829,11 +1829,11 @@ build_vol_hash_table(CacheHostRecord *cp)
 
   // estimate allocation
   for (int i = 0; i < num_vols; i++) {
-    forvol[i] = (VOL_HASH_TABLE_SIZE * (p[i]->len >> STORE_BLOCK_SHIFT)) / total;
-    used += forvol[i];
+    forvol[i]         = (VOL_HASH_TABLE_SIZE * (p[i]->len >> STORE_BLOCK_SHIFT)) / total;
+    used              += forvol[i];
     rtable_entries[i] = p[i]->len / VOL_HASH_ALLOC_SIZE;
-    rtable_size += rtable_entries[i];
-    gotvol[i] = 0;
+    rtable_size       += rtable_entries[i];
+    gotvol[i]         = 0;
   }
   // spread around the excess
   int extra = VOL_HASH_TABLE_SIZE - used;
@@ -1926,8 +1926,8 @@ CacheProcessor::mark_storage_offline(CacheDisk *d, ///< Target disk
 
   for (p = 0; p < gnvol; p++) {
     if (d->fd == gvol[p]->fd) {
-      total_dir_delete += gvol[p]->buckets * gvol[p]->segments * DIR_DEPTH;
-      used_dir_delete += dir_entries_used(gvol[p]);
+      total_dir_delete   += gvol[p]->buckets * gvol[p]->segments * DIR_DEPTH;
+      used_dir_delete    += dir_entries_used(gvol[p]);
       total_bytes_delete += gvol[p]->len - gvol[p]->dirlen();
     }
   }
@@ -1953,10 +1953,10 @@ CacheProcessor::mark_storage_offline(CacheDisk *d, ///< Target disk
     if (theCache) {
       ReplaceablePtr::ScopedReader hosttable(&theCache->hosttable);
       if (!hosttable->gen_host_rec.vol_hash_table) {
-        unsigned int caches_ready = 0;
-        caches_ready              = caches_ready | (1 << CACHE_FRAG_TYPE_HTTP);
-        caches_ready              = caches_ready | (1 << CACHE_FRAG_TYPE_NONE);
-        caches_ready              = ~caches_ready;
+        unsigned int caches_ready   = 0;
+        caches_ready                = caches_ready | (1 << CACHE_FRAG_TYPE_HTTP);
+        caches_ready                = caches_ready | (1 << CACHE_FRAG_TYPE_NONE);
+        caches_ready                = ~caches_ready;
         CacheProcessor::cache_ready &= caches_ready;
         Warning("all volumes for http cache are corrupt, http cache disabled");
       }
@@ -2504,8 +2504,8 @@ cplist_init()
       while (p) {
         if (p->vol_number == dp[j]->vol_number) {
           ink_assert(p->scheme == (int)dp[j]->dpb_queue.head->b->type);
-          p->size += dp[j]->size;
-          p->num_vols += dp[j]->num_volblocks;
+          p->size         += dp[j]->size;
+          p->num_vols     += dp[j]->num_volblocks;
           p->disk_vols[i] = dp[j];
           break;
         }
@@ -2669,7 +2669,7 @@ fillExclusiveDisks(CacheVol *cp)
           cp->disk_vols[i] = gdisks[i]->get_diskvol(volume_number);
         }
         size_diff -= dpb->len;
-        cp->size += dpb->len;
+        cp->size  += dpb->len;
         cp->num_vols++;
       } else {
         Debug("cache_init", "create_volume failed");
@@ -2721,10 +2721,10 @@ cplist_reconfigure()
       }
 
       ink_assert(gdisks[i]->header->num_volumes == 1);
-      DiskVol **dp = gdisks[i]->disk_vols;
-      gnvol += dp[0]->num_volblocks;
-      cp->size += dp[0]->size;
-      cp->num_vols += dp[0]->num_volblocks;
+      DiskVol **dp     = gdisks[i]->disk_vols;
+      gnvol            += dp[0]->num_volblocks;
+      cp->size         += dp[0]->size;
+      cp->num_vols     += dp[0]->num_volblocks;
       cp->disk_vols[i] = dp[0];
     }
   } else {
@@ -2830,7 +2830,7 @@ cplist_reconfigure()
         cp_list.enqueue(new_cp);
         cp_list_len++;
         config_vol->cachep = new_cp;
-        gnvol += new_cp->num_vols;
+        gnvol              += new_cp->num_vols;
         continue;
       }
       //    else
@@ -2896,7 +2896,7 @@ cplist_reconfigure()
               cp->disk_vols[disk_no] = gdisks[disk_no]->get_diskvol(volume_number);
             }
             size_diff -= dpb->len;
-            cp->size += dpb->len;
+            cp->size  += dpb->len;
             cp->num_vols++;
           } else {
             break;
@@ -2944,9 +2944,9 @@ create_volume(int volume_number, off_t size_in_blocks, int scheme, CacheVol *cp)
   int i = curr_vol;
   while (size_in_blocks > 0) {
     if (gdisks[i]->free_space >= (sp[i] + blocks_per_vol)) {
-      sp[i] += blocks_per_vol;
+      sp[i]          += blocks_per_vol;
       size_in_blocks -= blocks_per_vol;
-      full_disks = 0;
+      full_disks     = 0;
     } else {
       full_disks += 1;
       if (full_disks == gndisks) {
diff --git a/iocore/cache/CacheDir.cc b/iocore/cache/CacheDir.cc
index b73eea0d35f..1038c3e0a2f 100644
--- a/iocore/cache/CacheDir.cc
+++ b/iocore/cache/CacheDir.cc
@@ -978,7 +978,7 @@ sync_cache_dir_on_shutdown()
         continue;
       }
       d->header->last_write_pos = d->header->write_pos;
-      d->header->write_pos += d->agg_buf_pos;
+      d->header->write_pos      += d->agg_buf_pos;
       ink_assert(d->header->write_pos == d->header->agg_pos);
       d->agg_buf_pos = 0;
       d->header->write_serial++;
@@ -1286,14 +1286,14 @@ Vol::dir_check(bool /* fix ATS_UNUSED */) // TODO: we should eliminate this para
       ++hist[std::min(h, SEGMENT_HISTOGRAM_WIDTH)];
       seg_chain_max = std::max(seg_chain_max, h);
     }
-    int fl_size = dir_freelist_length(this, s);
-    in_use += seg_in_use;
-    empty += seg_empty;
-    stale += seg_stale;
-    free += fl_size;
-    buckets_in_use += seg_buckets_in_use;
+    int fl_size      = dir_freelist_length(this, s);
+    in_use           += seg_in_use;
+    empty            += seg_empty;
+    stale            += seg_stale;
+    free             += fl_size;
+    buckets_in_use   += seg_buckets_in_use;
     max_chain_length = std::max(max_chain_length, seg_chain_max);
-    bytes_in_use += seg_bytes_in_use;
+    bytes_in_use     += seg_bytes_in_use;
 
     printf("  - Segment-%d | Entries: used=%d stale=%d free=%d disk-bytes=%d Buckets: used=%d empty=%d max=%d avg=%.2f dups=%d\n",
            s, seg_in_use, seg_stale, fl_size, seg_bytes_in_use, seg_buckets_in_use, seg_empty, seg_chain_max,
diff --git a/iocore/cache/CacheDisk.cc b/iocore/cache/CacheDisk.cc
index c9b1c75d3a4..e061e3f69e0 100644
--- a/iocore/cache/CacheDisk.cc
+++ b/iocore/cache/CacheDisk.cc
@@ -289,11 +289,11 @@ CacheDisk::create_volume(int number, off_t size_in_blocks, int scheme)
     /* allocate in 128 megabyte chunks. The Remaining space should
        be thrown away */
     size_in_blocks = (p->len - (p->len % blocks_per_vol));
-    wasted_space += p->len % blocks_per_vol;
+    wasted_space   += p->len % blocks_per_vol;
   }
 
   free_blocks->dpb_queue.remove(q);
-  free_space -= p->len;
+  free_space        -= p->len;
   free_blocks->size -= p->len;
 
   size_t new_size = p->len - size_in_blocks;
@@ -301,14 +301,14 @@ CacheDisk::create_volume(int number, off_t size_in_blocks, int scheme)
     /* create a new volume */
     DiskVolBlock *dpb = &header->vol_info[header->num_diskvol_blks];
     *dpb              = *p;
-    dpb->len -= size_in_blocks;
-    dpb->offset += (size_in_blocks * STORE_BLOCK_SIZE);
+    dpb->len          -= size_in_blocks;
+    dpb->offset       += (size_in_blocks * STORE_BLOCK_SIZE);
 
     DiskVolBlockQueue *new_q = new DiskVolBlockQueue();
     new_q->b                 = dpb;
     free_blocks->dpb_queue.enqueue(new_q);
     free_blocks->size += dpb->len;
-    free_space += dpb->len;
+    free_space        += dpb->len;
     header->num_diskvol_blks++;
   } else {
     header->num_free--;
@@ -353,7 +353,7 @@ CacheDisk::delete_volume(int number)
         DiskVolBlock *p = q->b;
         p->type         = CACHE_NONE_TYPE;
         p->free         = 1;
-        free_space += p->len;
+        free_space      += p->len;
         header->num_free++;
         header->num_used--;
         DiskVolBlockQueue *temp_q = q->link.next;
@@ -362,7 +362,7 @@ CacheDisk::delete_volume(int number)
         q = temp_q;
       }
       free_blocks->num_volblocks += disk_vols[i]->num_volblocks;
-      free_blocks->size += disk_vols[i]->size;
+      free_blocks->size          += disk_vols[i]->size;
 
       delete disk_vols[i];
 
diff --git a/iocore/cache/CacheHosting.cc b/iocore/cache/CacheHosting.cc
index 74d6a61b982..b74a8d51d17 100644
--- a/iocore/cache/CacheHosting.cc
+++ b/iocore/cache/CacheHosting.cc
@@ -684,7 +684,7 @@ ConfigVolumes::BuildListFromString(char *config_file_path, char *file_buf)
       }
 
       if (strcasecmp(tmp, "volume") == 0) { // match volume
-        tmp += 7;                           // size of string volume including null
+        tmp           += 7;                 // size of string volume including null
         volume_number = atoi(tmp);
 
         if (volume_seen[volume_number]) {
@@ -705,17 +705,17 @@ ConfigVolumes::BuildListFromString(char *config_file_path, char *file_buf)
         tmp += 7;                                  // size of string scheme including null
 
         if (!strcasecmp(tmp, "http")) {
-          tmp += 4;
+          tmp    += 4;
           scheme = CACHE_HTTP_TYPE;
         } else if (!strcasecmp(tmp, "mixt")) {
-          tmp += 4;
+          tmp    += 4;
           scheme = CACHE_RTSP_TYPE;
         } else {
           err = "Unexpected end of line";
           break;
         }
       } else if (strcasecmp(tmp, "size") == 0) { // match size
-        tmp += 5;
+        tmp  += 5;
         size = atoi(tmp);
 
         while (ParseRules::is_digit(*tmp)) {
@@ -738,10 +738,10 @@ ConfigVolumes::BuildListFromString(char *config_file_path, char *file_buf)
       } else if (strcasecmp(tmp, "ramcache") == 0) { // match ramcache
         tmp += 9;
         if (!strcasecmp(tmp, "false")) {
-          tmp += 5;
+          tmp              += 5;
           ramcache_enabled = false;
         } else if (!strcasecmp(tmp, "true")) {
-          tmp += 4;
+          tmp              += 4;
           ramcache_enabled = true;
         } else {
           err = "Unexpected end of line";
@@ -790,7 +790,7 @@ ConfigVolumes::BuildListFromString(char *config_file_path, char *file_buf)
 }
 
 /* Test the cache volume with different configurations */
-#define MEGS_128 (128 * 1024 * 1024)
+#define MEGS_128              (128 * 1024 * 1024)
 #define ROUND_TO_VOL_SIZE(_x) (((_x) + (MEGS_128 - 1)) & ~(MEGS_128 - 1))
 extern CacheDisk **gdisks;
 extern Queue cp_list;
@@ -875,7 +875,7 @@ create_config(RegressionTest *t, int num)
       off_t vol_blocks = gdisks[i]->num_usable_blocks;
       /* round down the blocks to the nearest
          multiple of STORE_BLOCKS_PER_VOL */
-      vol_blocks = (vol_blocks / STORE_BLOCKS_PER_VOL) * STORE_BLOCKS_PER_VOL;
+      vol_blocks  = (vol_blocks / STORE_BLOCKS_PER_VOL) * STORE_BLOCKS_PER_VOL;
       total_space += vol_blocks;
     }
 
@@ -920,7 +920,7 @@ create_config(RegressionTest *t, int num)
       off_t vol_blocks = gdisks[i]->num_usable_blocks;
       /* round down the blocks to the nearest
          multiple of STORE_BLOCKS_PER_VOL */
-      vol_blocks = (vol_blocks / STORE_BLOCKS_PER_VOL) * STORE_BLOCKS_PER_VOL;
+      vol_blocks  = (vol_blocks / STORE_BLOCKS_PER_VOL) * STORE_BLOCKS_PER_VOL;
       total_space += vol_blocks;
 
       if (num == 2) {
diff --git a/iocore/cache/CacheHttp.cc b/iocore/cache/CacheHttp.cc
index 2cf8f98ba2d..5064f7d0a03 100644
--- a/iocore/cache/CacheHttp.cc
+++ b/iocore/cache/CacheHttp.cc
@@ -143,16 +143,16 @@ CacheHTTPInfoVector::print(char *buffer, size_t buf_size, bool temps)
         url = u.string_get(&arena);
         if (url) {
           snprintf(p, buf_size, "[%s] ", url);
-          tmp = strlen(p);
-          p += tmp;
+          tmp      = strlen(p);
+          p        += tmp;
           buf_size -= tmp;
         }
       }
 
       if (temps || !(data[i].alternate.object_key_get() == zero_key)) {
         snprintf(p, buf_size, "[%d %s]", data[i].alternate.id_get(), CacheKey(data[i].alternate.object_key_get()).toHexStr(buf));
-        tmp = strlen(p);
-        p += tmp;
+        tmp      = strlen(p);
+        p        += tmp;
         buf_size -= tmp;
       }
     }
@@ -186,8 +186,8 @@ CacheHTTPInfoVector::marshal(char *buf, int length)
 
   for (int i = 0; i < xcount; i++) {
     int tmp = data[i].alternate.marshal(buf, length);
-    length -= tmp;
-    buf += tmp;
+    length  -= tmp;
+    buf     += tmp;
     count++;
   }
 
@@ -212,7 +212,7 @@ CacheHTTPInfoVector::unmarshal(const char *buf, int length, RefCountObj *block_p
       return -1;
     }
     info.m_alt = (HTTPCacheAlt *)buf;
-    buf += tmp;
+    buf        += tmp;
 
     data(xcount).alternate = info;
     xcount++;
diff --git a/iocore/cache/CachePages.cc b/iocore/cache/CachePages.cc
index 651499ce32c..06741388059 100644
--- a/iocore/cache/CachePages.cc
+++ b/iocore/cache/CachePages.cc
@@ -164,7 +164,7 @@ struct ShowCache : public ShowCont {
   }
 };
 
-#define STREQ_PREFIX(_x, _s) (!strncasecmp(_x, _s, sizeof(_s) - 1))
+#define STREQ_PREFIX(_x, _s)         (!strncasecmp(_x, _s, sizeof(_s) - 1))
 #define STREQ_LEN_PREFIX(_x, _l, _s) (path_len < sizeof(_s) && !strncasecmp(_x, _s, sizeof(_s) - 1))
 
 Action *
@@ -385,10 +385,10 @@ ShowCache::handleCacheEvent(int event, Event *e)
         CHECK_SHOW(show("Request Header
"));
         offset = 0;
         do {
-          used = 0;
-          tmp  = offset;
-          done = cached_request->print(b, 4095, &used, &tmp);
-          offset += used;
+          used    = 0;
+          tmp     = offset;
+          done    = cached_request->print(b, 4095, &used, &tmp);
+          offset  += used;
           b[used] = '\0';
           CHECK_SHOW(show("%s", b));
         } while (!done);
@@ -398,10 +398,10 @@ ShowCache::handleCacheEvent(int event, Event *e)
         CHECK_SHOW(show("Response Header
"));
         offset = 0;
         do {
-          used = 0;
-          tmp  = offset;
-          done = cached_response->print(b, 4095, &used, &tmp);
-          offset += used;
+          used    = 0;
+          tmp     = offset;
+          done    = cached_response->print(b, 4095, &used, &tmp);
+          offset  += used;
           b[used] = '\0';
           CHECK_SHOW(show("%s", b));
         } while (!done);
diff --git a/iocore/cache/CachePagesInternal.cc b/iocore/cache/CachePagesInternal.cc
index f4c8cb19f4e..9f0f0ecf1c4 100644
--- a/iocore/cache/CachePagesInternal.cc
+++ b/iocore/cache/CachePagesInternal.cc
@@ -56,7 +56,7 @@ extern Vol **gvol;
 // Stat Pages
 ShowCacheInternal *theshowcacheInternal = nullptr;
 
-#define STREQ_PREFIX(_x, _s) (!strncasecmp(_x, _s, sizeof(_s) - 1))
+#define STREQ_PREFIX(_x, _s)         (!strncasecmp(_x, _s, sizeof(_s) - 1))
 #define STREQ_LEN_PREFIX(_x, _l, _s) (path_len < sizeof(_s) && !strncasecmp(_x, _s, sizeof(_s) - 1))
 
 Action *
diff --git a/iocore/cache/CacheRead.cc b/iocore/cache/CacheRead.cc
index 6b15fc9eabf..eb53637c5cf 100644
--- a/iocore/cache/CacheRead.cc
+++ b/iocore/cache/CacheRead.cc
@@ -777,7 +777,7 @@ CacheVC::openReadMain(int /* event ATS_UNUSED */, Event * /* e ATS_UNUSED */)
   b->_buf_end = b->_end;
   vio.buffer.writer()->append_block(b);
   vio.ndone += bytes;
-  doc_pos += bytes;
+  doc_pos   += bytes;
   if (vio.ntodo() <= 0) {
     return calluser(VC_EVENT_READ_COMPLETE);
   } else {
@@ -1137,9 +1137,10 @@ CacheVC::openReadStartHead(int event, Event *e)
                "first alt=%d[%s]",
                key.slice32(0), uml, doc->hlen, doc->len, sizeof(Doc), doc->v_major, doc->v_minor, vector.count(), alt_length,
                alt->m_magic,
-               (CACHE_ALT_MAGIC_ALIVE == alt->m_magic ?
-                  "alive" :
-                  CACHE_ALT_MAGIC_MARSHALED == alt->m_magic ? "serial" : CACHE_ALT_MAGIC_DEAD == alt->m_magic ? "dead" : "bogus"));
+               (CACHE_ALT_MAGIC_ALIVE == alt->m_magic     ? "alive" :
+                CACHE_ALT_MAGIC_MARSHALED == alt->m_magic ? "serial" :
+                CACHE_ALT_MAGIC_DEAD == alt->m_magic      ? "dead" :
+                                                            "bogus"));
           dir_delete(&key, vol, &dir);
         }
         err = ECACHE_BAD_META_DATA;
diff --git a/iocore/cache/CacheTest.cc b/iocore/cache/CacheTest.cc
index f1d50fd7e48..9e4a5b90b7d 100644
--- a/iocore/cache/CacheTest.cc
+++ b/iocore/cache/CacheTest.cc
@@ -219,8 +219,8 @@ CacheTestSM::fill_buffer()
 {
   int64_t avail = buffer->write_avail();
   CacheKey k    = key;
-  k.b[1] += content_salt;
-  int64_t sk = static_cast(sizeof(key));
+  k.b[1]        += content_salt;
+  int64_t sk    = static_cast(sizeof(key));
   while (avail > 0) {
     int64_t l = avail;
     if (l > sk) {
@@ -246,7 +246,7 @@ CacheTestSM::check_buffer()
 {
   int64_t avail = buffer_reader->read_avail();
   CacheKey k    = key;
-  k.b[1] += content_salt;
+  k.b[1]        += content_salt;
   char b[sizeof(key)];
   int64_t sk  = static_cast(sizeof(key));
   int64_t pos = cvio->ndone - buffer_reader->read_avail();
@@ -266,7 +266,7 @@ CacheTestSM::check_buffer()
       return 0;
     }
     buffer_reader->consume(l);
-    pos += l;
+    pos   += l;
     avail -= l;
   }
   return 1;
diff --git a/iocore/cache/CacheVol.cc b/iocore/cache/CacheVol.cc
index 9d45c88002e..c4e8006e2d9 100644
--- a/iocore/cache/CacheVol.cc
+++ b/iocore/cache/CacheVol.cc
@@ -23,7 +23,7 @@
 
 #include "P_Cache.h"
 
-#define SCAN_BUF_SIZE RECOVERY_SIZE
+#define SCAN_BUF_SIZE              RECOVERY_SIZE
 #define SCAN_WRITER_LOCK_MAX_RETRY 5
 
 Action *
@@ -211,9 +211,9 @@ CacheVC::scanObject(int /* event ATS_UNUSED */, Event * /* e ATS_UNUSED */)
   // If there is data in the buffer before the start that is from a partial object read previously
   // Fix things as if we read it this time.
   if (scan_fix_buffer_offset) {
-    io.aio_result += scan_fix_buffer_offset;
-    io.aiocb.aio_nbytes += scan_fix_buffer_offset;
-    io.aiocb.aio_offset -= scan_fix_buffer_offset;
+    io.aio_result          += scan_fix_buffer_offset;
+    io.aiocb.aio_nbytes    += scan_fix_buffer_offset;
+    io.aiocb.aio_offset    -= scan_fix_buffer_offset;
     io.aiocb.aio_buf       = static_cast(io.aiocb.aio_buf) - scan_fix_buffer_offset;
     scan_fix_buffer_offset = 0;
   }
@@ -351,7 +351,7 @@ CacheVC::scanObject(int /* event ATS_UNUSED */, Event * /* e ATS_UNUSED */)
     off_t partial_object_len = io.aiocb.aio_nbytes - (reinterpret_cast(doc) - buf->data());
     // Copy partial object to beginning of the buffer.
     memmove(buf->data(), reinterpret_cast(doc), partial_object_len);
-    io.aiocb.aio_offset += io.aiocb.aio_nbytes;
+    io.aiocb.aio_offset    += io.aiocb.aio_nbytes;
     io.aiocb.aio_nbytes    = SCAN_BUF_SIZE - partial_object_len;
     io.aiocb.aio_buf       = buf->data() + partial_object_len;
     scan_fix_buffer_offset = partial_object_len;
diff --git a/iocore/cache/CacheWrite.cc b/iocore/cache/CacheWrite.cc
index b59fe7b6633..5e32aed8a30 100644
--- a/iocore/cache/CacheWrite.cc
+++ b/iocore/cache/CacheWrite.cc
@@ -23,9 +23,9 @@
 
 #include "P_Cache.h"
 
-#define UINT_WRAP_LTE(_x, _y) (((_y) - (_x)) < INT_MAX) // exploit overflow
-#define UINT_WRAP_GTE(_x, _y) (((_x) - (_y)) < INT_MAX) // exploit overflow
-#define UINT_WRAP_LT(_x, _y) (((_x) - (_y)) >= INT_MAX) // exploit overflow
+#define UINT_WRAP_LTE(_x, _y) (((_y) - (_x)) < INT_MAX)  // exploit overflow
+#define UINT_WRAP_GTE(_x, _y) (((_x) - (_y)) < INT_MAX)  // exploit overflow
+#define UINT_WRAP_LT(_x, _y)  (((_x) - (_y)) >= INT_MAX) // exploit overflow
 
 // Given a key, finds the index of the alternate which matches
 // used to get the alternate which is actually present in the document
@@ -226,9 +226,9 @@ CacheVC::handleWrite(int event, Event * /* e ATS_UNUSED */)
 
   set_agg_write_in_progress();
   POP_HANDLER;
-  agg_len = vol->round_to_approx_size(write_len + header_len + frag_len + sizeof(Doc));
+  agg_len            = vol->round_to_approx_size(write_len + header_len + frag_len + sizeof(Doc));
   vol->agg_todo_size += agg_len;
-  bool agg_error = (agg_len > AGG_SIZE || header_len + sizeof(Doc) > MAX_FRAG_SIZE ||
+  bool agg_error     = (agg_len > AGG_SIZE || header_len + sizeof(Doc) > MAX_FRAG_SIZE ||
                     (!f.readers && (vol->agg_todo_size > cache_config_agg_write_backlog + AGG_SIZE) && write_len));
 #ifdef CACHE_AGG_FAIL_RATE
   agg_error = agg_error || ((uint32_t)mutex->thread_holding->generator.random() < (uint32_t)(UINT_MAX * CACHE_AGG_FAIL_RATE));
@@ -240,7 +240,7 @@ CacheVC::handleWrite(int event, Event * /* e ATS_UNUSED */)
     CACHE_INCREMENT_DYN_STAT(cache_write_backlog_failure_stat);
     CACHE_INCREMENT_DYN_STAT(base_stat + CACHE_STAT_FAILURE);
     vol->agg_todo_size -= agg_len;
-    io.aio_result = AIO_SOFT_FAILURE;
+    io.aio_result      = AIO_SOFT_FAILURE;
     if (event == EVENT_CALL) {
       return EVENT_RETURN;
     }
@@ -266,7 +266,7 @@ iobufferblock_memcpy(char *p, int len, IOBufferBlock *ab, int offset)
     char *start   = b->_start;
     char *end     = b->_end;
     int max_bytes = end - start;
-    max_bytes -= offset;
+    max_bytes     -= offset;
     if (max_bytes <= 0) {
       offset = -max_bytes;
       b      = b->next.get();
@@ -277,8 +277,8 @@ iobufferblock_memcpy(char *p, int len, IOBufferBlock *ab, int offset)
       bytes = max_bytes;
     }
     ::memcpy(p, start + offset, bytes);
-    p += bytes;
-    len -= bytes;
+    p      += bytes;
+    len    -= bytes;
     b      = b->next.get();
     offset = 0;
   }
@@ -369,7 +369,7 @@ Vol::aggWriteDone(int event, Event *e)
   }
   if (io.ok()) {
     header->last_write_pos = header->write_pos;
-    header->write_pos += io.aiocb.aio_nbytes;
+    header->write_pos      += io.aiocb.aio_nbytes;
     ink_assert(header->write_pos >= start);
     DDebug("cache_agg", "Dir %s, Write: %" PRIu64 ", last Write: %" PRIu64 "", hash_text.get(), header->write_pos,
            header->last_write_pos);
@@ -533,7 +533,7 @@ CacheVC::evacuateDocDone(int /* event ATS_UNUSED */, Event * /* e ATS_UNUSED */)
           Dir dir_tmp;
           dir_lookaside_probe(&evac->earliest_key, vol, &dir_tmp, &eblock);
           if (eblock) {
-            CacheVC *earliest_evac = eblock->earliest_evacuator;
+            CacheVC *earliest_evac   = eblock->earliest_evacuator;
             earliest_evac->total_len += doc->data_len();
             if (earliest_evac->total_len == earliest_evac->doc_len) {
               dir_lookaside_fixup(&evac->earliest_key, vol);
@@ -569,7 +569,7 @@ CacheVC::evacuateDocDone(int /* event ATS_UNUSED */, Event * /* e ATS_UNUSED */)
           DDebug("cache_evac", "evacuating earliest: %X %d", (int)doc->key.slice32(0), (int)dir_offset(&overwrite_dir));
           ink_assert(dir_compare_tag(&overwrite_dir, &doc->key));
           ink_assert(b->earliest_evacuator == this);
-          total_len += doc->data_len();
+          total_len    += doc->data_len();
           first_key    = doc->first_key;
           earliest_dir = dir;
           if (dir_probe(&first_key, vol, &dir, &last_collision) > 0) {
@@ -633,7 +633,7 @@ Vol::evacuateWrite(CacheVC *evacuator, int event, Event *e)
   // push to front of aggregation write list, so it is written first
 
   evacuator->agg_len = round_to_approx_size((reinterpret_cast(evacuator->buf->data()))->len);
-  agg_todo_size += evacuator->agg_len;
+  agg_todo_size      += evacuator->agg_len;
   /* insert the evacuator after all the other evacuators */
   CacheVC *cur   = static_cast(agg.head);
   CacheVC *after = nullptr;
@@ -1043,8 +1043,8 @@ Vol::aggWrite(int event, void * /* e ATS_UNUSED */)
     int wrotelen = agg_copy(agg_buffer + agg_buf_pos, c);
     ink_assert(writelen == wrotelen);
     agg_todo_size -= writelen;
-    agg_buf_pos += writelen;
-    CacheVC *n = (CacheVC *)c->link.next;
+    agg_buf_pos   += writelen;
+    CacheVC *n    = (CacheVC *)c->link.next;
     agg.dequeue();
     if (c->f.sync && c->f.use_first_key) {
       CacheVC *last = sync.tail;
@@ -1451,11 +1451,11 @@ CacheVC::openWriteMain(int /* event ATS_UNUSED */, Event * /* e ATS_UNUSED */)
   int64_t avail       = total_avail;
   int64_t towrite     = avail + length;
   if (towrite > ntodo) {
-    avail -= (towrite - ntodo);
+    avail   -= (towrite - ntodo);
     towrite = ntodo;
   }
   if (towrite > static_cast(MAX_FRAG_SIZE)) {
-    avail -= (towrite - MAX_FRAG_SIZE);
+    avail   -= (towrite - MAX_FRAG_SIZE);
     towrite = MAX_FRAG_SIZE;
   }
   if (!blocks && towrite) {
diff --git a/iocore/cache/I_Cache.h b/iocore/cache/I_Cache.h
index 5cdb1f604bc..c01a683ced4 100644
--- a/iocore/cache/I_Cache.h
+++ b/iocore/cache/I_Cache.h
@@ -31,19 +31,19 @@
 
 static constexpr ts::ModuleVersion CACHE_MODULE_VERSION(1, 0);
 
-#define CACHE_WRITE_OPT_OVERWRITE 0x0001
+#define CACHE_WRITE_OPT_OVERWRITE      0x0001
 #define CACHE_WRITE_OPT_CLOSE_COMPLETE 0x0002
-#define CACHE_WRITE_OPT_SYNC (CACHE_WRITE_OPT_CLOSE_COMPLETE | 0x0004)
+#define CACHE_WRITE_OPT_SYNC           (CACHE_WRITE_OPT_CLOSE_COMPLETE | 0x0004)
 #define CACHE_WRITE_OPT_OVERWRITE_SYNC (CACHE_WRITE_OPT_SYNC | CACHE_WRITE_OPT_OVERWRITE)
 
 #define SCAN_KB_PER_SECOND 8192 // 1TB/8MB = 131072 = 36 HOURS to scan a TB
 
 #define RAM_CACHE_ALGORITHM_CLFUS 0
-#define RAM_CACHE_ALGORITHM_LRU 1
+#define RAM_CACHE_ALGORITHM_LRU   1
 
-#define CACHE_COMPRESSION_NONE 0
-#define CACHE_COMPRESSION_FASTLZ 1
-#define CACHE_COMPRESSION_LIBZ 2
+#define CACHE_COMPRESSION_NONE    0
+#define CACHE_COMPRESSION_FASTLZ  1
+#define CACHE_COMPRESSION_LIBZ    2
 #define CACHE_COMPRESSION_LIBLZMA 3
 
 enum { RAM_HIT_COMPRESS_NONE = 1, RAM_HIT_COMPRESS_FASTLZ, RAM_HIT_COMPRESS_LIBZ, RAM_HIT_COMPRESS_LIBLZMA, RAM_HIT_LAST_ENTRY };
diff --git a/iocore/cache/I_CacheDefs.h b/iocore/cache/I_CacheDefs.h
index b8dfd5c3bd6..8d7bf98b8a9 100644
--- a/iocore/cache/I_CacheDefs.h
+++ b/iocore/cache/I_CacheDefs.h
@@ -25,12 +25,12 @@
 
 #include "tscore/CryptoHash.h"
 
-#define CACHE_INIT_FAILED -1
+#define CACHE_INIT_FAILED  -1
 #define CACHE_INITIALIZING 0
-#define CACHE_INITIALIZED 1
+#define CACHE_INITIALIZED  1
 
 #define CACHE_ALT_INDEX_DEFAULT -1
-#define CACHE_ALT_REMOVED -2
+#define CACHE_ALT_REMOVED       -2
 
 static const uint8_t CACHE_DB_MAJOR_VERSION = 24;
 static const uint8_t CACHE_DB_MINOR_VERSION = 2;
@@ -45,19 +45,19 @@ static const uint8_t CACHE_DIR_MINOR_VERSION = 0;
 #define CACHE_DB_FDS 128
 
 // opcodes
-#define CACHE_OPEN_READ 1
-#define CACHE_OPEN_READ_BUFFER 2
-#define CACHE_OPEN_READ_LONG 3
-#define CACHE_OPEN_READ_BUFFER_LONG 4
-#define CACHE_OPEN_WRITE 5
-#define CACHE_OPEN_WRITE_BUFFER 6
-#define CACHE_OPEN_WRITE_LONG 7
+#define CACHE_OPEN_READ              1
+#define CACHE_OPEN_READ_BUFFER       2
+#define CACHE_OPEN_READ_LONG         3
+#define CACHE_OPEN_READ_BUFFER_LONG  4
+#define CACHE_OPEN_WRITE             5
+#define CACHE_OPEN_WRITE_BUFFER      6
+#define CACHE_OPEN_WRITE_LONG        7
 #define CACHE_OPEN_WRITE_BUFFER_LONG 8
-#define CACHE_UPDATE 9
-#define CACHE_REMOVE 10
-#define CACHE_LINK 11
-#define CACHE_DEREF 12
-#define CACHE_LOOKUP_OP 13
+#define CACHE_UPDATE                 9
+#define CACHE_REMOVE                 10
+#define CACHE_LINK                   11
+#define CACHE_DEREF                  12
+#define CACHE_LOOKUP_OP              13
 
 enum CacheType {
   CACHE_NONE_TYPE = 0, // for empty disk fragments
@@ -130,7 +130,7 @@ struct HttpCacheKey {
 };
 
 #define CACHE_ALLOW_MULTIPLE_WRITES 1
-#define CACHE_EXPECTED_SIZE 32768
+#define CACHE_EXPECTED_SIZE         32768
 
 /* uses of the CacheKey
    word(0) - cache partition segment
diff --git a/iocore/cache/I_Store.h b/iocore/cache/I_Store.h
index dc0b4e12e43..c32f02e7627 100644
--- a/iocore/cache/I_Store.h
+++ b/iocore/cache/I_Store.h
@@ -33,8 +33,8 @@
 #include "tscore/ink_platform.h"
 #include "tscore/Result.h"
 
-#define STORE_BLOCK_SIZE 8192
-#define STORE_BLOCK_SHIFT 13
+#define STORE_BLOCK_SIZE       8192
+#define STORE_BLOCK_SHIFT      13
 #define DEFAULT_HW_SECTOR_SIZE 512
 
 enum span_error_t {
diff --git a/iocore/cache/P_CacheDir.h b/iocore/cache/P_CacheDir.h
index b83e6111ab6..267912472f5 100644
--- a/iocore/cache/P_CacheDir.h
+++ b/iocore/cache/P_CacheDir.h
@@ -35,31 +35,31 @@ struct CacheVC;
 
 // Constants
 
-#define DIR_TAG_WIDTH 12
-#define DIR_MASK_TAG(_t) ((_t) & ((1 << DIR_TAG_WIDTH) - 1))
-#define SIZEOF_DIR 10
+#define DIR_TAG_WIDTH         12
+#define DIR_MASK_TAG(_t)      ((_t) & ((1 << DIR_TAG_WIDTH) - 1))
+#define SIZEOF_DIR            10
 #define ESTIMATED_OBJECT_SIZE 8000
 
-#define MAX_DIR_SEGMENTS (32 * (1 << 16))
-#define DIR_DEPTH 4
+#define MAX_DIR_SEGMENTS        (32 * (1 << 16))
+#define DIR_DEPTH               4
 #define MAX_ENTRIES_PER_SEGMENT (1 << 16)
 #define MAX_BUCKETS_PER_SEGMENT (MAX_ENTRIES_PER_SEGMENT / DIR_DEPTH)
-#define DIR_SIZE_WIDTH 6
-#define DIR_BLOCK_SIZES 4
-#define DIR_BLOCK_SHIFT(_i) (3 * (_i))
-#define DIR_BLOCK_SIZE(_i) (CACHE_BLOCK_SIZE << DIR_BLOCK_SHIFT(_i))
+#define DIR_SIZE_WIDTH          6
+#define DIR_BLOCK_SIZES         4
+#define DIR_BLOCK_SHIFT(_i)     (3 * (_i))
+#define DIR_BLOCK_SIZE(_i)      (CACHE_BLOCK_SIZE << DIR_BLOCK_SHIFT(_i))
 #define DIR_SIZE_WITH_BLOCK(_i) ((1 << DIR_SIZE_WIDTH) * DIR_BLOCK_SIZE(_i))
-#define DIR_OFFSET_BITS 40
-#define DIR_OFFSET_MAX ((((off_t)1) << DIR_OFFSET_BITS) - 1)
+#define DIR_OFFSET_BITS         40
+#define DIR_OFFSET_MAX          ((((off_t)1) << DIR_OFFSET_BITS) - 1)
 
-#define SYNC_MAX_WRITE (2 * 1024 * 1024)
-#define SYNC_DELAY HRTIME_MSECONDS(500)
+#define SYNC_MAX_WRITE     (2 * 1024 * 1024)
+#define SYNC_DELAY         HRTIME_MSECONDS(500)
 #define DO_NOT_REMOVE_THIS 0
 
 // Debugging Options
 
-//#define DO_CHECK_DIR_FAST
-//#define DO_CHECK_DIR
+// #define DO_CHECK_DIR_FAST
+// #define DO_CHECK_DIR
 
 // Macros
 
@@ -92,7 +92,7 @@ struct CacheVC;
 #define dir_write_valid(_d, _e) \
   (_d->header->phase == dir_phase(_e) ? vol_in_phase_valid(_d, _e) : vol_out_of_phase_write_valid(_d, _e))
 #define dir_agg_buf_valid(_d, _e) (_d->header->phase == dir_phase(_e) && _d->vol_in_phase_agg_buf_valid(_e))
-#define dir_is_empty(_e) (!dir_offset(_e))
+#define dir_is_empty(_e)          (!dir_offset(_e))
 #define dir_clear(_e) \
   do {                \
     (_e)->w[0] = 0;   \
@@ -124,15 +124,15 @@ struct Dir {
   // USE MACROS TO PREVENT UNALIGNED LOADS
   // bits are numbered from lowest in u16 to highest
   // always index as u16 to avoid byte order issues
-  unsigned int offset : 24;      // (0,1:0-7) 16M * 512 = 8GB
-  unsigned int big : 2;          // (1:8-9) 512 << (3 * big)
-  unsigned int size : 6;         // (1:10-15) 6**2 = 64, 64*512 = 32768 .. 64*256=16MB
-  unsigned int tag : 12;         // (2:0-11) 2048 / 8 entries/bucket = .4%
-  unsigned int phase : 1;        // (2:12)
-  unsigned int head : 1;         // (2:13) first segment in a document
-  unsigned int pinned : 1;       // (2:14)
-  unsigned int token : 1;        // (2:15)
-  unsigned int next : 16;        // (3)
+  unsigned int offset      : 24; // (0,1:0-7) 16M * 512 = 8GB
+  unsigned int big         : 2;  // (1:8-9) 512 << (3 * big)
+  unsigned int size        : 6;  // (1:10-15) 6**2 = 64, 64*512 = 32768 .. 64*256=16MB
+  unsigned int tag         : 12; // (2:0-11) 2048 / 8 entries/bucket = .4%
+  unsigned int phase       : 1;  // (2:12)
+  unsigned int head        : 1;  // (2:13) first segment in a document
+  unsigned int pinned      : 1;  // (2:14)
+  unsigned int token       : 1;  // (2:15)
+  unsigned int next        : 16; // (3)
   unsigned int offset_high : 16; // 8GB * 65k = 0.5PB (4)
 #else
   uint16_t w[5];
@@ -146,10 +146,10 @@ struct FreeDir {
 #if DO_NOT_REMOVE_THIS
   // THE BIT-FIELD INTERPRETATION OF THIS STRUCT WHICH HAS TO
   // USE MACROS TO PREVENT UNALIGNED LOADS
-  unsigned int offset : 24; // 0: empty
-  unsigned int reserved : 8;
-  unsigned int prev : 16;        // (2)
-  unsigned int next : 16;        // (3)
+  unsigned int offset      : 24; // 0: empty
+  unsigned int reserved    : 8;
+  unsigned int prev        : 16; // (2)
+  unsigned int next        : 16; // (3)
   unsigned int offset_high : 16; // 0: empty
 #else
   uint16_t w[5];
@@ -165,12 +165,12 @@ struct FreeDir {
     (_e)->w[1] = (uint16_t)((((_o) >> 16) & 0xFF) | ((_e)->w[1] & 0xFF00)); \
     (_e)->w[4] = (uint16_t)((_o) >> 24);                                    \
   } while (0)
-#define dir_bit(_e, _w, _b) ((uint32_t)(((_e)->w[_w] >> (_b)) & 1))
+#define dir_bit(_e, _w, _b)         ((uint32_t)(((_e)->w[_w] >> (_b)) & 1))
 #define dir_set_bit(_e, _w, _b, _v) (_e)->w[_w] = (uint16_t)(((_e)->w[_w] & ~(1 << (_b))) | (((_v) ? 1 : 0) << (_b)))
-#define dir_big(_e) ((uint32_t)((((_e)->w[1]) >> 8) & 0x3))
-#define dir_set_big(_e, _v) (_e)->w[1] = (uint16_t)(((_e)->w[1] & 0xFCFF) | (((uint16_t)(_v)) & 0x3) << 8)
-#define dir_size(_e) ((uint32_t)(((_e)->w[1]) >> 10))
-#define dir_set_size(_e, _v) (_e)->w[1] = (uint16_t)(((_e)->w[1] & ((1 << 10) - 1)) | ((_v) << 10))
+#define dir_big(_e)                 ((uint32_t)((((_e)->w[1]) >> 8) & 0x3))
+#define dir_set_big(_e, _v)         (_e)->w[1] = (uint16_t)(((_e)->w[1] & 0xFCFF) | (((uint16_t)(_v)) & 0x3) << 8)
+#define dir_size(_e)                ((uint32_t)(((_e)->w[1]) >> 10))
+#define dir_set_size(_e, _v)        (_e)->w[1] = (uint16_t)(((_e)->w[1] & ((1 << 10) - 1)) | ((_v) << 10))
 #define dir_set_approx_size(_e, _s)                   \
   do {                                                \
     if ((_s) <= DIR_SIZE_WITH_BLOCK(0)) {             \
@@ -197,16 +197,16 @@ struct FreeDir {
 #define dir_tag(_e) ((uint32_t)((_e)->w[2] & ((1 << DIR_TAG_WIDTH) - 1)))
 #define dir_set_tag(_e, _t) \
   (_e)->w[2] = (uint16_t)(((_e)->w[2] & ~((1 << DIR_TAG_WIDTH) - 1)) | ((_t) & ((1 << DIR_TAG_WIDTH) - 1)))
-#define dir_phase(_e) dir_bit(_e, 2, 12)
-#define dir_set_phase(_e, _v) dir_set_bit(_e, 2, 12, _v)
-#define dir_head(_e) dir_bit(_e, 2, 13)
-#define dir_set_head(_e, _v) dir_set_bit(_e, 2, 13, _v)
-#define dir_pinned(_e) dir_bit(_e, 2, 14)
+#define dir_phase(_e)          dir_bit(_e, 2, 12)
+#define dir_set_phase(_e, _v)  dir_set_bit(_e, 2, 12, _v)
+#define dir_head(_e)           dir_bit(_e, 2, 13)
+#define dir_set_head(_e, _v)   dir_set_bit(_e, 2, 13, _v)
+#define dir_pinned(_e)         dir_bit(_e, 2, 14)
 #define dir_set_pinned(_e, _v) dir_set_bit(_e, 2, 14, _v)
 // Bit 2:15 is unused.
-#define dir_next(_e) (_e)->w[3]
+#define dir_next(_e)         (_e)->w[3]
 #define dir_set_next(_e, _o) (_e)->w[3] = (uint16_t)(_o)
-#define dir_prev(_e) (_e)->w[2]
+#define dir_prev(_e)         (_e)->w[2]
 #define dir_set_prev(_e, _o) (_e)->w[2] = (uint16_t)(_o)
 
 // INKqa11166 - Cache can not store 2 HTTP alternates simultaneously.
diff --git a/iocore/cache/P_CacheDisk.h b/iocore/cache/P_CacheDisk.h
index 134a57231ee..30bea53adc0 100644
--- a/iocore/cache/P_CacheDisk.h
+++ b/iocore/cache/P_CacheDisk.h
@@ -27,19 +27,19 @@
 
 extern int cache_config_max_disk_errors;
 
-#define DISK_BAD(_x) ((_x)->num_errors >= cache_config_max_disk_errors)
+#define DISK_BAD(_x)           ((_x)->num_errors >= cache_config_max_disk_errors)
 #define DISK_BAD_SIGNALLED(_x) (_x->num_errors > cache_config_max_disk_errors)
-#define SET_DISK_BAD(_x) (_x->num_errors = cache_config_max_disk_errors)
-#define SET_DISK_OKAY(_x) (_x->num_errors = 0)
+#define SET_DISK_BAD(_x)       (_x->num_errors = cache_config_max_disk_errors)
+#define SET_DISK_OKAY(_x)      (_x->num_errors = 0)
 
-#define VOL_BLOCK_SIZE (1024 * 1024 * 128)
-#define MIN_VOL_SIZE VOL_BLOCK_SIZE
-#define ROUND_DOWN_TO_VOL_BLOCK(_x) (((_x) & ~(VOL_BLOCK_SIZE - 1)))
-#define VOL_BLOCK_SHIFT 27
+#define VOL_BLOCK_SIZE                (1024 * 1024 * 128)
+#define MIN_VOL_SIZE                  VOL_BLOCK_SIZE
+#define ROUND_DOWN_TO_VOL_BLOCK(_x)   (((_x) & ~(VOL_BLOCK_SIZE - 1)))
+#define VOL_BLOCK_SHIFT               27
 #define ROUND_DOWN_TO_STORE_BLOCK(_x) (((_x) >> STORE_BLOCK_SHIFT) << STORE_BLOCK_SHIFT)
 
 #define STORE_BLOCKS_PER_VOL (VOL_BLOCK_SIZE / STORE_BLOCK_SIZE)
-#define DISK_HEADER_MAGIC 0xABCD1237
+#define DISK_HEADER_MAGIC    0xABCD1237
 
 /* each disk vol block has a corresponding Vol object */
 struct CacheDisk;
diff --git a/iocore/cache/P_CacheHosting.h b/iocore/cache/P_CacheHosting.h
index 6fe4887b4e8..7e13c72aaef 100644
--- a/iocore/cache/P_CacheHosting.h
+++ b/iocore/cache/P_CacheHosting.h
@@ -166,7 +166,7 @@ template  class ReplaceablePtr
     }
 
   private:
-    ScopedReader(const ScopedReader &) = delete;
+    ScopedReader(const ScopedReader &)            = delete;
     ScopedReader &operator=(const ScopedReader &) = delete;
 
     ReplaceablePtr *ptr;
@@ -198,14 +198,14 @@ template  class ReplaceablePtr
     }
 
   private:
-    ScopedWriter(const ScopedWriter &) = delete;
+    ScopedWriter(const ScopedWriter &)            = delete;
     ScopedWriter &operator=(const ScopedWriter &) = delete;
 
     ReplaceablePtr *ptr;
   };
 
 private:
-  ReplaceablePtr(const ReplaceablePtr &) = delete;
+  ReplaceablePtr(const ReplaceablePtr &)            = delete;
   ReplaceablePtr &operator=(const ReplaceablePtr &) = delete;
 
   std::unique_ptr h = nullptr;
diff --git a/iocore/cache/P_CacheInternal.h b/iocore/cache/P_CacheInternal.h
index e6c25849e7f..b3bdda40bbb 100644
--- a/iocore/cache/P_CacheInternal.h
+++ b/iocore/cache/P_CacheInternal.h
@@ -404,7 +404,7 @@ struct CacheVC : public CacheVConnection {
   time_t get_pin_in_cache() override;
 
 // offsets from the base stat
-#define CACHE_STAT_ACTIVE 0
+#define CACHE_STAT_ACTIVE  0
 #define CACHE_STAT_SUCCESS 1
 #define CACHE_STAT_FAILURE 2
 
@@ -491,27 +491,27 @@ struct CacheVC : public CacheVConnection {
   union {
     uint32_t flags;
     struct {
-      unsigned int use_first_key : 1;
-      unsigned int overwrite : 1;      // overwrite first_key Dir if it exists
-      unsigned int close_complete : 1; // WRITE_COMPLETE is final
-      unsigned int sync : 1;           // write to be committed to durable storage before WRITE_COMPLETE
-      unsigned int evacuator : 1;
-      unsigned int single_fragment : 1;
-      unsigned int evac_vector : 1;
-      unsigned int lookup : 1;
-      unsigned int update : 1;
-      unsigned int remove : 1;
-      unsigned int remove_aborted_writers : 1;
-      unsigned int open_read_timeout : 1; // UNUSED
-      unsigned int data_done : 1;
+      unsigned int use_first_key           : 1;
+      unsigned int overwrite               : 1; // overwrite first_key Dir if it exists
+      unsigned int close_complete          : 1; // WRITE_COMPLETE is final
+      unsigned int sync                    : 1; // write to be committed to durable storage before WRITE_COMPLETE
+      unsigned int evacuator               : 1;
+      unsigned int single_fragment         : 1;
+      unsigned int evac_vector             : 1;
+      unsigned int lookup                  : 1;
+      unsigned int update                  : 1;
+      unsigned int remove                  : 1;
+      unsigned int remove_aborted_writers  : 1;
+      unsigned int open_read_timeout       : 1; // UNUSED
+      unsigned int data_done               : 1;
       unsigned int read_from_writer_called : 1;
-      unsigned int not_from_ram_cache : 1; // entire object was from ram cache
-      unsigned int rewrite_resident_alt : 1;
-      unsigned int readers : 1;
-      unsigned int doc_from_ram_cache : 1;
-      unsigned int hit_evacuate : 1;
-      unsigned int compressed_in_ram : 1; // compressed state in ram cache
-      unsigned int allow_empty_doc : 1;   // used for cache empty http document
+      unsigned int not_from_ram_cache      : 1; // entire object was from ram cache
+      unsigned int rewrite_resident_alt    : 1;
+      unsigned int readers                 : 1;
+      unsigned int doc_from_ram_cache      : 1;
+      unsigned int hit_evacuate            : 1;
+      unsigned int compressed_in_ram       : 1; // compressed state in ram cache
+      unsigned int allow_empty_doc         : 1; // used for cache empty http document
     } f;
   };
   // BTF optimization used to skip reading stuff in cache partition that doesn't contain any
@@ -971,7 +971,7 @@ int64_t cache_bytes_total();
 
 #ifdef DEBUG
 #define CACHE_DEBUG_INCREMENT_DYN_STAT(_x) CACHE_INCREMENT_DYN_STAT(_x)
-#define CACHE_DEBUG_SUM_DYN_STAT(_x, _y) CACHE_SUM_DYN_STAT(_x, _y)
+#define CACHE_DEBUG_SUM_DYN_STAT(_x, _y)   CACHE_SUM_DYN_STAT(_x, _y)
 #else
 #define CACHE_DEBUG_INCREMENT_DYN_STAT(_x)
 #define CACHE_DEBUG_SUM_DYN_STAT(_x, _y)
diff --git a/iocore/cache/P_CacheTest.h b/iocore/cache/P_CacheTest.h
index 40d797cdb18..9d21f8b640d 100644
--- a/iocore/cache/P_CacheTest.h
+++ b/iocore/cache/P_CacheTest.h
@@ -26,9 +26,9 @@
 #include "P_Cache.h"
 #include "RegressionSM.h"
 
-#define MAX_HOSTS_POSSIBLE 256
+#define MAX_HOSTS_POSSIBLE    256
 #define PINNED_DOC_TABLE_SIZE 16
-#define PINNED_DOC_TABLES 246
+#define PINNED_DOC_TABLES     246
 
 struct PinnedDocEntry {
   CacheKey key;
@@ -127,22 +127,24 @@ struct CacheTestSM : public RegressionSM {
 };
 
 // It is 2010 and C++ STILL doesn't have closures, a technology of the 1950s, unbelievable
-#define CACHE_SM(_t, _sm, _f)                                               \
-  struct CacheTestSM__##_sm : public CacheTestSM {                          \
-    void                                                                    \
-    make_request_internal() override _f                                     \
-                                                                            \
-      CacheTestSM__##_sm(RegressionTest *t)                                 \
-      : CacheTestSM(t, #_sm)                                                \
-    {                                                                       \
-    }                                                                       \
-                                                                            \
-    CacheTestSM__##_sm(const CacheTestSM__##_sm &xsm) : CacheTestSM(xsm) {} \
-    RegressionSM *                                                          \
-    clone() override                                                        \
-    {                                                                       \
-      return new CacheTestSM__##_sm(*this);                                 \
-    }                                                                       \
+#define CACHE_SM(_t, _sm, _f)                                            \
+  struct CacheTestSM__##_sm : public CacheTestSM {                       \
+    void                                                                 \
+    make_request_internal() override _f                                  \
+                                                                         \
+      CacheTestSM__##_sm(RegressionTest *t)                              \
+      : CacheTestSM(t, #_sm)                                             \
+    {                                                                    \
+    }                                                                    \
+                                                                         \
+    CacheTestSM__##_sm(const CacheTestSM__##_sm &xsm) : CacheTestSM(xsm) \
+    {                                                                    \
+    }                                                                    \
+    RegressionSM *                                                       \
+    clone() override                                                     \
+    {                                                                    \
+      return new CacheTestSM__##_sm(*this);                              \
+    }                                                                    \
   } _sm(_t);
 
 void force_link_CacheTest();
diff --git a/iocore/cache/P_CacheVol.h b/iocore/cache/P_CacheVol.h
index 3c7c5d9f3d3..d760f583da9 100644
--- a/iocore/cache/P_CacheVol.h
+++ b/iocore/cache/P_CacheVol.h
@@ -25,45 +25,45 @@
 
 #include 
 
-#define CACHE_BLOCK_SHIFT 9
-#define CACHE_BLOCK_SIZE (1 << CACHE_BLOCK_SHIFT) // 512, smallest sector size
+#define CACHE_BLOCK_SHIFT        9
+#define CACHE_BLOCK_SIZE         (1 << CACHE_BLOCK_SHIFT) // 512, smallest sector size
 #define ROUND_TO_STORE_BLOCK(_x) INK_ALIGN((_x), STORE_BLOCK_SIZE)
 #define ROUND_TO_CACHE_BLOCK(_x) INK_ALIGN((_x), CACHE_BLOCK_SIZE)
-#define ROUND_TO_SECTOR(_p, _x) INK_ALIGN((_x), _p->sector_size)
-#define ROUND_TO(_x, _y) INK_ALIGN((_x), (_y))
+#define ROUND_TO_SECTOR(_p, _x)  INK_ALIGN((_x), _p->sector_size)
+#define ROUND_TO(_x, _y)         INK_ALIGN((_x), (_y))
 
 // Vol (volumes)
-#define VOL_MAGIC 0xF1D0F00D
-#define START_BLOCKS 16 // 8k, STORE_BLOCK_SIZE
-#define START_POS ((off_t)START_BLOCKS * CACHE_BLOCK_SIZE)
-#define AGG_SIZE (4 * 1024 * 1024)     // 4MB
-#define AGG_HIGH_WATER (AGG_SIZE / 2)  // 2MB
-#define EVACUATION_SIZE (2 * AGG_SIZE) // 8MB
-#define MAX_VOL_SIZE ((off_t)512 * 1024 * 1024 * 1024 * 1024)
-#define MAX_VOL_BLOCKS (MAX_VOL_SIZE / CACHE_BLOCK_SIZE)
-#define MAX_FRAG_SIZE (AGG_SIZE - sizeof(Doc)) // true max
-#define LEAVE_FREE DEFAULT_MAX_BUFFER_SIZE
-#define PIN_SCAN_EVERY 16 // scan every 1/16 of disk
-#define VOL_HASH_TABLE_SIZE 32707
-#define VOL_HASH_EMPTY 0xFFFF
-#define VOL_HASH_ALLOC_SIZE (8 * 1024 * 1024) // one chance per this unit
-#define LOOKASIDE_SIZE 256
-#define EVACUATION_BUCKET_SIZE (2 * EVACUATION_SIZE) // 16MB
-#define RECOVERY_SIZE EVACUATION_SIZE                // 8MB
-#define AIO_NOT_IN_PROGRESS -1
-#define AIO_AGG_WRITE_IN_PROGRESS -2
-#define AUTO_SIZE_RAM_CACHE -1                               // 1-1 with directory size
+#define VOL_MAGIC                    0xF1D0F00D
+#define START_BLOCKS                 16 // 8k, STORE_BLOCK_SIZE
+#define START_POS                    ((off_t)START_BLOCKS * CACHE_BLOCK_SIZE)
+#define AGG_SIZE                     (4 * 1024 * 1024) // 4MB
+#define AGG_HIGH_WATER               (AGG_SIZE / 2)    // 2MB
+#define EVACUATION_SIZE              (2 * AGG_SIZE)    // 8MB
+#define MAX_VOL_SIZE                 ((off_t)512 * 1024 * 1024 * 1024 * 1024)
+#define MAX_VOL_BLOCKS               (MAX_VOL_SIZE / CACHE_BLOCK_SIZE)
+#define MAX_FRAG_SIZE                (AGG_SIZE - sizeof(Doc)) // true max
+#define LEAVE_FREE                   DEFAULT_MAX_BUFFER_SIZE
+#define PIN_SCAN_EVERY               16 // scan every 1/16 of disk
+#define VOL_HASH_TABLE_SIZE          32707
+#define VOL_HASH_EMPTY               0xFFFF
+#define VOL_HASH_ALLOC_SIZE          (8 * 1024 * 1024) // one chance per this unit
+#define LOOKASIDE_SIZE               256
+#define EVACUATION_BUCKET_SIZE       (2 * EVACUATION_SIZE) // 16MB
+#define RECOVERY_SIZE                EVACUATION_SIZE       // 8MB
+#define AIO_NOT_IN_PROGRESS          -1
+#define AIO_AGG_WRITE_IN_PROGRESS    -2
+#define AUTO_SIZE_RAM_CACHE          -1                      // 1-1 with directory size
 #define DEFAULT_TARGET_FRAGMENT_SIZE (1048576 - sizeof(Doc)) // 1MB
 
 #define dir_offset_evac_bucket(_o) (_o / (EVACUATION_BUCKET_SIZE / CACHE_BLOCK_SIZE))
-#define dir_evac_bucket(_e) dir_offset_evac_bucket(dir_offset(_e))
+#define dir_evac_bucket(_e)        dir_offset_evac_bucket(dir_offset(_e))
 #define offset_evac_bucket(_d, _o) \
   dir_offset_evac_bucket((_d->offset_to_vol_offset(_o)
 
 // Documents
 
-#define DOC_MAGIC ((uint32_t)0x5F129B13)
-#define DOC_CORRUPT ((uint32_t)0xDEADBABE)
+#define DOC_MAGIC       ((uint32_t)0x5F129B13)
+#define DOC_CORRUPT     ((uint32_t)0xDEADBABE)
 #define DOC_NO_CHECKSUM ((uint32_t)0xA0B0C0D0)
 
 struct Cache;
@@ -102,10 +102,10 @@ struct EvacuationBlock {
   union {
     unsigned int init;
     struct {
-      unsigned int done : 1;          // has been evacuated
-      unsigned int pinned : 1;        // check pinning timeout
+      unsigned int done          : 1; // has been evacuated
+      unsigned int pinned        : 1; // check pinning timeout
       unsigned int evacuate_head : 1; // check pinning timeout
-      unsigned int unused : 29;
+      unsigned int unused        : 29;
     } f;
   };
 
@@ -291,9 +291,9 @@ struct Doc {
 #endif
   uint32_t hlen;         ///< Length of this header.
   uint32_t doc_type : 8; ///< Doc type - indicates the format of this structure and its content.
-  uint32_t v_major : 8;  ///< Major version number.
-  uint32_t v_minor : 8;  ///< Minor version number.
-  uint32_t unused : 8;   ///< Unused, forced to zero.
+  uint32_t v_major  : 8; ///< Major version number.
+  uint32_t v_minor  : 8; ///< Minor version number.
+  uint32_t unused   : 8; ///< Unused, forced to zero.
   uint32_t sync_serial;
   uint32_t write_serial;
   uint32_t pinned; // pinned until
diff --git a/iocore/cache/RamCacheCLFUS.cc b/iocore/cache/RamCacheCLFUS.cc
index d939091cb31..803cb69abb2 100644
--- a/iocore/cache/RamCacheCLFUS.cc
+++ b/iocore/cache/RamCacheCLFUS.cc
@@ -35,18 +35,18 @@
 #endif
 
 #define REQUIRED_COMPRESSION 0.9 // must get to this size or declared incompressible
-#define REQUIRED_SHRINK 0.8      // must get to this size or keep original buffer (with padding)
-#define HISTORY_HYSTERIA 10      // extra temporary history
-#define ENTRY_OVERHEAD 256       // per-entry overhead to consider when computing cache value/size
-#define LZMA_BASE_MEMLIMIT (64 * 1024 * 1024)
-//#define CHECK_ACOUNTING 1 // very expensive double checking of all sizes
+#define REQUIRED_SHRINK      0.8 // must get to this size or keep original buffer (with padding)
+#define HISTORY_HYSTERIA     10  // extra temporary history
+#define ENTRY_OVERHEAD       256 // per-entry overhead to consider when computing cache value/size
+#define LZMA_BASE_MEMLIMIT   (64 * 1024 * 1024)
+// #define CHECK_ACOUNTING 1 // very expensive double checking of all sizes
 
-#define REQUEUE_HITS(_h) ((_h) ? ((_h)-1) : 0)
+#define REQUEUE_HITS(_h)              ((_h) ? ((_h)-1) : 0)
 #define CACHE_VALUE_HITS_SIZE(_h, _s) ((float)((_h) + 1) / ((_s) + ENTRY_OVERHEAD))
-#define CACHE_VALUE(_x) CACHE_VALUE_HITS_SIZE((_x)->hits, (_x)->size)
+#define CACHE_VALUE(_x)               CACHE_VALUE_HITS_SIZE((_x)->hits, (_x)->size)
 
 #define AVERAGE_VALUE_OVER 100
-#define REQUEUE_LIMIT 100
+#define REQUEUE_LIMIT      100
 
 struct RamCacheCLFUSEntry {
   CryptoHash key;
@@ -57,10 +57,10 @@ struct RamCacheCLFUSEntry {
   uint32_t compressed_len;
   union {
     struct {
-      uint32_t compressed : 3; // compression type
+      uint32_t compressed     : 3; // compression type
       uint32_t incompressible : 1;
-      uint32_t lru : 1;
-      uint32_t copy : 1; // copy-in-copy-out
+      uint32_t lru            : 1;
+      uint32_t copy           : 1; // copy-in-copy-out
     } flag_bits;
     uint32_t flags;
   };
@@ -219,7 +219,7 @@ check_accounting(RamCacheCLFUS *c)
   while (y) {
     x++;
     xsize += y->size + ENTRY_OVERHEAD;
-    y = y->lru_link.next;
+    y     = y->lru_link.next;
   }
   y = c->lru[1].head;
   while (y) {
@@ -294,7 +294,7 @@ RamCacheCLFUS::get(CryptoHash *key, Ptr *ret_data, uint64_t auxkey
           data->_mem_type    = DEFAULT_ALLOC;
           if (!e->flag_bits.copy) { // don't bother if we have to copy anyway
             int64_t delta = (static_cast(e->compressed_len)) - static_cast(e->size);
-            this->_bytes += delta;
+            this->_bytes  += delta;
             CACHE_SUM_DYN_STAT_THREAD(cache_ram_cache_bytes_stat, delta);
             e->size = e->compressed_len;
             check_accounting(this);
@@ -527,7 +527,7 @@ RamCacheCLFUS::compress_entries(EThread *thread, int do_at_most)
         ats_free(b);
         e->compressed_len = l;
         int64_t delta     = (static_cast(l)) - static_cast(e->size);
-        this->_bytes += delta;
+        this->_bytes      += delta;
         CACHE_SUM_DYN_STAT_THREAD(cache_ram_cache_bytes_stat, delta);
         e->size = l;
       } else {
@@ -536,7 +536,7 @@ RamCacheCLFUS::compress_entries(EThread *thread, int do_at_most)
         bb                      = static_cast(ats_malloc(e->len));
         memcpy(bb, e->data->data(), e->len);
         int64_t delta = (static_cast(e->len)) - static_cast(e->size);
-        this->_bytes += delta;
+        this->_bytes  += delta;
         CACHE_SUM_DYN_STAT_THREAD(cache_ram_cache_bytes_stat, delta);
         e->size = e->len;
         l       = e->len;
@@ -562,7 +562,8 @@ RamCacheCLFUS::compress_entries(EThread *thread, int do_at_most)
   return;
 }
 
-void RamCacheCLFUS::_requeue_victims(Que(RamCacheCLFUSEntry, lru_link) & victims)
+void
+RamCacheCLFUS::_requeue_victims(Que(RamCacheCLFUSEntry, lru_link) & victims)
 {
   RamCacheCLFUSEntry *victim = nullptr;
   while ((victim = victims.dequeue())) {
@@ -601,7 +602,7 @@ RamCacheCLFUS::put(CryptoHash *key, IOBufferData *data, uint32_t len, bool copy,
       this->_lru[e->flag_bits.lru].remove(e);
       this->_lru[e->flag_bits.lru].enqueue(e);
       int64_t delta = (static_cast(size)) - static_cast(e->size);
-      this->_bytes += delta;
+      this->_bytes  += delta;
       CACHE_SUM_DYN_STAT_THREAD(cache_ram_cache_bytes_stat, delta);
       if (!copy) {
         e->size = size;
@@ -722,7 +723,7 @@ RamCacheCLFUS::put(CryptoHash *key, IOBufferData *data, uint32_t len, bool copy,
     e->data->_mem_type = DEFAULT_ALLOC;
   }
   e->flag_bits.copy = copy;
-  this->_bytes += size + ENTRY_OVERHEAD;
+  this->_bytes      += size + ENTRY_OVERHEAD;
   CACHE_SUM_DYN_STAT_THREAD(cache_ram_cache_bytes_stat, size);
   e->size = size;
   this->_objects++;
diff --git a/iocore/cache/Store.cc b/iocore/cache/Store.cc
index 5c7c799fdda..b3c75bf0067 100644
--- a/iocore/cache/Store.cc
+++ b/iocore/cache/Store.cc
@@ -613,8 +613,8 @@ try_alloc(Store &target, Span *source, unsigned int start_blocks, bool one_only
         source->offset += a;
       }
       source->blocks -= a;
-      ds = d;
-      blocks -= a;
+      ds             = d;
+      blocks         -= a;
       if (one_only) {
         break;
       }
diff --git a/iocore/cache/test/CacheTestHandler.h b/iocore/cache/test/CacheTestHandler.h
index 3d2c1a0b697..ea8724a8e1b 100644
--- a/iocore/cache/test/CacheTestHandler.h
+++ b/iocore/cache/test/CacheTestHandler.h
@@ -26,8 +26,8 @@
 void test_done();
 
 #define TEST_DONE() test_done();
-#define T_DONE 1
-#define T_CONT 1
+#define T_DONE      1
+#define T_CONT      1
 
 #define DEFAULT_URL "http://www.scw00.com/"
 
diff --git a/iocore/cache/test/main.cc b/iocore/cache/test/main.cc
index 9151dee9bd8..6864d951b5f 100644
--- a/iocore/cache/test/main.cc
+++ b/iocore/cache/test/main.cc
@@ -27,7 +27,7 @@
 
 #include 
 
-#define THREADS 1
+#define THREADS        1
 #define DIAGS_LOG_FILE "diags.log"
 
 // Create a new temp directory and return it
@@ -177,9 +177,9 @@ generate_key(HTTPInfo &info)
 void
 CacheWriteTest::fill_data()
 {
-  size_t size = std::min(WRITE_LIMIT, this->_size);
-  auto n      = this->_write_buffer->write(this->_cursor, size);
-  this->_size -= n;
+  size_t size   = std::min(WRITE_LIMIT, this->_size);
+  auto n        = this->_write_buffer->write(this->_cursor, size);
+  this->_size   -= n;
   this->_cursor += n;
 }
 
diff --git a/iocore/cache/test/stub.cc b/iocore/cache/test/stub.cc
index 78ffe2f75fe..cad02ab6dcd 100644
--- a/iocore/cache/test/stub.cc
+++ b/iocore/cache/test/stub.cc
@@ -51,6 +51,13 @@ APIHook::invoke(int, void *) const
   return 0;
 }
 
+int
+APIHook::blocking_invoke(int, void *) const
+{
+  ink_assert(false);
+  return 0;
+}
+
 APIHook *
 APIHook::next() const
 {
diff --git a/iocore/dns/DNS.cc b/iocore/dns/DNS.cc
index f47c702af93..4fa421011c8 100644
--- a/iocore/dns/DNS.cc
+++ b/iocore/dns/DNS.cc
@@ -26,10 +26,10 @@
 
 #include "I_SplitDNS.h"
 
-#define SRV_COST (RRFIXEDSZ + 0)
-#define SRV_WEIGHT (RRFIXEDSZ + 2)
-#define SRV_PORT (RRFIXEDSZ + 4)
-#define SRV_SERVER (RRFIXEDSZ + 6)
+#define SRV_COST    (RRFIXEDSZ + 0)
+#define SRV_WEIGHT  (RRFIXEDSZ + 2)
+#define SRV_PORT    (RRFIXEDSZ + 4)
+#define SRV_SERVER  (RRFIXEDSZ + 6)
 #define SRV_FIXEDSZ (RRFIXEDSZ + 6)
 
 EventType ET_DNS = ET_CALL;
@@ -1135,7 +1135,7 @@ DNSHandler::get_query_id()
         return q1;
       }
     }
-    i <<= 6;
+    i  <<= 6;
     q2 &= 0x3F;
     while (query_id_in_use(i + q2)) {
       ++q2;
@@ -1662,8 +1662,8 @@ dns_process(DNSHandler *handler, HostEnt *buf, int len)
         n = rname_len + 1;
       }
       buf->ent.h_name = reinterpret_cast(bp);
-      bp += n;
-      buflen -= n;
+      bp              += n;
+      buflen          -= n;
     }
     //
     // Configure HostEnt data structure
@@ -1701,7 +1701,7 @@ dns_process(DNSHandler *handler, HostEnt *buf, int len)
     if (e->qtype == T_SRV) {
       for (int ctr = ntohs(h->qdcount); ctr > 0; ctr--) {
         int strlen = dn_skipname(here, eom);
-        here += strlen + QFIXEDSZ;
+        here       += strlen + QFIXEDSZ;
       }
     }
     //
@@ -1737,18 +1737,18 @@ dns_process(DNSHandler *handler, HostEnt *buf, int len)
           ++error;
           break;
         }
-        cp += n;
-        *ap++ = bp;
-        n     = strlen(reinterpret_cast(bp)) + 1;
-        bp += n;
+        cp     += n;
+        *ap++  = bp;
+        n      = strlen(reinterpret_cast(bp)) + 1;
+        bp     += n;
         buflen -= n;
-        n = strlen(reinterpret_cast(tbuf)) + 1;
+        n      = strlen(reinterpret_cast(tbuf)) + 1;
         if (n > buflen) {
           ++error;
           break;
         }
         ink_strlcpy(reinterpret_cast(bp), reinterpret_cast(tbuf), buflen);
-        bp += n;
+        bp     += n;
         buflen -= n;
         if (is_debug_tag_set("dns")) {
           switch (type) {
@@ -1779,27 +1779,27 @@ dns_process(DNSHandler *handler, HostEnt *buf, int len)
         if (!answer) {
           buf->ent.h_name = reinterpret_cast(bp);
           Debug("dns", "received PTR name = %s", bp);
-          n = strlen(reinterpret_cast(bp)) + 1;
-          bp += n;
+          n      = strlen(reinterpret_cast(bp)) + 1;
+          bp     += n;
           buflen -= n;
         } else if (ap < &buf->host_aliases[DNS_MAX_ALIASES - 1]) {
           *ap++ = bp;
           Debug("dns", "received PTR alias = %s", bp);
-          n = strlen(reinterpret_cast(bp)) + 1;
-          bp += n;
+          n      = strlen(reinterpret_cast(bp)) + 1;
+          bp     += n;
           buflen -= n;
         }
       } else if (type == T_SRV) {
         if (buf->srv_hosts.hosts.size() >= hostdb_round_robin_max_count) {
           break;
         }
-        cp         = here; /* hack */
-        int strlen = dn_skipname(cp, eom);
-        cp += strlen;
+        cp                           = here; /* hack */
+        int strlen                   = dn_skipname(cp, eom);
+        cp                           += strlen;
         const unsigned char *srv_off = cp;
-        cp += SRV_FIXEDSZ;
-        cp += dn_skipname(cp, eom);
-        here = cp; /* hack */
+        cp                           += SRV_FIXEDSZ;
+        cp                           += dn_skipname(cp, eom);
+        here                         = cp; /* hack */
 
         SRV srv;
 
@@ -1837,13 +1837,13 @@ dns_process(DNSHandler *handler, HostEnt *buf, int len)
           buf->ent.h_name     = reinterpret_cast(bp);
           nn                  = strlen(reinterpret_cast(bp)) + 1;
           Debug("dns", "received %s name = %s", QtypeName(type), bp);
-          bp += nn;
+          bp     += nn;
           buflen -= nn;
         }
         // attempt to use the original buffer (if it is word aligned)
         if (!(((uintptr_t)cp) % sizeof(unsigned int))) {
           *hap++ = cp;
-          cp += n;
+          cp     += n;
         } else {
           ip_text_buffer ip_string;
           bp = static_cast(align_pointer_forward(bp, sizeof(int)));
diff --git a/iocore/dns/DNSConnection.cc b/iocore/dns/DNSConnection.cc
index fcd6655a84e..12e83f82ffb 100644
--- a/iocore/dns/DNSConnection.cc
+++ b/iocore/dns/DNSConnection.cc
@@ -39,7 +39,7 @@
 // #define RECV_BUF_SIZE            (1024*64)
 // #define SEND_BUF_SIZE            (1024*64)
 #define FIRST_RANDOM_PORT (16000)
-#define LAST_RANDOM_PORT (60000)
+#define LAST_RANDOM_PORT  (60000)
 
 DNSConnection::Options const DNSConnection::DEFAULT_OPTIONS;
 
diff --git a/iocore/dns/P_DNSProcessor.h b/iocore/dns/P_DNSProcessor.h
index 9abc1d71ab0..cea47f5de6e 100644
--- a/iocore/dns/P_DNSProcessor.h
+++ b/iocore/dns/P_DNSProcessor.h
@@ -26,20 +26,20 @@
 #include "I_EventSystem.h"
 #include "tscore/PendingAction.h"
 
-#define MAX_NAMED 32
-#define DEFAULT_DNS_RETRIES 5
-#define MAX_DNS_RETRIES 9
-#define DEFAULT_DNS_TIMEOUT 30
-#define MAX_DNS_IN_FLIGHT 2048
+#define MAX_NAMED                       32
+#define DEFAULT_DNS_RETRIES             5
+#define MAX_DNS_RETRIES                 9
+#define DEFAULT_DNS_TIMEOUT             30
+#define MAX_DNS_IN_FLIGHT               2048
 #define MAX_DNS_TCP_CONTINUOUS_FAILURES 10
-#define DEFAULT_FAILOVER_NUMBER (DEFAULT_DNS_RETRIES + 1)
-#define DEFAULT_FAILOVER_PERIOD (DEFAULT_DNS_TIMEOUT + 30)
+#define DEFAULT_FAILOVER_NUMBER         (DEFAULT_DNS_RETRIES + 1)
+#define DEFAULT_FAILOVER_PERIOD         (DEFAULT_DNS_TIMEOUT + 30)
 // how many seconds before FAILOVER_PERIOD to try the primary with
 // a well known address
 #define DEFAULT_FAILOVER_TRY_PERIOD (DEFAULT_DNS_TIMEOUT + 1)
-#define DEFAULT_DNS_SEARCH 1
-#define FAILOVER_SOON_RETRY 5
-#define NO_NAMESERVER_SELECTED -1
+#define DEFAULT_DNS_SEARCH          1
+#define FAILOVER_SOON_RETRY         5
+#define NO_NAMESERVER_SELECTED      -1
 
 //
 // Config
@@ -58,13 +58,13 @@ extern unsigned int dns_sequence_number;
 // Constants
 //
 
-#define DNS_PERIOD HRTIME_MSECONDS(100)
-#define DNS_DELAY_PERIOD HRTIME_MSECONDS(10)
+#define DNS_PERIOD                         HRTIME_MSECONDS(100)
+#define DNS_DELAY_PERIOD                   HRTIME_MSECONDS(10)
 #define DNS_SEQUENCE_NUMBER_RESTART_OFFSET 4000
-#define DNS_PRIMARY_RETRY_PERIOD HRTIME_SECONDS(5)
-#define DNS_PRIMARY_REOPEN_PERIOD HRTIME_SECONDS(60)
-#define BAD_DNS_RESULT (reinterpret_cast((uintptr_t)-1))
-#define DEFAULT_NUM_TRY_SERVER 8
+#define DNS_PRIMARY_RETRY_PERIOD           HRTIME_SECONDS(5)
+#define DNS_PRIMARY_REOPEN_PERIOD          HRTIME_SECONDS(60)
+#define BAD_DNS_RESULT                     (reinterpret_cast((uintptr_t)-1))
+#define DEFAULT_NUM_TRY_SERVER             8
 
 // these are from nameser.h
 #ifndef HFIXEDSZ
diff --git a/iocore/dns/SplitDNS.cc b/iocore/dns/SplitDNS.cc
index b993f1e7f51..23125e9f80c 100644
--- a/iocore/dns/SplitDNS.cc
+++ b/iocore/dns/SplitDNS.cc
@@ -407,7 +407,7 @@ SplitDNSRecord::ProcessDomainSrchList(char *val)
 
   for (int i = 0; i < numTok; i++) {
     const char *current = pTok[i];
-    int cnt             = sz += strlen(current);
+    int cnt = sz += strlen(current);
 
     if (MAXDNAME - 1 < sz) {
       break;
diff --git a/iocore/eventsystem/IOBuffer.cc b/iocore/eventsystem/IOBuffer.cc
index 805886dfab7..55e0c174910 100644
--- a/iocore/eventsystem/IOBuffer.cc
+++ b/iocore/eventsystem/IOBuffer.cc
@@ -123,7 +123,7 @@ MIOBuffer::write(IOBufferBlock const *b, int64_t alen, int64_t offset)
 
   while (b && len > 0) {
     int64_t max_bytes = b->read_avail();
-    max_bytes -= offset;
+    max_bytes         -= offset;
     if (max_bytes <= 0) {
       offset = -max_bytes;
       b      = b->next.get();
@@ -136,12 +136,12 @@ MIOBuffer::write(IOBufferBlock const *b, int64_t alen, int64_t offset)
       bytes = len;
     }
     IOBufferBlock *bb = b->clone();
-    bb->_start += offset;
+    bb->_start        += offset;
     bb->_buf_end = bb->_end = bb->_start + bytes;
     append_block(bb);
     offset = 0;
-    len -= bytes;
-    b = b->next.get();
+    len    -= bytes;
+    b      = b->next.get();
   }
 
   return alen - len;
@@ -184,10 +184,10 @@ IOBufferReader::read(void *ab, int64_t len)
     }
     ::memcpy(b, start(), l);
     consume(l);
-    b += l;
-    n -= l;
+    b     += l;
+    n     -= l;
     bytes += l;
-    l = block_read_avail();
+    l     = block_read_avail();
   }
   return bytes;
 }
@@ -197,12 +197,12 @@ int64_t
 IOBufferReader::memchr(char c, int64_t len, int64_t offset)
 {
   IOBufferBlock *b = block.get();
-  offset += start_offset;
-  int64_t o = offset;
+  offset           += start_offset;
+  int64_t o        = offset;
 
   while (b && len) {
     int64_t max_bytes = b->read_avail();
-    max_bytes -= offset;
+    max_bytes         -= offset;
     if (max_bytes <= 0) {
       offset = -max_bytes;
       b      = b->next.get();
@@ -219,8 +219,8 @@ IOBufferReader::memchr(char c, int64_t len, int64_t offset)
     if (p) {
       return static_cast(o - start_offset + p - s);
     }
-    o += bytes;
-    len -= bytes;
+    o      += bytes;
+    len    -= bytes;
     b      = b->next.get();
     offset = 0;
   }
@@ -233,11 +233,11 @@ IOBufferReader::memcpy(void *ap, int64_t len, int64_t offset)
 {
   char *p          = static_cast(ap);
   IOBufferBlock *b = block.get();
-  offset += start_offset;
+  offset           += start_offset;
 
   while (b && len) {
     int64_t max_bytes = b->read_avail();
-    max_bytes -= offset;
+    max_bytes         -= offset;
     if (max_bytes <= 0) {
       offset = -max_bytes;
       b      = b->next.get();
@@ -250,8 +250,8 @@ IOBufferReader::memcpy(void *ap, int64_t len, int64_t offset)
       bytes = len;
     }
     ::memcpy(p, b->start() + offset, bytes);
-    p += bytes;
-    len -= bytes;
+    p      += bytes;
+    len    -= bytes;
     b      = b->next.get();
     offset = 0;
   }
@@ -277,7 +277,7 @@ IOBufferChain::write(IOBufferBlock *blocks, int64_t length, int64_t offset)
       if (offset) {
         bb->consume(offset);
         block_bytes -= offset; // bytes really available to use.
-        offset = 0;
+        offset      = 0;
       }
       if (block_bytes > n) {
         bb->_end -= (block_bytes - n);
@@ -290,7 +290,7 @@ IOBufferChain::write(IOBufferBlock *blocks, int64_t length, int64_t offset)
   }
 
   length -= n; // actual bytes written to chain.
-  _len += length;
+  _len   += length;
   return length;
 }
 
@@ -334,8 +334,8 @@ IOBufferChain::consume(int64_t size)
   while (_head != nullptr && size > 0 && (bytes = _head->read_avail()) > 0) {
     if (size >= bytes) {
       _head = _head->next;
-      zret += bytes;
-      size -= bytes;
+      zret  += bytes;
+      size  -= bytes;
     } else {
       _head->consume(size);
       zret += size;
diff --git a/iocore/eventsystem/I_Action.h b/iocore/eventsystem/I_Action.h
index 659f2b54ad3..643f9a017f6 100644
--- a/iocore/eventsystem/I_Action.h
+++ b/iocore/eventsystem/I_Action.h
@@ -199,7 +199,7 @@ class Action
 };
 
 #define ACTION_RESULT_DONE MAKE_ACTION_RESULT(1)
-#define ACTION_IO_ERROR MAKE_ACTION_RESULT(2)
+#define ACTION_IO_ERROR    MAKE_ACTION_RESULT(2)
 
 // Use these classes by
 // #define ACTION_RESULT_HOST_DB_OFFLINE
diff --git a/iocore/eventsystem/I_Continuation.h b/iocore/eventsystem/I_Continuation.h
index 8493995f3c5..b32605b4deb 100644
--- a/iocore/eventsystem/I_Continuation.h
+++ b/iocore/eventsystem/I_Continuation.h
@@ -84,7 +84,8 @@ continuation_handler_void_ptr(int (C::*fp)(int, T *))
 
 // Overload for nullptr.
 //
-constexpr ContinuationHandler continuation_handler_void_ptr(std::nullptr_t)
+constexpr ContinuationHandler
+continuation_handler_void_ptr(std::nullptr_t)
 {
 #undef X
 #if !defined(__GNUC__)
diff --git a/iocore/eventsystem/I_EThread.h b/iocore/eventsystem/I_EThread.h
index 91d0ca1c64a..34b14f1635a 100644
--- a/iocore/eventsystem/I_EThread.h
+++ b/iocore/eventsystem/I_EThread.h
@@ -48,6 +48,7 @@ class PreWarmQueue;
 
 class Event;
 class Continuation;
+class ConnectingPool;
 
 enum ThreadType {
   REGULAR = 0,
@@ -301,7 +302,7 @@ class EThread : public Thread
   EThread();
   EThread(ThreadType att, int anid);
   EThread(ThreadType att, Event *e);
-  EThread(const EThread &) = delete;
+  EThread(const EThread &)            = delete;
   EThread &operator=(const EThread &) = delete;
   ~EThread() override;
 
@@ -354,6 +355,7 @@ class EThread : public Thread
 
   ServerSessionPool *server_session_pool = nullptr;
   PreWarmQueue *prewarm_queue            = nullptr;
+  ConnectingPool *connecting_pool        = nullptr;
 
   /** Default handler used until it is overridden.
 
diff --git a/iocore/eventsystem/I_Event.h b/iocore/eventsystem/I_Event.h
index 10aad0ae518..bca99164dd2 100644
--- a/iocore/eventsystem/I_Event.h
+++ b/iocore/eventsystem/I_Event.h
@@ -35,58 +35,58 @@
 
 // Events
 
-#define EVENT_NONE CONTINUATION_EVENT_NONE // 0
+#define EVENT_NONE      CONTINUATION_EVENT_NONE // 0
 #define EVENT_IMMEDIATE 1
-#define EVENT_INTERVAL 2
-#define EVENT_ERROR 3
-#define EVENT_CALL 4 // used internally in state machines
-#define EVENT_POLL 5 // negative event; activated on poll or epoll
+#define EVENT_INTERVAL  2
+#define EVENT_ERROR     3
+#define EVENT_CALL      4 // used internally in state machines
+#define EVENT_POLL      5 // negative event; activated on poll or epoll
 
 // Event callback return functions
 
-#define EVENT_DONE CONTINUATION_DONE // 0
-#define EVENT_CONT CONTINUATION_CONT // 1
-#define EVENT_RETURN 5
-#define EVENT_RESTART 6
+#define EVENT_DONE            CONTINUATION_DONE // 0
+#define EVENT_CONT            CONTINUATION_CONT // 1
+#define EVENT_RETURN          5
+#define EVENT_RESTART         6
 #define EVENT_RESTART_DELAYED 7
 
 // Event numbers block allocation
 // ** ALL NEW EVENT TYPES SHOULD BE ALLOCATED FROM BLOCKS LISTED HERE! **
 
-#define VC_EVENT_EVENTS_START 100
-#define NET_EVENT_EVENTS_START 200
-#define DISK_EVENT_EVENTS_START 300
-#define HOSTDB_EVENT_EVENTS_START 500
-#define DNS_EVENT_EVENTS_START 600
-#define CONFIG_EVENT_EVENTS_START 800
-#define LOG_EVENT_EVENTS_START 900
-#define REFCOUNT_CACHE_EVENT_EVENTS_START 1000
-#define CACHE_EVENT_EVENTS_START 1100
-#define CACHE_DIRECTORY_EVENT_EVENTS_START 1200
-#define CACHE_DB_EVENT_EVENTS_START 1300
-#define HTTP_NET_CONNECTION_EVENT_EVENTS_START 1400
+#define VC_EVENT_EVENTS_START                   100
+#define NET_EVENT_EVENTS_START                  200
+#define DISK_EVENT_EVENTS_START                 300
+#define HOSTDB_EVENT_EVENTS_START               500
+#define DNS_EVENT_EVENTS_START                  600
+#define CONFIG_EVENT_EVENTS_START               800
+#define LOG_EVENT_EVENTS_START                  900
+#define REFCOUNT_CACHE_EVENT_EVENTS_START       1000
+#define CACHE_EVENT_EVENTS_START                1100
+#define CACHE_DIRECTORY_EVENT_EVENTS_START      1200
+#define CACHE_DB_EVENT_EVENTS_START             1300
+#define HTTP_NET_CONNECTION_EVENT_EVENTS_START  1400
 #define HTTP_NET_VCONNECTION_EVENT_EVENTS_START 1500
-#define GC_EVENT_EVENTS_START 1600
-#define TRANSFORM_EVENTS_START 2000
-#define STAT_PAGES_EVENTS_START 2100
-#define HTTP_SESSION_EVENTS_START 2200
-#define HTTP2_SESSION_EVENTS_START 2250
-#define HTTP_TUNNEL_EVENTS_START 2300
-#define HTTP_SCH_UPDATE_EVENTS_START 2400
-#define QUIC_EVENT_EVENTS_START 2500
-#define HTTP3_SESSION_EVENTS_START 2600
-#define QPACK_EVENT_EVENTS_START 2700
-#define NT_ASYNC_CONNECT_EVENT_EVENTS_START 3000
-#define NT_ASYNC_IO_EVENT_EVENTS_START 3100
-#define RAFT_EVENT_EVENTS_START 3200
-#define SIMPLE_EVENT_EVENTS_START 3300
-#define UPDATE_EVENT_EVENTS_START 3500
-#define AIO_EVENT_EVENTS_START 3900
-#define BLOCK_CACHE_EVENT_EVENTS_START 4000
-#define UTILS_EVENT_EVENTS_START 5000
-#define INK_API_EVENT_EVENTS_START 60000
-#define SRV_EVENT_EVENTS_START 62000
-#define REMAP_EVENT_EVENTS_START 63000
+#define GC_EVENT_EVENTS_START                   1600
+#define TRANSFORM_EVENTS_START                  2000
+#define STAT_PAGES_EVENTS_START                 2100
+#define HTTP_SESSION_EVENTS_START               2200
+#define HTTP2_SESSION_EVENTS_START              2250
+#define HTTP_TUNNEL_EVENTS_START                2300
+#define HTTP_SCH_UPDATE_EVENTS_START            2400
+#define QUIC_EVENT_EVENTS_START                 2500
+#define HTTP3_SESSION_EVENTS_START              2600
+#define QPACK_EVENT_EVENTS_START                2700
+#define NT_ASYNC_CONNECT_EVENT_EVENTS_START     3000
+#define NT_ASYNC_IO_EVENT_EVENTS_START          3100
+#define RAFT_EVENT_EVENTS_START                 3200
+#define SIMPLE_EVENT_EVENTS_START               3300
+#define UPDATE_EVENT_EVENTS_START               3500
+#define AIO_EVENT_EVENTS_START                  3900
+#define BLOCK_CACHE_EVENT_EVENTS_START          4000
+#define UTILS_EVENT_EVENTS_START                5000
+#define INK_API_EVENT_EVENTS_START              60000
+#define SRV_EVENT_EVENTS_START                  62000
+#define REMAP_EVENT_EVENTS_START                63000
 
 // define misc events here
 #define ONE_WAY_TUNNEL_EVENT_PEER_CLOSE (SIMPLE_EVENT_EVENTS_START + 1)
@@ -209,11 +209,11 @@ class Event : public Action
 
   EThread *ethread = nullptr;
 
-  unsigned int in_the_prot_queue : 1;
+  unsigned int in_the_prot_queue     : 1;
   unsigned int in_the_priority_queue : 1;
-  unsigned int immediate : 1;
-  unsigned int globally_allocated : 1;
-  unsigned int in_heap : 4;
+  unsigned int immediate             : 1;
+  unsigned int globally_allocated    : 1;
+  unsigned int in_heap               : 4;
   int callback_event = 0;
 
   ink_hrtime timeout_at = 0;
@@ -238,7 +238,7 @@ class Event : public Action
 #endif
 
   // noncopyable: prevent unauthorized copies (Not implemented)
-  Event(const Event &) = delete;
+  Event(const Event &)            = delete;
   Event &operator=(const Event &) = delete;
 
 private:
diff --git a/iocore/eventsystem/I_EventProcessor.h b/iocore/eventsystem/I_EventProcessor.h
index 5d21102e9da..26c1a78632a 100644
--- a/iocore/eventsystem/I_EventProcessor.h
+++ b/iocore/eventsystem/I_EventProcessor.h
@@ -247,7 +247,7 @@ class EventProcessor : public Processor
 
   EventProcessor();
   ~EventProcessor() override;
-  EventProcessor(const EventProcessor &) = delete;
+  EventProcessor(const EventProcessor &)            = delete;
   EventProcessor &operator=(const EventProcessor &) = delete;
 
   /**
diff --git a/iocore/eventsystem/I_IOBuffer.h b/iocore/eventsystem/I_IOBuffer.h
index b179d8051d4..cdf1d8d1cdc 100644
--- a/iocore/eventsystem/I_IOBuffer.h
+++ b/iocore/eventsystem/I_IOBuffer.h
@@ -58,11 +58,11 @@ enum AllocType {
   DEFAULT_ALLOC,
 };
 
-#define DEFAULT_BUFFER_NUMBER 128
-#define DEFAULT_HUGE_BUFFER_NUMBER 32
-#define MAX_MIOBUFFER_READERS 5
-#define DEFAULT_BUFFER_ALIGNMENT 8192 // should be disk/page size
-#define DEFAULT_BUFFER_BASE_SIZE 128
+#define DEFAULT_BUFFER_NUMBER               128
+#define DEFAULT_HUGE_BUFFER_NUMBER          32
+#define MAX_MIOBUFFER_READERS               5
+#define DEFAULT_BUFFER_ALIGNMENT            8192 // should be disk/page size
+#define DEFAULT_BUFFER_BASE_SIZE            128
 #define DEFAULT_PLUGIN_VC_BUFFER_WATER_MARK 0 // ensure we retain existing behavior
 
 ////////////////////////////////////////////////
@@ -71,43 +71,43 @@ enum AllocType {
 // still work if it uses BUFFER_SIZE_INDEX_2K //
 // instead.                                   //
 ////////////////////////////////////////////////
-#define BUFFER_SIZE_INDEX_128 0
-#define BUFFER_SIZE_INDEX_256 1
-#define BUFFER_SIZE_INDEX_512 2
-#define BUFFER_SIZE_INDEX_1K 3
-#define BUFFER_SIZE_INDEX_2K 4
-#define BUFFER_SIZE_INDEX_4K 5
-#define BUFFER_SIZE_INDEX_8K 6
-#define BUFFER_SIZE_INDEX_16K 7
-#define BUFFER_SIZE_INDEX_32K 8
-#define BUFFER_SIZE_INDEX_64K 9
+#define BUFFER_SIZE_INDEX_128  0
+#define BUFFER_SIZE_INDEX_256  1
+#define BUFFER_SIZE_INDEX_512  2
+#define BUFFER_SIZE_INDEX_1K   3
+#define BUFFER_SIZE_INDEX_2K   4
+#define BUFFER_SIZE_INDEX_4K   5
+#define BUFFER_SIZE_INDEX_8K   6
+#define BUFFER_SIZE_INDEX_16K  7
+#define BUFFER_SIZE_INDEX_32K  8
+#define BUFFER_SIZE_INDEX_64K  9
 #define BUFFER_SIZE_INDEX_128K 10
 #define BUFFER_SIZE_INDEX_256K 11
 #define BUFFER_SIZE_INDEX_512K 12
-#define BUFFER_SIZE_INDEX_1M 13
-#define BUFFER_SIZE_INDEX_2M 14
-#define MAX_BUFFER_SIZE_INDEX 14
-#define DEFAULT_BUFFER_SIZES (MAX_BUFFER_SIZE_INDEX + 1)
+#define BUFFER_SIZE_INDEX_1M   13
+#define BUFFER_SIZE_INDEX_2M   14
+#define MAX_BUFFER_SIZE_INDEX  14
+#define DEFAULT_BUFFER_SIZES   (MAX_BUFFER_SIZE_INDEX + 1)
 
 #define BUFFER_SIZE_FOR_INDEX(_i) (DEFAULT_BUFFER_BASE_SIZE * (1 << (_i)))
 #define DEFAULT_SMALL_BUFFER_SIZE BUFFER_SIZE_INDEX_512
 #define DEFAULT_LARGE_BUFFER_SIZE BUFFER_SIZE_INDEX_4K
-#define DEFAULT_TS_BUFFER_SIZE BUFFER_SIZE_INDEX_8K
-#define DEFAULT_MAX_BUFFER_SIZE BUFFER_SIZE_FOR_INDEX(MAX_BUFFER_SIZE_INDEX)
-#define MIN_IOBUFFER_SIZE BUFFER_SIZE_INDEX_128
-#define MAX_IOBUFFER_SIZE (DEFAULT_BUFFER_SIZES - 1)
+#define DEFAULT_TS_BUFFER_SIZE    BUFFER_SIZE_INDEX_8K
+#define DEFAULT_MAX_BUFFER_SIZE   BUFFER_SIZE_FOR_INDEX(MAX_BUFFER_SIZE_INDEX)
+#define MIN_IOBUFFER_SIZE         BUFFER_SIZE_INDEX_128
+#define MAX_IOBUFFER_SIZE         (DEFAULT_BUFFER_SIZES - 1)
 
 #define BUFFER_SIZE_ALLOCATED(_i) (BUFFER_SIZE_INDEX_IS_FAST_ALLOCATED(_i) || BUFFER_SIZE_INDEX_IS_XMALLOCED(_i))
 
-#define BUFFER_SIZE_NOT_ALLOCATED DEFAULT_BUFFER_SIZES
-#define BUFFER_SIZE_INDEX_IS_XMALLOCED(_size_index) (_size_index < 0)
+#define BUFFER_SIZE_NOT_ALLOCATED                        DEFAULT_BUFFER_SIZES
+#define BUFFER_SIZE_INDEX_IS_XMALLOCED(_size_index)      (_size_index < 0)
 #define BUFFER_SIZE_INDEX_IS_FAST_ALLOCATED(_size_index) (((uint64_t)_size_index) < DEFAULT_BUFFER_SIZES)
-#define BUFFER_SIZE_INDEX_IS_CONSTANT(_size_index) (_size_index >= DEFAULT_BUFFER_SIZES)
+#define BUFFER_SIZE_INDEX_IS_CONSTANT(_size_index)       (_size_index >= DEFAULT_BUFFER_SIZES)
 
-#define BUFFER_SIZE_FOR_XMALLOC(_size) (-(_size))
+#define BUFFER_SIZE_FOR_XMALLOC(_size)            (-(_size))
 #define BUFFER_SIZE_INDEX_FOR_XMALLOC_SIZE(_size) (-(_size))
 
-#define BUFFER_SIZE_FOR_CONSTANT(_size) (_size - DEFAULT_BUFFER_SIZES)
+#define BUFFER_SIZE_FOR_CONSTANT(_size)            (_size - DEFAULT_BUFFER_SIZES)
 #define BUFFER_SIZE_INDEX_FOR_CONSTANT_SIZE(_size) (_size + DEFAULT_BUFFER_SIZES)
 
 extern FreelistAllocator ioBufAllocator[DEFAULT_BUFFER_SIZES];
@@ -235,7 +235,7 @@ class IOBufferData : public RefCountObj
   IOBufferData() : _size_index(BUFFER_SIZE_NOT_ALLOCATED) {}
 
   // noncopyable, declaration only
-  IOBufferData(const IOBufferData &) = delete;
+  IOBufferData(const IOBufferData &)            = delete;
   IOBufferData &operator=(const IOBufferData &) = delete;
 };
 
@@ -478,7 +478,7 @@ class IOBufferBlock : public RefCountObj
   IOBufferBlock();
 
   // noncopyable
-  IOBufferBlock(const IOBufferBlock &) = delete;
+  IOBufferBlock(const IOBufferBlock &)            = delete;
   IOBufferBlock &operator=(const IOBufferBlock &) = delete;
 };
 
@@ -1280,7 +1280,7 @@ struct MIOBufferAccessor {
 #endif
 
   // noncopyable
-  MIOBufferAccessor(const MIOBufferAccessor &) = delete;
+  MIOBufferAccessor(const MIOBufferAccessor &)            = delete;
   MIOBufferAccessor &operator=(const MIOBufferAccessor &) = delete;
 
 private:
@@ -1319,7 +1319,7 @@ class Empty_MIOBuffer_tracker
 };
 
 /// MIOBuffer allocator/deallocator
-#define new_MIOBuffer MIOBuffer_tracker(RES_PATH("memory/IOBuffer/"))
+#define new_MIOBuffer       MIOBuffer_tracker(RES_PATH("memory/IOBuffer/"))
 #define new_empty_MIOBuffer Empty_MIOBuffer_tracker(RES_PATH("memory/IOBuffer/"))
 extern void free_MIOBuffer(MIOBuffer *mio);
 //////////////////////////////////////////////////////////////////////
@@ -1368,7 +1368,7 @@ class IOBufferData_tracker
 };
 
 // TODO: remove new_xmalloc_IOBufferData. Because ats_xmalloc() doesn't exist anymore.
-#define new_IOBufferData IOBufferData_tracker(RES_PATH("memory/IOBuffer/"))
+#define new_IOBufferData                  IOBufferData_tracker(RES_PATH("memory/IOBuffer/"))
 #define new_xmalloc_IOBufferData(b, size) new_xmalloc_IOBufferData_internal(RES_PATH("memory/IOBuffer/"), (b), (size))
 
 extern int64_t iobuffer_size_to_index(int64_t size, int64_t max);
@@ -1414,7 +1414,7 @@ IOBufferChain::operator+=(self_type const &that)
   else {
     _tail->next = that._head;
     _tail       = that._tail;
-    _len += that._len;
+    _len        += that._len;
   }
   return *this;
 }
diff --git a/iocore/eventsystem/I_Lock.h b/iocore/eventsystem/I_Lock.h
index 7efa45f462c..1dcaf55626c 100644
--- a/iocore/eventsystem/I_Lock.h
+++ b/iocore/eventsystem/I_Lock.h
@@ -27,7 +27,7 @@
 #include "tscore/Diags.h"
 #include "I_Thread.h"
 
-#define MAX_LOCK_TIME HRTIME_MSECONDS(200)
+#define MAX_LOCK_TIME               HRTIME_MSECONDS(200)
 #define THREAD_MUTEX_THREAD_HOLDING (-1024 * 1024)
 
 /*------------------------------------------------------*\
@@ -111,10 +111,10 @@
 #endif
 
 #ifdef DEBUG
-#define MUTEX_TAKE_LOCK(_m, _t) Mutex_lock(MakeSourceLocation(), (char *)nullptr, _m, _t)
+#define MUTEX_TAKE_LOCK(_m, _t)         Mutex_lock(MakeSourceLocation(), (char *)nullptr, _m, _t)
 #define MUTEX_TAKE_LOCK_FOR(_m, _t, _c) Mutex_lock(MakeSourceLocation(), nullptr, _m, _t)
 #else
-#define MUTEX_TAKE_LOCK(_m, _t) Mutex_lock(_m, _t)
+#define MUTEX_TAKE_LOCK(_m, _t)         Mutex_lock(_m, _t)
 #define MUTEX_TAKE_LOCK_FOR(_m, _t, _c) Mutex_lock(_m, _t)
 #endif // DEBUG
 
diff --git a/iocore/eventsystem/I_MIOBufferWriter.h b/iocore/eventsystem/I_MIOBufferWriter.h
index 08e29a75524..2c3d83ea161 100644
--- a/iocore/eventsystem/I_MIOBufferWriter.h
+++ b/iocore/eventsystem/I_MIOBufferWriter.h
@@ -123,11 +123,19 @@ class MIOBufferWriter : public ts::BufferWriter
 
   // Not useful in this derived class.
   //
-  self_type &clip(size_t) override { return *this; }
+  self_type &
+  clip(size_t) override
+  {
+    return *this;
+  }
 
   // Not useful in this derived class.
   //
-  self_type &extend(size_t) override { return *this; }
+  self_type &
+  extend(size_t) override
+  {
+    return *this;
+  }
 
   // This must not be called for this derived class.
   //
diff --git a/iocore/eventsystem/I_PriorityEventQueue.h b/iocore/eventsystem/I_PriorityEventQueue.h
index 4488123f4b1..ff507eae6cf 100644
--- a/iocore/eventsystem/I_PriorityEventQueue.h
+++ b/iocore/eventsystem/I_PriorityEventQueue.h
@@ -27,7 +27,7 @@
 #include "I_Event.h"
 
 // <5ms, 10, 20, 40, 80, 160, 320, 640, 1280, 2560, 5120
-#define N_PQ_LIST 10
+#define N_PQ_LIST          10
 #define PQ_BUCKET_TIME(_i) (HRTIME_MSECONDS(5) << (_i))
 
 class EThread;
diff --git a/iocore/eventsystem/I_Processor.h b/iocore/eventsystem/I_Processor.h
index 291c7386d3b..e24b4ac0f04 100644
--- a/iocore/eventsystem/I_Processor.h
+++ b/iocore/eventsystem/I_Processor.h
@@ -26,9 +26,9 @@
 
 #include "tscore/ink_platform.h"
 
-#define PROCESSOR_RECONFIGURE 0x01
-#define PROCESSOR_CHECK 0x02
-#define PROCESSOR_FIX 0x04
+#define PROCESSOR_RECONFIGURE   0x01
+#define PROCESSOR_CHECK         0x02
+#define PROCESSOR_FIX           0x04
 #define PROCESSOR_IGNORE_ERRORS 0x08
 
 class Processor;
@@ -107,7 +107,7 @@ class Processor
   }
 
   // noncopyable, prevent unauthorized copies (Not implemented)
-  Processor(const Processor &) = delete;
+  Processor(const Processor &)            = delete;
   Processor &operator=(const Processor &) = delete;
 
 protected:
diff --git a/iocore/eventsystem/I_ProxyAllocator.h b/iocore/eventsystem/I_ProxyAllocator.h
index a94c589b1fa..a5320de7447 100644
--- a/iocore/eventsystem/I_ProxyAllocator.h
+++ b/iocore/eventsystem/I_ProxyAllocator.h
@@ -50,7 +50,7 @@ struct ProxyAllocator {
 
 template 
 typename CAlloc::Value_type *
-thread_alloc(CAlloc &a, ProxyAllocator &l, Args &&... args)
+thread_alloc(CAlloc &a, ProxyAllocator &l, Args &&...args)
 {
   if (!cmd_disable_pfreelist && l.freelist) {
     void *v    = l.freelist;
@@ -70,14 +70,14 @@ void thread_freeup(Allocator &a, ProxyAllocator &l);
 
 // Potentially empty variable arguments -- non-standard GCC way
 //
-#define THREAD_ALLOC(_a, _t, ...) thread_alloc(::_a, _t->_a, ##__VA_ARGS__)
+#define THREAD_ALLOC(_a, _t, ...)      thread_alloc(::_a, _t->_a, ##__VA_ARGS__)
 #define THREAD_ALLOC_INIT(_a, _t, ...) thread_alloc(::_a, _t->_a, ##__VA_ARGS__)
 
 #else
 
 // Potentially empty variable arguments -- Standard C++20 way
 //
-#define THREAD_ALLOC(_a, _t, ...) thread_alloc(::_a, _t->_a __VA_OPT__(, ) __VA_ARGS__)
+#define THREAD_ALLOC(_a, _t, ...)      thread_alloc(::_a, _t->_a __VA_OPT__(, ) __VA_ARGS__)
 #define THREAD_ALLOC_INIT(_a, _t, ...) thread_alloc(::_a, _t->_a __VA_OPT__(, ) __VA_ARGS__)
 
 #endif
diff --git a/iocore/eventsystem/I_Thread.h b/iocore/eventsystem/I_Thread.h
index 844cfaeb01f..ae0616e1220 100644
--- a/iocore/eventsystem/I_Thread.h
+++ b/iocore/eventsystem/I_Thread.h
@@ -121,6 +121,7 @@ class Thread
   ProxyAllocator quicNetVCAllocator;
   ProxyAllocator http1ClientSessionAllocator;
   ProxyAllocator http2ClientSessionAllocator;
+  ProxyAllocator http2ServerSessionAllocator;
   ProxyAllocator http2StreamAllocator;
   ProxyAllocator httpSMAllocator;
   ProxyAllocator quicClientSessionAllocator;
@@ -170,7 +171,7 @@ class Thread
   */
   static ink_hrtime get_hrtime_updated();
 
-  Thread(const Thread &) = delete;
+  Thread(const Thread &)            = delete;
   Thread &operator=(const Thread &) = delete;
   virtual ~Thread();
 
diff --git a/iocore/eventsystem/I_VConnection.h b/iocore/eventsystem/I_VConnection.h
index bfbeb0c3b21..c60915e78af 100644
--- a/iocore/eventsystem/I_VConnection.h
+++ b/iocore/eventsystem/I_VConnection.h
@@ -36,8 +36,8 @@
 // Data Types
 //
 #define VCONNECTION_CACHE_DATA_BASE 0
-#define VCONNECTION_NET_DATA_BASE 100
-#define VCONNECTION_API_DATA_BASE 200
+#define VCONNECTION_NET_DATA_BASE   100
+#define VCONNECTION_API_DATA_BASE   200
 
 //
 // Event signals
@@ -57,7 +57,7 @@
 */
 #define VC_EVENT_WRITE_READY (VC_EVENT_EVENTS_START + 1)
 
-#define VC_EVENT_READ_COMPLETE (VC_EVENT_EVENTS_START + 2)
+#define VC_EVENT_READ_COMPLETE  (VC_EVENT_EVENTS_START + 2)
 #define VC_EVENT_WRITE_COMPLETE (VC_EVENT_EVENTS_START + 3)
 
 /**
@@ -398,7 +398,8 @@ struct DummyVConnection : public VConnection, public PluginUserArgsend(), data, writeSize);
     iobbPtr->fill(writeSize);
 
-    data += writeSize;
+    data   += writeSize;
     length -= writeSize;
 
     _numWritten += writeSize;
diff --git a/iocore/eventsystem/PQ-List.cc b/iocore/eventsystem/PQ-List.cc
index eeaec5a439d..ef611029f8c 100644
--- a/iocore/eventsystem/PQ-List.cc
+++ b/iocore/eventsystem/PQ-List.cc
@@ -37,7 +37,7 @@ PriorityEventQueue::check_ready(ink_hrtime now, EThread *t)
   uint32_t todo_buckets  = check_buckets ^ last_check_buckets;
   last_check_time        = now;
   last_check_buckets     = check_buckets;
-  todo_buckets &= ((1 << (N_PQ_LIST - 1)) - 1);
+  todo_buckets           &= ((1 << (N_PQ_LIST - 1)) - 1);
   while (todo_buckets) {
     k++;
     todo_buckets >>= 1;
diff --git a/iocore/eventsystem/P_IOBuffer.h b/iocore/eventsystem/P_IOBuffer.h
index a3193b60b00..f1ce0394587 100644
--- a/iocore/eventsystem/P_IOBuffer.h
+++ b/iocore/eventsystem/P_IOBuffer.h
@@ -94,7 +94,7 @@ iobufferblock_clone(IOBufferBlock *src, int64_t offset, int64_t len)
     }
 
     IOBufferBlock *new_buf = src->clone();
-    new_buf->_start += offset;
+    new_buf->_start        += offset;
     new_buf->_buf_end = new_buf->_end = new_buf->_start + bytes;
 
     if (!start_buf) {
@@ -105,7 +105,7 @@ iobufferblock_clone(IOBufferBlock *src, int64_t offset, int64_t len)
       current_buf       = new_buf;
     }
 
-    len -= bytes;
+    len    -= bytes;
     src    = src->next.get();
     offset = 0;
   }
@@ -132,8 +132,8 @@ iobufferblock_skip(IOBufferBlock *b, int64_t *poffset, int64_t *plen, int64_t wr
     }
 
     if (len >= max_bytes) {
-      b = b->next.get();
-      len -= max_bytes;
+      b      = b->next.get();
+      len    -= max_bytes;
       offset = 0;
     } else {
       offset = offset + len;
@@ -142,7 +142,7 @@ iobufferblock_skip(IOBufferBlock *b, int64_t *poffset, int64_t *plen, int64_t wr
   }
 
   *poffset = offset;
-  *plen -= write;
+  *plen    -= write;
   return b;
 }
 
@@ -431,7 +431,7 @@ IOBufferReader::skip_empty_blocks()
 {
   while (block->next && block->next->read_avail() && start_offset >= block->size()) {
     start_offset -= block->size();
-    block = block->next;
+    block        = block->next;
   }
 }
 
@@ -564,7 +564,7 @@ IOBufferReader::consume(int64_t n)
   int64_t r = block->read_avail();
   int64_t s = start_offset;
   while (r <= s && block->next && block->next->read_avail()) {
-    s -= r;
+    s            -= r;
     start_offset = s;
     block        = block->next;
     r            = block->read_avail();
diff --git a/iocore/eventsystem/UnixEThread.cc b/iocore/eventsystem/UnixEThread.cc
index a4e4d45b97c..eeff1d93b6a 100644
--- a/iocore/eventsystem/UnixEThread.cc
+++ b/iocore/eventsystem/UnixEThread.cc
@@ -39,7 +39,7 @@
 
 struct AIOCallback;
 
-#define NO_HEARTBEAT -1
+#define NO_HEARTBEAT                  -1
 #define THREAD_MAX_HEARTBEAT_MSECONDS 60
 
 // !! THIS MUST BE IN THE ENUM ORDER !!
@@ -351,13 +351,13 @@ EThread::execute()
 EThread::Metrics::Slice &
 EThread::Metrics::Slice::operator+=(Slice const &that)
 {
-  this->_events._max = std::max(this->_events._max, that._events._max);
-  this->_events._min = std::min(this->_events._min, that._events._min);
+  this->_events._max   = std::max(this->_events._max, that._events._max);
+  this->_events._min   = std::min(this->_events._min, that._events._min);
   this->_events._total += that._events._total;
   this->_duration._min = std::min(this->_duration._min, that._duration._min);
   this->_duration._max = std::max(this->_duration._max, that._duration._max);
-  this->_count += that._count;
-  this->_wait += that._wait;
+  this->_count         += that._count;
+  this->_wait          += that._wait;
   return *this;
 }
 
@@ -389,6 +389,6 @@ EThread::Metrics::summarize(Metrics &global)
   // Only summarize if there's no outstanding decay.
   if (0 == _decay_count) {
     global._loop_timing += _loop_timing;
-    global._api_timing += _api_timing;
+    global._api_timing  += _api_timing;
   }
 }
diff --git a/iocore/eventsystem/unit_tests/test_EventSystem.cc b/iocore/eventsystem/unit_tests/test_EventSystem.cc
index 776724fad6a..37a056a787f 100644
--- a/iocore/eventsystem/unit_tests/test_EventSystem.cc
+++ b/iocore/eventsystem/unit_tests/test_EventSystem.cc
@@ -32,7 +32,7 @@
 #include "diags.i"
 
 #define TEST_TIME_SECOND 60
-#define TEST_THREADS 2
+#define TEST_THREADS     2
 
 TEST_CASE("EventSystem", "[iocore]")
 {
diff --git a/iocore/eventsystem/unit_tests/test_MIOBufferWriter.cc b/iocore/eventsystem/unit_tests/test_MIOBufferWriter.cc
index 622d4ac9d65..d0a0be2bc40 100644
--- a/iocore/eventsystem/unit_tests/test_MIOBufferWriter.cc
+++ b/iocore/eventsystem/unit_tests/test_MIOBufferWriter.cc
@@ -119,7 +119,7 @@ genData(int numBytes)
   std::string s(numBytes, ' ');
 
   for (int i{0}; i < numBytes; ++i) {
-    s[i] = genData;
+    s[i]    = genData;
     genData += 7;
   }
 
diff --git a/iocore/hostdb/HostDB.cc b/iocore/hostdb/HostDB.cc
index fadbf9b23d7..ee8511d27b3 100644
--- a/iocore/hostdb/HostDB.cc
+++ b/iocore/hostdb/HostDB.cc
@@ -2111,7 +2111,7 @@ HostDBRecord::alloc(TextView query_name, unsigned int rr_count, size_t srv_name_
   // where in our block of memory we are
   int offset = sizeof(self_type);
   memcpy(self->apply_offset(offset), query_name);
-  offset += qn_size;
+  offset          += qn_size;
   self->rr_offset = offset;
   self->rr_count  = rr_count;
   // Construct the info instances to a valid state.
@@ -2178,8 +2178,8 @@ HostDBRecord::select_best_srv(char *target, InkRand *rand, ts_time now, ts_secon
     }
 
     if (target.data.srv.srv_priority <= p) {
-      p = target.data.srv.srv_priority;
-      weight += target.data.srv.srv_weight;
+      p              = target.data.srv.srv_priority;
+      weight         += target.data.srv.srv_weight;
       live[live_n++] = ⌖
     } else {
       break;
diff --git a/iocore/hostdb/I_HostDBProcessor.h b/iocore/hostdb/I_HostDBProcessor.h
index 58397998adf..2d8c01ced54 100644
--- a/iocore/hostdb/I_HostDBProcessor.h
+++ b/iocore/hostdb/I_HostDBProcessor.h
@@ -40,12 +40,12 @@
 #include "SRV.h"
 
 // Event returned on a lookup
-#define EVENT_HOST_DB_LOOKUP (HOSTDB_EVENT_EVENTS_START + 0)
-#define EVENT_HOST_DB_IP_REMOVED (HOSTDB_EVENT_EVENTS_START + 1)
+#define EVENT_HOST_DB_LOOKUP       (HOSTDB_EVENT_EVENTS_START + 0)
+#define EVENT_HOST_DB_IP_REMOVED   (HOSTDB_EVENT_EVENTS_START + 1)
 #define EVENT_HOST_DB_GET_RESPONSE (HOSTDB_EVENT_EVENTS_START + 2)
 
-#define EVENT_SRV_LOOKUP (SRV_EVENT_EVENTS_START + 0)
-#define EVENT_SRV_IP_REMOVED (SRV_EVENT_EVENTS_START + 1)
+#define EVENT_SRV_LOOKUP       (SRV_EVENT_EVENTS_START + 0)
+#define EVENT_SRV_IP_REMOVED   (SRV_EVENT_EVENTS_START + 1)
 #define EVENT_SRV_GET_RESPONSE (SRV_EVENT_EVENTS_START + 2)
 
 //
@@ -105,10 +105,10 @@ class HostDBRecord;
 
 /// Information for an SRV record.
 struct SRVInfo {
-  unsigned int srv_offset : 16; ///< Memory offset from @c HostDBInfo to name.
-  unsigned int srv_weight : 16;
+  unsigned int srv_offset   : 16; ///< Memory offset from @c HostDBInfo to name.
+  unsigned int srv_weight   : 16;
   unsigned int srv_priority : 16;
-  unsigned int srv_port : 16;
+  unsigned int srv_port     : 16;
   unsigned int key;
 };
 
@@ -849,7 +849,8 @@ ResolveInfo::mark_active_server_dead(ts_time now)
   return active != nullptr && active->mark_down(now);
 }
 
-inline bool ResolveInfo::set_active(std::nullptr_t)
+inline bool
+ResolveInfo::set_active(std::nullptr_t)
 {
   active     = nullptr;
   resolved_p = false;
diff --git a/iocore/hostdb/P_HostDBProcessor.h b/iocore/hostdb/P_HostDBProcessor.h
index ad1fd1a9706..c3c9f217b78 100644
--- a/iocore/hostdb/P_HostDBProcessor.h
+++ b/iocore/hostdb/P_HostDBProcessor.h
@@ -85,7 +85,7 @@ extern const char *string_for(HostDBMark mark);
 //
 
 #define HOST_DB_HITS_BITS 3
-#define HOST_DB_TAG_BITS 56
+#define HOST_DB_TAG_BITS  56
 
 #define CONFIGURATION_HISTORY_PROBE_DEPTH 1
 
@@ -95,7 +95,7 @@ extern const char *string_for(HostDBMark mark);
 // 2.2: IP family split 2.1 : IPv6
 
 #define DEFAULT_HOST_DB_FILENAME "host.db"
-#define DEFAULT_HOST_DB_SIZE (1 << 14)
+#define DEFAULT_HOST_DB_SIZE     (1 << 14)
 // Timeout DNS every 24 hours by default if ttl_mode is enabled
 #define HOST_DB_IP_TIMEOUT (24 * 60 * 60)
 // DNS entries should be revalidated every 12 hours
@@ -103,7 +103,7 @@ extern const char *string_for(HostDBMark mark);
 // DNS entries which failed lookup, should be revalidated every hour
 #define HOST_DB_IP_FAIL_TIMEOUT (60 * 60)
 
-//#define HOST_DB_MAX_INTERVAL                 (0x7FFFFFFF)
+// #define HOST_DB_MAX_INTERVAL                 (0x7FFFFFFF)
 const unsigned int HOST_DB_MAX_TTL = (0x1FFFFF); // 24 days
 
 //
@@ -111,10 +111,10 @@ const unsigned int HOST_DB_MAX_TTL = (0x1FFFFF); // 24 days
 //
 
 // period to wait for a remote probe...
-#define HOST_DB_RETRY_PERIOD HRTIME_MSECONDS(20)
+#define HOST_DB_RETRY_PERIOD   HRTIME_MSECONDS(20)
 #define HOST_DB_ITERATE_PERIOD HRTIME_MSECONDS(5)
 
-//#define TEST(_x) _x
+// #define TEST(_x) _x
 #define TEST(_x)
 
 struct HostEnt;
@@ -248,7 +248,7 @@ struct HostDBContinuation : public Continuation {
   //  void *m_pDS;
   Action *pending_action = nullptr;
 
-  unsigned int missing : 1;
+  unsigned int missing   : 1;
   unsigned int force_dns : 1;
 
   int probeEvent(int event, Event *e);
diff --git a/iocore/hostdb/test_HostFile.cc b/iocore/hostdb/test_HostFile.cc
index ee002e8bac8..7b728c3f129 100644
--- a/iocore/hostdb/test_HostFile.cc
+++ b/iocore/hostdb/test_HostFile.cc
@@ -148,7 +148,7 @@ HostDBRecord::alloc(ts::TextView query_name, unsigned int rr_count, size_t srv_n
   // where in our block of memory we are
   int offset = sizeof(self_type);
   memcpy(self->apply_offset(offset), query_name);
-  offset += qn_size;
+  offset          += qn_size;
   self->rr_offset = offset;
   self->rr_count  = rr_count;
   // Construct the info instances to a valid state.
diff --git a/iocore/hostdb/test_RefCountCache.cc b/iocore/hostdb/test_RefCountCache.cc
index 7e9c7f0916e..331694e5e7b 100644
--- a/iocore/hostdb/test_RefCountCache.cc
+++ b/iocore/hostdb/test_RefCountCache.cc
@@ -138,7 +138,7 @@ testRefcounting()
 
   // Create and then immediately delete an item
   ExampleStruct *to_delete = ExampleStruct::alloc();
-  ret |= to_delete->refcount() != 0;
+  ret                      |= to_delete->refcount() != 0;
   cache->put(1, to_delete);
   ret |= to_delete->refcount() != 1;
   cache->erase(1);
@@ -147,7 +147,7 @@ testRefcounting()
 
   // Set an item in the cache
   ExampleStruct *tmp = ExampleStruct::alloc();
-  ret |= tmp->refcount() != 0;
+  ret                |= tmp->refcount() != 0;
   printf("ret=%d ref=%d\n", ret, tmp->refcount());
   cache->put(static_cast(1), tmp);
   ret |= tmp->refcount() != 1;
@@ -156,11 +156,11 @@ testRefcounting()
 
   // Grab a pointer to item 1
   Ptr ccitem = cache->get(static_cast(1));
-  ret |= tmp->refcount() != 2;
+  ret                       |= tmp->refcount() != 2;
   printf("ret=%d ref=%d\n", ret, tmp->refcount());
 
   Ptr tmpAfter = cache->get(static_cast(1));
-  ret |= tmp->refcount() != 3;
+  ret                         |= tmp->refcount() != 3;
   printf("ret=%d ref=%d\n", ret, tmp->refcount());
 
   // Delete a single item
@@ -187,7 +187,7 @@ testclear()
 
   // Create and then immediately delete an item
   ExampleStruct *item = ExampleStruct::alloc();
-  ret |= item->refcount() != 0;
+  ret                 |= item->refcount() != 0;
   cache->put(1, item);
   ret |= item->refcount() != 1;
   cache->clear();
diff --git a/iocore/net/BIO_fastopen.cc b/iocore/net/BIO_fastopen.cc
index f46d8e1c361..48e5abbe3fb 100644
--- a/iocore/net/BIO_fastopen.cc
+++ b/iocore/net/BIO_fastopen.cc
@@ -181,18 +181,20 @@ fastopen_ctrl(BIO *bio, int cmd, long larg, void *ptr)
 }
 
 #ifndef HAVE_BIO_METH_NEW
-static const BIO_METHOD fastopen_methods[] = {{
-  .type          = BIO_TYPE_SOCKET,
-  .name          = "fastopen",
-  .bwrite        = fastopen_bwrite,
-  .bread         = fastopen_bread,
-  .bputs         = nullptr,
-  .bgets         = nullptr,
-  .ctrl          = fastopen_ctrl,
-  .create        = fastopen_create,
-  .destroy       = fastopen_destroy,
-  .callback_ctrl = nullptr,
-}};
+static const BIO_METHOD fastopen_methods[] = {
+  {
+   .type          = BIO_TYPE_SOCKET,
+   .name          = "fastopen",
+   .bwrite        = fastopen_bwrite,
+   .bread         = fastopen_bread,
+   .bputs         = nullptr,
+   .bgets         = nullptr,
+   .ctrl          = fastopen_ctrl,
+   .create        = fastopen_create,
+   .destroy       = fastopen_destroy,
+   .callback_ctrl = nullptr,
+   }
+};
 #else
 static const BIO_METHOD *fastopen_methods = [] {
   BIO_METHOD *methods = BIO_meth_new(BIO_TYPE_SOCKET, "fastopen");
diff --git a/iocore/net/Connection.cc b/iocore/net/Connection.cc
index 3d60ebe6aac..9209d5733e2 100644
--- a/iocore/net/Connection.cc
+++ b/iocore/net/Connection.cc
@@ -41,7 +41,7 @@
 // #define RECV_BUF_SIZE            (1024*64)
 // #define SEND_BUF_SIZE            (1024*64)
 #define FIRST_RANDOM_PORT 16000
-#define LAST_RANDOM_PORT 32000
+#define LAST_RANDOM_PORT  32000
 
 int
 get_listen_backlog()
diff --git a/iocore/net/I_Net.h b/iocore/net/I_Net.h
index 93662583b3e..9a992d4b4c1 100644
--- a/iocore/net/I_Net.h
+++ b/iocore/net/I_Net.h
@@ -64,21 +64,21 @@ extern int net_throttle_delay;
 extern std::string_view net_ccp_in;
 extern std::string_view net_ccp_out;
 
-#define NET_EVENT_OPEN (NET_EVENT_EVENTS_START)
-#define NET_EVENT_OPEN_FAILED (NET_EVENT_EVENTS_START + 1)
-#define NET_EVENT_ACCEPT (NET_EVENT_EVENTS_START + 2)
-#define NET_EVENT_ACCEPT_SUCCEED (NET_EVENT_EVENTS_START + 3)
-#define NET_EVENT_ACCEPT_FAILED (NET_EVENT_EVENTS_START + 4)
-#define NET_EVENT_CANCEL (NET_EVENT_EVENTS_START + 5)
-#define NET_EVENT_DATAGRAM_READ_COMPLETE (NET_EVENT_EVENTS_START + 6)
-#define NET_EVENT_DATAGRAM_READ_ERROR (NET_EVENT_EVENTS_START + 7)
+#define NET_EVENT_OPEN                    (NET_EVENT_EVENTS_START)
+#define NET_EVENT_OPEN_FAILED             (NET_EVENT_EVENTS_START + 1)
+#define NET_EVENT_ACCEPT                  (NET_EVENT_EVENTS_START + 2)
+#define NET_EVENT_ACCEPT_SUCCEED          (NET_EVENT_EVENTS_START + 3)
+#define NET_EVENT_ACCEPT_FAILED           (NET_EVENT_EVENTS_START + 4)
+#define NET_EVENT_CANCEL                  (NET_EVENT_EVENTS_START + 5)
+#define NET_EVENT_DATAGRAM_READ_COMPLETE  (NET_EVENT_EVENTS_START + 6)
+#define NET_EVENT_DATAGRAM_READ_ERROR     (NET_EVENT_EVENTS_START + 7)
 #define NET_EVENT_DATAGRAM_WRITE_COMPLETE (NET_EVENT_EVENTS_START + 8)
-#define NET_EVENT_DATAGRAM_WRITE_ERROR (NET_EVENT_EVENTS_START + 9)
-#define NET_EVENT_DATAGRAM_READ_READY (NET_EVENT_EVENTS_START + 10)
-#define NET_EVENT_DATAGRAM_OPEN (NET_EVENT_EVENTS_START + 11)
-#define NET_EVENT_DATAGRAM_ERROR (NET_EVENT_EVENTS_START + 12)
-#define NET_EVENT_ACCEPT_INTERNAL (NET_EVENT_EVENTS_START + 22)
-#define NET_EVENT_CONNECT_INTERNAL (NET_EVENT_EVENTS_START + 23)
+#define NET_EVENT_DATAGRAM_WRITE_ERROR    (NET_EVENT_EVENTS_START + 9)
+#define NET_EVENT_DATAGRAM_READ_READY     (NET_EVENT_EVENTS_START + 10)
+#define NET_EVENT_DATAGRAM_OPEN           (NET_EVENT_EVENTS_START + 11)
+#define NET_EVENT_DATAGRAM_ERROR          (NET_EVENT_EVENTS_START + 12)
+#define NET_EVENT_ACCEPT_INTERNAL         (NET_EVENT_EVENTS_START + 22)
+#define NET_EVENT_CONNECT_INTERNAL        (NET_EVENT_EVENTS_START + 23)
 
 #define MAIN_ACCEPT_PORT -1
 
diff --git a/iocore/net/I_NetProcessor.h b/iocore/net/I_NetProcessor.h
index 893f89da8e7..d4f5d29fd01 100644
--- a/iocore/net/I_NetProcessor.h
+++ b/iocore/net/I_NetProcessor.h
@@ -224,7 +224,7 @@ class NetProcessor : public Processor
   static AcceptOptions const DEFAULT_ACCEPT_OPTIONS;
 
   // noncopyable
-  NetProcessor(const NetProcessor &) = delete;
+  NetProcessor(const NetProcessor &)            = delete;
   NetProcessor &operator=(const NetProcessor &) = delete;
 
 private:
diff --git a/iocore/net/I_NetVConnection.h b/iocore/net/I_NetVConnection.h
index 1389beb14f4..cded188cbe7 100644
--- a/iocore/net/I_NetVConnection.h
+++ b/iocore/net/I_NetVConnection.h
@@ -817,7 +817,7 @@ class NetVConnection : public VConnection, public PluginUserArgs persistent[] = {
-    {"proxy.process.net.calls_to_read", net_calls_to_read_stat},
-    {"proxy.process.net.calls_to_read_nodata", net_calls_to_read_nodata_stat},
-    {"proxy.process.net.calls_to_readfromnet", net_calls_to_readfromnet_stat},
-    {"proxy.process.net.calls_to_write", net_calls_to_write_stat},
-    {"proxy.process.net.calls_to_write_nodata", net_calls_to_write_nodata_stat},
-    {"proxy.process.net.calls_to_writetonet", net_calls_to_writetonet_stat},
+    {"proxy.process.net.calls_to_read",                       net_calls_to_read_stat                  },
+    {"proxy.process.net.calls_to_read_nodata",                net_calls_to_read_nodata_stat           },
+    {"proxy.process.net.calls_to_readfromnet",                net_calls_to_readfromnet_stat           },
+    {"proxy.process.net.calls_to_write",                      net_calls_to_write_stat                 },
+    {"proxy.process.net.calls_to_write_nodata",               net_calls_to_write_nodata_stat          },
+    {"proxy.process.net.calls_to_writetonet",                 net_calls_to_writetonet_stat            },
     {"proxy.process.net.inactivity_cop_lock_acquire_failure", inactivity_cop_lock_acquire_failure_stat},
-    {"proxy.process.net.net_handler_run", net_handler_run_stat},
-    {"proxy.process.net.read_bytes", net_read_bytes_stat},
-    {"proxy.process.net.write_bytes", net_write_bytes_stat},
-    {"proxy.process.net.fastopen_out.attempts", net_fastopen_attempts_stat},
-    {"proxy.process.net.fastopen_out.successes", net_fastopen_successes_stat},
-    {"proxy.process.socks.connections_successful", socks_connections_successful_stat},
-    {"proxy.process.socks.connections_unsuccessful", socks_connections_unsuccessful_stat},
+    {"proxy.process.net.net_handler_run",                     net_handler_run_stat                    },
+    {"proxy.process.net.read_bytes",                          net_read_bytes_stat                     },
+    {"proxy.process.net.write_bytes",                         net_write_bytes_stat                    },
+    {"proxy.process.net.fastopen_out.attempts",               net_fastopen_attempts_stat              },
+    {"proxy.process.net.fastopen_out.successes",              net_fastopen_successes_stat             },
+    {"proxy.process.socks.connections_successful",            socks_connections_successful_stat       },
+    {"proxy.process.socks.connections_unsuccessful",          socks_connections_unsuccessful_stat     },
   };
 
   const std::pair non_persistent[] = {
-    {"proxy.process.net.accepts_currently_open", net_accepts_currently_open_stat},
-    {"proxy.process.net.connections_currently_open", net_connections_currently_open_stat},
-    {"proxy.process.net.default_inactivity_timeout_applied", default_inactivity_timeout_applied_stat},
-    {"proxy.process.net.default_inactivity_timeout_count", default_inactivity_timeout_count_stat},
-    {"proxy.process.net.dynamic_keep_alive_timeout_in_count", keep_alive_queue_timeout_count_stat},
-    {"proxy.process.net.dynamic_keep_alive_timeout_in_total", keep_alive_queue_timeout_total_stat},
-    {"proxy.process.socks.connections_currently_open", socks_connections_currently_open_stat},
+    {"proxy.process.net.accepts_currently_open",              net_accepts_currently_open_stat        },
+    {"proxy.process.net.connections_currently_open",          net_connections_currently_open_stat    },
+    {"proxy.process.net.default_inactivity_timeout_applied",  default_inactivity_timeout_applied_stat},
+    {"proxy.process.net.default_inactivity_timeout_count",    default_inactivity_timeout_count_stat  },
+    {"proxy.process.net.dynamic_keep_alive_timeout_in_count", keep_alive_queue_timeout_count_stat    },
+    {"proxy.process.net.dynamic_keep_alive_timeout_in_total", keep_alive_queue_timeout_total_stat    },
+    {"proxy.process.socks.connections_currently_open",        socks_connections_currently_open_stat  },
   };
 
   for (auto &p : persistent) {
diff --git a/iocore/net/NetEvent.h b/iocore/net/NetEvent.h
index 27808bf4fb4..c535374a42a 100644
--- a/iocore/net/NetEvent.h
+++ b/iocore/net/NetEvent.h
@@ -119,7 +119,7 @@ class NetEvent
     unsigned int flags = 0;
     struct {
       unsigned int got_local_addr : 1;
-      unsigned int shutdown : 2;
+      unsigned int shutdown       : 2;
     } f;
   };
 };
diff --git a/iocore/net/NetVCTest.cc b/iocore/net/NetVCTest.cc
index 59a066b8b0f..191113c494a 100644
--- a/iocore/net/NetVCTest.cc
+++ b/iocore/net/NetVCTest.cc
@@ -45,38 +45,37 @@
 //
 NVC_test_def netvc_tests_def[] = {
 
-  {"basic", 2000, 2000, 2000, 2000, 50, 10, VC_EVENT_READ_COMPLETE, VC_EVENT_WRITE_COMPLETE},
-  {"basic", 2000, 2000, 2000, 2000, 50, 10, VC_EVENT_READ_COMPLETE, VC_EVENT_WRITE_COMPLETE},
+  {"basic",    2000,    2000,    2000,    2000,    50,    10, VC_EVENT_READ_COMPLETE, VC_EVENT_WRITE_COMPLETE    },
+  {"basic",    2000,    2000,    2000,    2000,    50,    10, VC_EVENT_READ_COMPLETE, VC_EVENT_WRITE_COMPLETE    },
 
-  {"basic2", 10001, 10001, 5001, 5001, 1024, 10, VC_EVENT_READ_COMPLETE, VC_EVENT_WRITE_COMPLETE},
-  {"basic2", 5001, 5001, 10001, 10001, 1024, 10, VC_EVENT_READ_COMPLETE, VC_EVENT_WRITE_COMPLETE},
+  {"basic2",   10001,   10001,   5001,    5001,    1024,  10, VC_EVENT_READ_COMPLETE, VC_EVENT_WRITE_COMPLETE    },
+  {"basic2",   5001,    5001,    10001,   10001,   1024,  10, VC_EVENT_READ_COMPLETE, VC_EVENT_WRITE_COMPLETE    },
 
-  {"large", 1000000, 1000000, 500000, 500000, 8192, 10, VC_EVENT_READ_COMPLETE, VC_EVENT_WRITE_COMPLETE},
-  {"large", 500000, 500000, 1000000, 1000000, 8192, 10, VC_EVENT_READ_COMPLETE, VC_EVENT_WRITE_COMPLETE},
+  {"large",    1000000, 1000000, 500000,  500000,  8192,  10, VC_EVENT_READ_COMPLETE, VC_EVENT_WRITE_COMPLETE    },
+  {"large",    500000,  500000,  1000000, 1000000, 8192,  10, VC_EVENT_READ_COMPLETE, VC_EVENT_WRITE_COMPLETE    },
 
-  // Test large block transfers
-  {"larget", 1000000, 1000000, 500000, 500000, 40000, 10, VC_EVENT_READ_COMPLETE, VC_EVENT_WRITE_COMPLETE},
-  {"larget", 500000, 500000, 1000000, 1000000, 40000, 10, VC_EVENT_READ_COMPLETE, VC_EVENT_WRITE_COMPLETE},
+ // Test large block transfers
+  {"larget",   1000000, 1000000, 500000,  500000,  40000, 10, VC_EVENT_READ_COMPLETE, VC_EVENT_WRITE_COMPLETE    },
+  {"larget",   500000,  500000,  1000000, 1000000, 40000, 10, VC_EVENT_READ_COMPLETE, VC_EVENT_WRITE_COMPLETE    },
 
-  {"eos", 4000, 4000, 10, 10, 8192, 10, VC_EVENT_READ_COMPLETE, VC_EVENT_WRITE_COMPLETE},
-  {"eos", 10, 10, 6000, 6000, 8192, 10, VC_EVENT_EOS, VC_EVENT_WRITE_COMPLETE},
+  {"eos",      4000,    4000,    10,      10,      8192,  10, VC_EVENT_READ_COMPLETE, VC_EVENT_WRITE_COMPLETE    },
+  {"eos",      10,      10,      6000,    6000,    8192,  10, VC_EVENT_EOS,           VC_EVENT_WRITE_COMPLETE    },
 
-  {"werr", 4000, 4000, 10, 10, 129, 10, VC_EVENT_READ_COMPLETE, VC_EVENT_ERROR},
-  {"werr", 10, 10, 10, 10, 129, 10, VC_EVENT_READ_COMPLETE, VC_EVENT_WRITE_COMPLETE},
+  {"werr",     4000,    4000,    10,      10,      129,   10, VC_EVENT_READ_COMPLETE, VC_EVENT_ERROR             },
+  {"werr",     10,      10,      10,      10,      129,   10, VC_EVENT_READ_COMPLETE, VC_EVENT_WRITE_COMPLETE    },
 
-  {"itimeout", 6000, 8000, 10, 10, 512, 10, VC_EVENT_READ_COMPLETE, VC_EVENT_INACTIVITY_TIMEOUT},
-  {"itimeout", 10, 10, 6000, 8000, 512, 20, VC_EVENT_EOS, VC_EVENT_WRITE_COMPLETE},
+  {"itimeout", 6000,    8000,    10,      10,      512,   10, VC_EVENT_READ_COMPLETE, VC_EVENT_INACTIVITY_TIMEOUT},
+  {"itimeout", 10,      10,      6000,    8000,    512,   20, VC_EVENT_EOS,           VC_EVENT_WRITE_COMPLETE    },
 
-  // Test the small transfer code one byte at a time
-  {"smallt", 400, 400, 500, 500, 1, 15, VC_EVENT_READ_COMPLETE, VC_EVENT_WRITE_COMPLETE},
-  {"smallt", 500, 500, 400, 400, 1, 15, VC_EVENT_READ_COMPLETE, VC_EVENT_WRITE_COMPLETE},
+ // Test the small transfer code one byte at a time
+  {"smallt",   400,     400,     500,     500,     1,     15, VC_EVENT_READ_COMPLETE, VC_EVENT_WRITE_COMPLETE    },
+  {"smallt",   500,     500,     400,     400,     1,     15, VC_EVENT_READ_COMPLETE, VC_EVENT_WRITE_COMPLETE    },
 
-  // The purpose of this test is show that stack can over flow if we move too
+ // The purpose of this test is show that stack can over flow if we move too
   //   small of blocks between the buffers.  EVENT_NONE is wild card error event
   //   since which side gets the timeout is unpredictable
-  {"overflow", 1000000, 1000000, 50, 50, 1, 20, VC_EVENT_READ_COMPLETE, EVENT_NONE},
-  {"overflow", 50, 50, 0, 35000, 1024, 35, EVENT_NONE, VC_EVENT_WRITE_COMPLETE}
-
+  {"overflow", 1000000, 1000000, 50,      50,      1,     20, VC_EVENT_READ_COMPLETE, EVENT_NONE                 },
+  {"overflow", 50,      50,      0,       35000,   1024,  35, EVENT_NONE,             VC_EVENT_WRITE_COMPLETE    }
 };
 const unsigned num_netvc_tests = countof(netvc_tests_def);
 
@@ -278,7 +277,7 @@ NetVCTest::write_handler(int event)
     if (write_vio->ndone < bytes_to_send) {
       int left_to_send = bytes_to_send - actual_bytes_sent;
       ink_assert(left_to_send >= 0);
-      int to_fill = std::min(left_to_send, write_bytes_to_add_per);
+      int to_fill       = std::min(left_to_send, write_bytes_to_add_per);
       actual_bytes_sent += fill_buffer(write_buffer, &write_seed, to_fill);
       write_vio->reenable();
     }
diff --git a/iocore/net/P_Connection.h b/iocore/net/P_Connection.h
index 6bc43815322..dd1a95c051c 100644
--- a/iocore/net/P_Connection.h
+++ b/iocore/net/P_Connection.h
@@ -58,19 +58,19 @@ struct NetVCOptions;
 //
 
 #define NON_BLOCKING_CONNECT true
-#define BLOCKING_CONNECT false
-#define CONNECT_WITH_TCP true
-#define CONNECT_WITH_UDP false
-#define NON_BLOCKING true
-#define BLOCKING false
-#define BIND_RANDOM_PORT true
-#define BIND_ANY_PORT false
-#define ENABLE_MC_LOOPBACK true
-#define DISABLE_MC_LOOPBACK false
-#define BC_NO_CONNECT true
-#define BC_CONNECT false
-#define BC_NO_BIND true
-#define BC_BIND false
+#define BLOCKING_CONNECT     false
+#define CONNECT_WITH_TCP     true
+#define CONNECT_WITH_UDP     false
+#define NON_BLOCKING         true
+#define BLOCKING             false
+#define BIND_RANDOM_PORT     true
+#define BIND_ANY_PORT        false
+#define ENABLE_MC_LOOPBACK   true
+#define DISABLE_MC_LOOPBACK  false
+#define BC_NO_CONNECT        true
+#define BC_CONNECT           false
+#define BC_NO_BIND           true
+#define BC_BIND              false
 
 ///////////////////////////////////////////////////////////////////////
 //
diff --git a/iocore/net/P_Net.h b/iocore/net/P_Net.h
index 9381b0a1a60..09c2fa12512 100644
--- a/iocore/net/P_Net.h
+++ b/iocore/net/P_Net.h
@@ -62,9 +62,9 @@ enum Net_Stats {
 
 struct RecRawStatBlock;
 extern RecRawStatBlock *net_rsb;
-#define SSL_HANDSHAKE_WANT_READ 6
-#define SSL_HANDSHAKE_WANT_WRITE 7
-#define SSL_HANDSHAKE_WANT_ACCEPT 8
+#define SSL_HANDSHAKE_WANT_READ    6
+#define SSL_HANDSHAKE_WANT_WRITE   7
+#define SSL_HANDSHAKE_WANT_ACCEPT  8
 #define SSL_HANDSHAKE_WANT_CONNECT 9
 
 #define NET_INCREMENT_DYN_STAT(_x) RecIncrRawStatSum(net_rsb, mutex->thread_holding, (int)_x, 1)
@@ -88,7 +88,7 @@ extern RecRawStatBlock *net_rsb;
   } while (0);
 
 // For global access
-#define NET_SUM_GLOBAL_DYN_STAT(_x, _r) RecIncrGlobalRawStatSum(net_rsb, (_x), (_r))
+#define NET_SUM_GLOBAL_DYN_STAT(_x, _r)   RecIncrGlobalRawStatSum(net_rsb, (_x), (_r))
 #define NET_READ_GLOBAL_DYN_SUM(_x, _sum) RecGetGlobalRawStatSum(net_rsb, _x, &_sum)
 
 #include "tscore/ink_platform.h"
diff --git a/iocore/net/P_QUICNextProtocolAccept_native.h b/iocore/net/P_QUICNextProtocolAccept_native.h
index 6dee22225d4..d4394755f59 100644
--- a/iocore/net/P_QUICNextProtocolAccept_native.h
+++ b/iocore/net/P_QUICNextProtocolAccept_native.h
@@ -46,7 +46,7 @@ class QUICNextProtocolAccept : public SessionAccept
   SSLNextProtocolSet *getProtoSet();
 
   // noncopyable
-  QUICNextProtocolAccept(const QUICNextProtocolAccept &) = delete;
+  QUICNextProtocolAccept(const QUICNextProtocolAccept &)            = delete;
   QUICNextProtocolAccept &operator=(const QUICNextProtocolAccept &) = delete;
 
 private:
diff --git a/iocore/net/P_QUICNextProtocolAccept_quiche.h b/iocore/net/P_QUICNextProtocolAccept_quiche.h
index 49654d58177..7b39ef417ea 100644
--- a/iocore/net/P_QUICNextProtocolAccept_quiche.h
+++ b/iocore/net/P_QUICNextProtocolAccept_quiche.h
@@ -46,7 +46,7 @@ class QUICNextProtocolAccept : public SessionAccept
   SSLNextProtocolSet *getProtoSet();
 
   // noncopyable
-  QUICNextProtocolAccept(const QUICNextProtocolAccept &) = delete;
+  QUICNextProtocolAccept(const QUICNextProtocolAccept &)            = delete;
   QUICNextProtocolAccept &operator=(const QUICNextProtocolAccept &) = delete;
 
 private:
diff --git a/iocore/net/P_SNIActionPerformer.h b/iocore/net/P_SNIActionPerformer.h
index 8088d25bd9a..9d6d98480b8 100644
--- a/iocore/net/P_SNIActionPerformer.h
+++ b/iocore/net/P_SNIActionPerformer.h
@@ -233,7 +233,7 @@ class VerifyClient : public ActionItem
   }
 
   // No copying or moving.
-  VerifyClient(VerifyClient const &) = delete;
+  VerifyClient(VerifyClient const &)            = delete;
   VerifyClient &operator=(VerifyClient const &) = delete;
 };
 
diff --git a/iocore/net/P_SSLConfig.h b/iocore/net/P_SSLConfig.h
index 3b4ffcc7ff7..6f8ff6890e1 100644
--- a/iocore/net/P_SSLConfig.h
+++ b/iocore/net/P_SSLConfig.h
@@ -30,6 +30,8 @@
  ****************************************************************************/
 #pragma once
 
+#include 
+
 #include 
 
 #include "tscore/ink_inet.h"
@@ -170,6 +172,11 @@ struct SSLConfigParams : public ConfigInfo {
   void cleanup();
   void reset();
   void SSLConfigInit(IpMap *global);
+
+private:
+  // c_str() of string passed to in-progess call to updateCTX().
+  //
+  mutable std::atomic secret_for_updateCTX{nullptr};
 };
 
 /////////////////////////////////////////////////////////////
diff --git a/iocore/net/P_SSLNetProcessor.h b/iocore/net/P_SSLNetProcessor.h
index 92183ed82d7..70fbc0989cf 100644
--- a/iocore/net/P_SSLNetProcessor.h
+++ b/iocore/net/P_SSLNetProcessor.h
@@ -68,7 +68,7 @@ struct SSLNetProcessor : public UnixNetProcessor {
   NetVConnection *allocate_vc(EThread *t) override;
 
   // noncopyable
-  SSLNetProcessor(const SSLNetProcessor &) = delete;
+  SSLNetProcessor(const SSLNetProcessor &)            = delete;
   SSLNetProcessor &operator=(const SSLNetProcessor &) = delete;
 };
 
diff --git a/iocore/net/P_SSLNetVConnection.h b/iocore/net/P_SSLNetVConnection.h
index f14ffffba14..de6c666246c 100644
--- a/iocore/net/P_SSLNetVConnection.h
+++ b/iocore/net/P_SSLNetVConnection.h
@@ -74,8 +74,8 @@
 // (another 20-60 bytes on average, depending on the negotiated ciphersuite [2]).
 // All in all: 1500 - 40 (IP) - 20 (TCP) - 40 (TCP options) - TLS overhead (60-100)
 // For larger records, the size is determined by TLS protocol record size
-#define SSL_DEF_TLS_RECORD_SIZE 1300  // 1500 - 40 (IP) - 20 (TCP) - 40 (TCP options) - TLS overhead (60-100)
-#define SSL_MAX_TLS_RECORD_SIZE 16383 // 2^14 - 1
+#define SSL_DEF_TLS_RECORD_SIZE           1300  // 1500 - 40 (IP) - 20 (TCP) - 40 (TCP options) - TLS overhead (60-100)
+#define SSL_MAX_TLS_RECORD_SIZE           16383 // 2^14 - 1
 #define SSL_DEF_TLS_RECORD_BYTE_THRESHOLD 1000000
 #define SSL_DEF_TLS_RECORD_MSEC_THRESHOLD 1000
 
@@ -315,7 +315,7 @@ class SSLNetVConnection : public UnixNetVConnection,
   SslVConnOp hookOpRequested = SSL_HOOK_OP_DEFAULT;
 
   // noncopyable
-  SSLNetVConnection(const SSLNetVConnection &) = delete;
+  SSLNetVConnection(const SSLNetVConnection &)            = delete;
   SSLNetVConnection &operator=(const SSLNetVConnection &) = delete;
 
   bool protocol_mask_set = false;
diff --git a/iocore/net/P_SSLNextProtocolAccept.h b/iocore/net/P_SSLNextProtocolAccept.h
index b32c81be8a4..18070cd6bc8 100644
--- a/iocore/net/P_SSLNextProtocolAccept.h
+++ b/iocore/net/P_SSLNextProtocolAccept.h
@@ -49,7 +49,7 @@ class SSLNextProtocolAccept : public SessionAccept
   SSLNextProtocolSet *getProtoSet();
 
   // noncopyable
-  SSLNextProtocolAccept(const SSLNextProtocolAccept &) = delete;            // disabled
+  SSLNextProtocolAccept(const SSLNextProtocolAccept &)            = delete; // disabled
   SSLNextProtocolAccept &operator=(const SSLNextProtocolAccept &) = delete; // disabled
 
 private:
diff --git a/iocore/net/P_SSLNextProtocolSet.h b/iocore/net/P_SSLNextProtocolSet.h
index 8b05b0a89c0..feb08234fd3 100644
--- a/iocore/net/P_SSLNextProtocolSet.h
+++ b/iocore/net/P_SSLNextProtocolSet.h
@@ -54,7 +54,7 @@ class SSLNextProtocolSet
   };
 
   // noncopyable
-  SSLNextProtocolSet(const SSLNextProtocolSet &) = delete;            // disabled
+  SSLNextProtocolSet(const SSLNextProtocolSet &)            = delete; // disabled
   SSLNextProtocolSet &operator=(const SSLNextProtocolSet &) = delete; // disabled
 
 private:
diff --git a/iocore/net/P_SSLSecret.h b/iocore/net/P_SSLSecret.h
index f6b2a279421..212ab156c6e 100644
--- a/iocore/net/P_SSLSecret.h
+++ b/iocore/net/P_SSLSecret.h
@@ -19,6 +19,8 @@
   limitations under the License.
  */
 
+#pragma once
+
 #include 
 #include 
 #include 
@@ -28,14 +30,13 @@ class SSLSecret
 {
 public:
   SSLSecret() {}
-  bool getSecret(const std::string &name, std::string_view &data) const;
-  bool setSecret(const std::string &name, const char *data, int data_len);
-  bool getOrLoadSecret(const std::string &name, const std::string &name2, std::string_view &data, std::string_view &data2);
+  std::string getSecret(const std::string &name) const;
+  void setSecret(const std::string &name, std::string_view data);
+  void getOrLoadSecret(const std::string &name1, const std::string &name2, std::string &data, std::string &data2);
 
 private:
-  const std::string *getSecretItem(const std::string &name) const;
-  bool loadSecret(const std::string &name, const std::string &name2, std::string &data_item, std::string &data_item2);
-  bool loadFile(const std::string &name, std::string &data_item);
+  void loadSecret(const std::string &name1, const std::string &name2, std::string &data_item, std::string &data_item2);
+  std::string loadFile(const std::string &name);
 
   std::unordered_map secret_map;
   mutable std::recursive_mutex secret_map_mutex;
diff --git a/iocore/net/P_TLSKeyLogger.h b/iocore/net/P_TLSKeyLogger.h
index 18fadbe8762..87515e21daf 100644
--- a/iocore/net/P_TLSKeyLogger.h
+++ b/iocore/net/P_TLSKeyLogger.h
@@ -34,7 +34,7 @@
 class TLSKeyLogger
 {
 public:
-  TLSKeyLogger(const TLSKeyLogger &) = delete;
+  TLSKeyLogger(const TLSKeyLogger &)            = delete;
   TLSKeyLogger &operator=(const TLSKeyLogger &) = delete;
 
   ~TLSKeyLogger()
diff --git a/iocore/net/P_UDPNet.h b/iocore/net/P_UDPNet.h
index 8df862846a0..39837dcfbd3 100644
--- a/iocore/net/P_UDPNet.h
+++ b/iocore/net/P_UDPNet.h
@@ -60,8 +60,8 @@ extern UDPNetProcessorInternal udpNetInternal;
 
 // 20 ms slots; 2048 slots  => 40 sec. into the future
 #define SLOT_TIME_MSEC 20
-#define SLOT_TIME HRTIME_MSECONDS(SLOT_TIME_MSEC)
-#define N_SLOTS 2048
+#define SLOT_TIME      HRTIME_MSECONDS(SLOT_TIME_MSEC)
+#define N_SLOTS        2048
 
 constexpr int UDP_PERIOD    = 9;
 constexpr int UDP_NH_PERIOD = UDP_PERIOD + 1;
diff --git a/iocore/net/P_UDPPacket.h b/iocore/net/P_UDPPacket.h
index 22b432f0e32..6eb75270956 100644
--- a/iocore/net/P_UDPPacket.h
+++ b/iocore/net/P_UDPPacket.h
@@ -110,7 +110,7 @@ UDPPacket::getPktLength() const
   b            = p->chain.get();
   while (b) {
     p->pktLength += b->read_avail();
-    b = b->next.get();
+    b            = b->next.get();
   }
   return p->pktLength;
 }
diff --git a/iocore/net/P_UnixNet.h b/iocore/net/P_UnixNet.h
index 7c1f3d10c8a..dc58c09e8af 100644
--- a/iocore/net/P_UnixNet.h
+++ b/iocore/net/P_UnixNet.h
@@ -27,16 +27,16 @@
 
 #include "tscore/ink_platform.h"
 
-#define USE_EDGE_TRIGGER_EPOLL 1
+#define USE_EDGE_TRIGGER_EPOLL  1
 #define USE_EDGE_TRIGGER_KQUEUE 1
-#define USE_EDGE_TRIGGER_PORT 1
+#define USE_EDGE_TRIGGER_PORT   1
 
-#define EVENTIO_NETACCEPT 1
-#define EVENTIO_READWRITE_VC 2
+#define EVENTIO_NETACCEPT      1
+#define EVENTIO_READWRITE_VC   2
 #define EVENTIO_DNS_CONNECTION 3
 #define EVENTIO_UDP_CONNECTION 4
-#define EVENTIO_ASYNC_SIGNAL 5
-#define EVENTIO_DISK 6
+#define EVENTIO_ASYNC_SIGNAL   5
+#define EVENTIO_DISK           6
 
 #if TS_USE_EPOLL
 #ifndef EPOLLEXCLUSIVE
@@ -44,10 +44,10 @@
 #endif
 #ifdef USE_EDGE_TRIGGER_EPOLL
 #define USE_EDGE_TRIGGER 1
-#define EVENTIO_READ (EPOLLIN | EPOLLET)
-#define EVENTIO_WRITE (EPOLLOUT | EPOLLET)
+#define EVENTIO_READ     (EPOLLIN | EPOLLET)
+#define EVENTIO_WRITE    (EPOLLOUT | EPOLLET)
 #else
-#define EVENTIO_READ EPOLLIN
+#define EVENTIO_READ  EPOLLIN
 #define EVENTIO_WRITE EPOLLOUT
 #endif
 #define EVENTIO_ERROR (EPOLLERR | EPOLLPRI | EPOLLHUP)
@@ -55,12 +55,12 @@
 
 #if TS_USE_KQUEUE
 #ifdef USE_EDGE_TRIGGER_KQUEUE
-#define USE_EDGE_TRIGGER 1
+#define USE_EDGE_TRIGGER    1
 #define INK_EV_EDGE_TRIGGER EV_CLEAR
 #else
 #define INK_EV_EDGE_TRIGGER 0
 #endif
-#define EVENTIO_READ INK_EVP_IN
+#define EVENTIO_READ  INK_EVP_IN
 #define EVENTIO_WRITE INK_EVP_OUT
 #define EVENTIO_ERROR (0x010 | 0x002 | 0x020) // ERR PRI HUP
 #endif
@@ -68,7 +68,7 @@
 #ifdef USE_EDGE_TRIGGER_PORT
 #define USE_EDGE_TRIGGER 1
 #endif
-#define EVENTIO_READ POLLIN
+#define EVENTIO_READ  POLLIN
 #define EVENTIO_WRITE POLLOUT
 #define EVENTIO_ERROR (POLLERR | POLLPRI | POLLHUP)
 #endif
@@ -173,13 +173,13 @@ extern int http_accept_port_number;
 #define TRANSIENT_ACCEPT_ERROR_MESSAGE_EVERY HRTIME_HOURS(24)
 
 // also the 'throttle connect headroom'
-#define EMERGENCY_THROTTLE 16
-#define THROTTLE_AT_ONCE 5
+#define EMERGENCY_THROTTLE       16
+#define THROTTLE_AT_ONCE         5
 #define HYPER_EMERGENCY_THROTTLE 6
 
-#define NET_THROTTLE_ACCEPT_HEADROOM 1.1  // 10%
+#define NET_THROTTLE_ACCEPT_HEADROOM  1.1 // 10%
 #define NET_THROTTLE_CONNECT_HEADROOM 1.0 // 0%
-#define NET_THROTTLE_MESSAGE_EVERY HRTIME_MINUTES(10)
+#define NET_THROTTLE_MESSAGE_EVERY    HRTIME_MINUTES(10)
 
 #define PRINT_IP(x) ((uint8_t *)&(x))[0], ((uint8_t *)&(x))[1], ((uint8_t *)&(x))[2], ((uint8_t *)&(x))[3]
 
diff --git a/iocore/net/P_UnixNetVConnection.h b/iocore/net/P_UnixNetVConnection.h
index da0e1a4ff4e..3b5647bbe37 100644
--- a/iocore/net/P_UnixNetVConnection.h
+++ b/iocore/net/P_UnixNetVConnection.h
@@ -105,7 +105,7 @@ class UnixNetVConnection : public NetVConnection, public NetEvent
   const char *protocol_contains(std::string_view tag) const override;
 
   // noncopyable
-  UnixNetVConnection(const NetVConnection &) = delete;
+  UnixNetVConnection(const NetVConnection &)            = delete;
   UnixNetVConnection &operator=(const NetVConnection &) = delete;
 
   /////////////////////////
diff --git a/iocore/net/P_UnixPollDescriptor.h b/iocore/net/P_UnixPollDescriptor.h
index 471d9e7647c..37acfba153b 100644
--- a/iocore/net/P_UnixPollDescriptor.h
+++ b/iocore/net/P_UnixPollDescriptor.h
@@ -33,7 +33,7 @@
 
 #if TS_USE_KQUEUE
 #include 
-#define INK_EVP_IN 0x001
+#define INK_EVP_IN  0x001
 #define INK_EVP_PRI 0x002
 #define INK_EVP_OUT 0x004
 #define INK_EVP_ERR 0x010
@@ -61,9 +61,9 @@ struct PollDescriptor {
 
   PollDescriptor() { init(); }
 #if TS_USE_EPOLL
-#define get_ev_port(a) ((a)->epoll_fd)
+#define get_ev_port(a)      ((a)->epoll_fd)
 #define get_ev_events(a, x) ((a)->ePoll_Triggered_Events[(x)].events)
-#define get_ev_data(a, x) ((a)->ePoll_Triggered_Events[(x)].data.ptr)
+#define get_ev_data(a, x)   ((a)->ePoll_Triggered_Events[(x)].data.ptr)
 #define ev_next_event(a, x)
 #endif
 
@@ -71,9 +71,9 @@ struct PollDescriptor {
   struct kevent kq_Triggered_Events[POLL_DESCRIPTOR_SIZE];
 /* we define these here as numbers, because for kqueue mapping them to a combination of
  *filters / flags is hard to do. */
-#define get_ev_port(a) ((a)->kqueue_fd)
+#define get_ev_port(a)      ((a)->kqueue_fd)
 #define get_ev_events(a, x) ((a)->kq_event_convert((a)->kq_Triggered_Events[(x)].filter, (a)->kq_Triggered_Events[(x)].flags))
-#define get_ev_data(a, x) ((a)->kq_Triggered_Events[(x)].udata)
+#define get_ev_data(a, x)   ((a)->kq_Triggered_Events[(x)].udata)
   int
   kq_event_convert(int16_t event, uint16_t flags)
   {
@@ -95,10 +95,10 @@ struct PollDescriptor {
 
 #if TS_USE_PORT
   port_event_t Port_Triggered_Events[POLL_DESCRIPTOR_SIZE];
-#define get_ev_port(a) ((a)->port_fd)
+#define get_ev_port(a)      ((a)->port_fd)
 #define get_ev_events(a, x) ((a)->Port_Triggered_Events[(x)].portev_events)
-#define get_ev_data(a, x) ((a)->Port_Triggered_Events[(x)].portev_user)
-#define get_ev_odata(a, x) ((a)->Port_Triggered_Events[(x)].portev_object)
+#define get_ev_data(a, x)   ((a)->Port_Triggered_Events[(x)].portev_user)
+#define get_ev_odata(a, x)  ((a)->Port_Triggered_Events[(x)].portev_object)
 #define ev_next_event(a, x)
 #endif
 
diff --git a/iocore/net/QUICMultiCertConfigLoader.cc b/iocore/net/QUICMultiCertConfigLoader.cc
index f3aa8b9282d..f8c52fd6521 100644
--- a/iocore/net/QUICMultiCertConfigLoader.cc
+++ b/iocore/net/QUICMultiCertConfigLoader.cc
@@ -32,7 +32,7 @@
 #include "tscore/Filenames.h"
 // #include "QUICGlobals.h"
 
-#define QUICConfDebug(fmt, ...) Debug("quic_conf", fmt, ##__VA_ARGS__)
+#define QUICConfDebug(fmt, ...)         Debug("quic_conf", fmt, ##__VA_ARGS__)
 #define QUICGlobalQCDebug(qc, fmt, ...) Debug("quic_global", "[%s] " fmt, qc->cids().data(), ##__VA_ARGS__)
 
 int QUICCertConfig::_config_id = 0;
diff --git a/iocore/net/QUICNetVConnection.cc b/iocore/net/QUICNetVConnection.cc
index 84712aa38b2..2b3f3bbdeb9 100644
--- a/iocore/net/QUICNetVConnection.cc
+++ b/iocore/net/QUICNetVConnection.cc
@@ -54,10 +54,10 @@ static constexpr uint8_t QUANTUM_TEST_VALUE[1200] = {'Q'};
 
 #define QUICConDebug(fmt, ...) Debug(QUIC_DEBUG_TAG.data(), "[%s] " fmt, this->cids().data(), ##__VA_ARGS__)
 
-#define QUICConVDebug(fmt, ...) Debug("v_quic_net", "[%s] " fmt, this->cids().data(), ##__VA_ARGS__)
+#define QUICConVDebug(fmt, ...)   Debug("v_quic_net", "[%s] " fmt, this->cids().data(), ##__VA_ARGS__)
 #define QUICConVVVDebug(fmt, ...) Debug("vvv_quic_net", "[%s] " fmt, this->cids().data(), ##__VA_ARGS__)
 
-#define QUICFCDebug(fmt, ...) Debug("quic_flow_ctrl", "[%s] " fmt, this->cids().data(), ##__VA_ARGS__)
+#define QUICFCDebug(fmt, ...)  Debug("quic_flow_ctrl", "[%s] " fmt, this->cids().data(), ##__VA_ARGS__)
 #define QUICFCVDebug(fmt, ...) Debug("v_quic_flow_ctrl", "[%s] " fmt, this->cids().data(), ##__VA_ARGS__)
 
 #define QUICError(fmt, ...)                                           \
@@ -1442,7 +1442,7 @@ QUICNetVConnection::_state_closing_receive_packet()
 
     if (this->_state_closing_recv_packet_window < STATE_CLOSING_MAX_RECV_PKT_WIND &&
         this->_state_closing_recv_packet_count >= this->_state_closing_recv_packet_window) {
-      this->_state_closing_recv_packet_count = 0;
+      this->_state_closing_recv_packet_count  = 0;
       this->_state_closing_recv_packet_window <<= 1;
 
       this->_schedule_packet_write_ready(true);
@@ -1697,7 +1697,7 @@ QUICNetVConnection::_packetize_frames(uint8_t *packet_buf, QUICEncryptionLevel l
           ink_assert(ret == 0);
         }
         last_block = this->_store_frame(last_block, size_added, max_frame_size, *frame, frames);
-        len += size_added;
+        len        += size_added;
 
         // FIXME ACK frame should have priority
         if (frame->type() == QUICFrameType::STREAM) {
diff --git a/iocore/net/QUICNetVConnection_quiche.cc b/iocore/net/QUICNetVConnection_quiche.cc
index 6f9edb8ac85..7b52b8cf16b 100644
--- a/iocore/net/QUICNetVConnection_quiche.cc
+++ b/iocore/net/QUICNetVConnection_quiche.cc
@@ -28,7 +28,7 @@
 
 static constexpr ink_hrtime WRITE_READY_INTERVAL = HRTIME_MSECONDS(2);
 
-#define QUICConDebug(fmt, ...) Debug("quic_net", "[%s] " fmt, this->cids().data(), ##__VA_ARGS__)
+#define QUICConDebug(fmt, ...)  Debug("quic_net", "[%s] " fmt, this->cids().data(), ##__VA_ARGS__)
 #define QUICConVDebug(fmt, ...) Debug("v_quic_net", "[%s] " fmt, this->cids().data(), ##__VA_ARGS__)
 
 ClassAllocator quicNetVCAllocator("quicNetVCAllocator");
diff --git a/iocore/net/QUICPacketHandler.cc b/iocore/net/QUICPacketHandler.cc
index d555b74aea7..e9f75ce431d 100644
--- a/iocore/net/QUICPacketHandler.cc
+++ b/iocore/net/QUICPacketHandler.cc
@@ -40,7 +40,7 @@
 static constexpr char debug_tag[]   = "quic_sec";
 static constexpr char v_debug_tag[] = "v_quic_sec";
 
-#define QUICDebug(fmt, ...) Debug(debug_tag, fmt, ##__VA_ARGS__)
+#define QUICDebug(fmt, ...)       Debug(debug_tag, fmt, ##__VA_ARGS__)
 #define QUICQCDebug(qc, fmt, ...) Debug(debug_tag, "[%s] " fmt, qc->cids().data(), ##__VA_ARGS__)
 
 // ["local dcid" - "local scid"]
diff --git a/iocore/net/QUICPacketHandler_quiche.cc b/iocore/net/QUICPacketHandler_quiche.cc
index eb5ca225286..ac28bfb5c5b 100644
--- a/iocore/net/QUICPacketHandler_quiche.cc
+++ b/iocore/net/QUICPacketHandler_quiche.cc
@@ -237,7 +237,11 @@ QUICPacketHandlerIn::_recv_packet(int event, UDPPacket *udp_packet)
     if (params->stateless_retry() && token_len == 0) {
       QUICConnectionId new_cid;
       new_cid.randomize();
-      QUICRetryToken retry_token = {udp_packet->from, {dcid, static_cast(dcid_len)}, new_cid};
+      QUICRetryToken retry_token = {
+        udp_packet->from,
+        {dcid, static_cast(dcid_len)},
+        new_cid
+      };
       Ptr udp_payload(new_IOBufferBlock());
       udp_payload->alloc(iobuffer_size_to_index(DEFAULT_MAX_DATAGRAM_SIZE, BUFFER_SIZE_INDEX_2K));
       ssize_t written =
diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc
index f2b7c69f202..95d2b6aedf1 100644
--- a/iocore/net/SSLConfig.cc
+++ b/iocore/net/SSLConfig.cc
@@ -285,7 +285,7 @@ SSLConfigParams::initialize()
 #endif
 
 #ifdef SSL_OP_NO_COMPRESSION
-  ssl_ctx_options |= SSL_OP_NO_COMPRESSION;
+  ssl_ctx_options        |= SSL_OP_NO_COMPRESSION;
   ssl_client_ctx_options |= SSL_OP_NO_COMPRESSION;
 #else
   sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
@@ -293,23 +293,23 @@ SSLConfigParams::initialize()
 
 // Enable ephemeral DH parameters for the case where we use a cipher with DH forward security.
 #ifdef SSL_OP_SINGLE_DH_USE
-  ssl_ctx_options |= SSL_OP_SINGLE_DH_USE;
+  ssl_ctx_options        |= SSL_OP_SINGLE_DH_USE;
   ssl_client_ctx_options |= SSL_OP_SINGLE_DH_USE;
 #endif
 
 #ifdef SSL_OP_SINGLE_ECDH_USE
-  ssl_ctx_options |= SSL_OP_SINGLE_ECDH_USE;
+  ssl_ctx_options        |= SSL_OP_SINGLE_ECDH_USE;
   ssl_client_ctx_options |= SSL_OP_SINGLE_ECDH_USE;
 #endif
 
   // Enable all SSL compatibility workarounds.
-  ssl_ctx_options |= SSL_OP_ALL;
+  ssl_ctx_options        |= SSL_OP_ALL;
   ssl_client_ctx_options |= SSL_OP_ALL;
 
 // According to OpenSSL source, applications must enable this if they support the Server Name extension. Since
 // we do, then we ought to enable this. Httpd also enables this unconditionally.
 #ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
-  ssl_ctx_options |= SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION;
+  ssl_ctx_options        |= SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION;
   ssl_client_ctx_options |= SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION;
 #endif
 
@@ -754,6 +754,24 @@ cleanup_bio(BIO *&biop)
 void
 SSLConfigParams::updateCTX(const std::string &cert_secret_name) const
 {
+  Debug("ssl_config_updateCTX", "Update cert %s, %p", cert_secret_name.c_str(), this);
+
+  // Instances of SSLConfigParams should access by one thread at a time only.  secret_for_updateCTX is accessed
+  // atomically as a fail-safe.
+  //
+  char const *expected = nullptr;
+  if (!secret_for_updateCTX.compare_exchange_strong(expected, cert_secret_name.c_str())) {
+    if (is_debug_tag_set("ssl_config_updateCTX")) {
+      // As a fail-safe, handle it if secret_for_updateCTX doesn't or no longer points to a null-terminated string.
+      //
+      char const *s{expected};
+      for (; *s && (std::size_t(s - expected) < cert_secret_name.size()); ++s) {
+      }
+      Debug("ssl_config_updateCTX", "Update cert, indirect recusive call caused by call for %.*s", int(s - expected), expected);
+    }
+    return;
+  }
+
   // Clear the corresponding client CTXs.  They will be lazy loaded later
   Debug("ssl_load", "Update cert %s", cert_secret_name.c_str());
   this->clearCTX(cert_secret_name);
@@ -761,6 +779,8 @@ SSLConfigParams::updateCTX(const std::string &cert_secret_name) const
   // Update the server cert
   SSLMultiCertConfigLoader loader(this);
   loader.update_ssl_ctx(cert_secret_name);
+
+  secret_for_updateCTX = nullptr;
 }
 
 void
@@ -815,8 +835,8 @@ SSLConfigParams::getCTX(const std::string &client_cert, const std::string &key_f
 
     // Set public and private keys
     if (!client_cert.empty()) {
-      std::string_view secret_data;
-      std::string_view secret_key_data;
+      std::string secret_data;
+      std::string secret_key_data;
 
       // Fetch the client_cert data
       std::string completeSecretPath{Layout::get()->relative_to(this->clientCertPathOnly, client_cert)};
diff --git a/iocore/net/SSLDiags.h b/iocore/net/SSLDiags.h
index e0161d9ea42..0301e9bc413 100644
--- a/iocore/net/SSLDiags.h
+++ b/iocore/net/SSLDiags.h
@@ -28,10 +28,10 @@
 class SSLNetVConnection;
 
 // Log an SSL error.
-#define SSLError(fmt, ...) SSLDiagnostic(MakeSourceLocation(), false, nullptr, fmt, ##__VA_ARGS__)
+#define SSLError(fmt, ...)       SSLDiagnostic(MakeSourceLocation(), false, nullptr, fmt, ##__VA_ARGS__)
 #define SSLErrorVC(vc, fmt, ...) SSLDiagnostic(MakeSourceLocation(), false, (vc), fmt, ##__VA_ARGS__)
 // Log a SSL diagnostic using the "ssl" diagnostic tag.
-#define SSLDebug(fmt, ...) SSLDiagnostic(MakeSourceLocation(), true, nullptr, fmt, ##__VA_ARGS__)
+#define SSLDebug(fmt, ...)       SSLDiagnostic(MakeSourceLocation(), true, nullptr, fmt, ##__VA_ARGS__)
 #define SSLVCDebug(vc, fmt, ...) SSLDiagnostic(MakeSourceLocation(), true, (vc), fmt, ##__VA_ARGS__)
 
 void SSLDiagnostic(const SourceLocation &loc, bool debug, SSLNetVConnection *vc, const char *fmt, ...) TS_PRINTFLIKE(4, 5);
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index 6f0fec1c91d..0e118b7fa5e 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -58,19 +58,19 @@ using namespace std::literals;
 #define BIO_eof(b) (int)BIO_ctrl(b, BIO_CTRL_EOF, 0, nullptr)
 #endif
 
-#define SSL_READ_ERROR_NONE 0
-#define SSL_READ_ERROR 1
-#define SSL_READ_READY 2
-#define SSL_READ_COMPLETE 3
-#define SSL_READ_WOULD_BLOCK 4
-#define SSL_READ_EOS 5
-#define SSL_HANDSHAKE_WANT_READ 6
-#define SSL_HANDSHAKE_WANT_WRITE 7
-#define SSL_HANDSHAKE_WANT_ACCEPT 8
+#define SSL_READ_ERROR_NONE        0
+#define SSL_READ_ERROR             1
+#define SSL_READ_READY             2
+#define SSL_READ_COMPLETE          3
+#define SSL_READ_WOULD_BLOCK       4
+#define SSL_READ_EOS               5
+#define SSL_HANDSHAKE_WANT_READ    6
+#define SSL_HANDSHAKE_WANT_WRITE   7
+#define SSL_HANDSHAKE_WANT_ACCEPT  8
 #define SSL_HANDSHAKE_WANT_CONNECT 9
-#define SSL_WRITE_WOULD_BLOCK 10
-#define SSL_WAIT_FOR_HOOK 11
-#define SSL_WAIT_FOR_ASYNC 12
+#define SSL_WRITE_WOULD_BLOCK      10
+#define SSL_WAIT_FOR_HOOK          11
+#define SSL_WAIT_FOR_ASYNC         12
 
 ClassAllocator sslNetVCAllocator("sslNetVCAllocator");
 
@@ -610,8 +610,8 @@ SSLNetVConnection::net_read_io(NetHandler *nh, EThread *lthread)
           NetState *s            = &this->read;
           MIOBufferAccessor &buf = s->vio.buffer;
           int64_t r              = buf.writer()->write(this->handShakeHolder);
-          s->vio.nbytes += r;
-          s->vio.ndone += r;
+          s->vio.nbytes          += r;
+          s->vio.ndone           += r;
 
           // Clean up the handshake buffers
           this->free_handshake_buffers();
@@ -847,7 +847,7 @@ SSLNetVConnection::load_buffer_and_write(int64_t towrite, MIOBufferAccessor &buf
   } while (num_really_written == try_to_write && total_written < towrite);
 
   if (total_written > 0) {
-    sslLastWriteTime = now;
+    sslLastWriteTime  = now;
     sslTotalBytesSent += total_written;
   }
   redoWriteSize = 0;
@@ -859,7 +859,7 @@ SSLNetVConnection::load_buffer_and_write(int64_t towrite, MIOBufferAccessor &buf
       Debug("ssl", "SSL_write-SSL_ERROR_NONE");
       break;
     case SSL_ERROR_WANT_READ:
-      needs |= EVENTIO_READ;
+      needs              |= EVENTIO_READ;
       num_really_written = -EAGAIN;
       Debug("ssl.error", "SSL_write-SSL_ERROR_WANT_READ");
       break;
@@ -871,7 +871,7 @@ SSLNetVConnection::load_buffer_and_write(int64_t towrite, MIOBufferAccessor &buf
       if (SSL_ERROR_WANT_WRITE == err) {
         redoWriteSize = l;
       }
-      needs |= EVENTIO_WRITE;
+      needs              |= EVENTIO_WRITE;
       num_really_written = -EAGAIN;
       Debug("ssl.error", "SSL_write-SSL_ERROR_WANT_WRITE");
       break;
diff --git a/iocore/net/SSLSecret.cc b/iocore/net/SSLSecret.cc
index b8b01895be1..c3c293a0ea3 100644
--- a/iocore/net/SSLSecret.cc
+++ b/iocore/net/SSLSecret.cc
@@ -18,14 +18,20 @@
   See the License for the specific language governing permissions and
   limitations under the License.
  */
-#include 
-#include 
+
 #include "InkAPIInternal.h" // Added to include the ssl_hook and lifestyle_hook definitions
 #include "tscore/ts_file.h"
 #include "P_SSLConfig.h"
 
-bool
-SSLSecret::loadSecret(const std::string &name1, const std::string &name2, std::string &data_item1, std::string &data_item2)
+#include 
+
+// NOTE: The secret_map_mutex should not be held by the caller of this
+// function. The implementation of this function may call a plugin's
+// TS_EVENT_SSL_SECRET handler which in turn may grab a lock for
+// secret_map_mutex via a TSSslSecretSet call. These events will result in a
+// deadlock.
+void
+SSLSecret::loadSecret(const std::string &name1, const std::string &name2, std::string &data1, std::string &data2)
 {
   // Call the load secret hooks
   //
@@ -36,113 +42,93 @@ SSLSecret::loadSecret(const std::string &name1, const std::string &name2, std::s
   secret_name.key_name      = name2.data();
   secret_name.key_name_len  = name2.size();
   while (curHook) {
-    curHook->invoke(TS_EVENT_SSL_SECRET, &secret_name);
+    curHook->blocking_invoke(TS_EVENT_SSL_SECRET, &secret_name);
     curHook = curHook->next();
   }
 
-  const std::string *data1 = this->getSecretItem(name1);
-  const std::string *data2 = this->getSecretItem(name2);
-  if ((nullptr == data1 || data1->length() == 0) || (!name2.empty() && (nullptr == data2 || data2->length() == 0))) {
+  data1 = this->getSecret(name1);
+  data2 = name2.empty() ? std::string{} : this->getSecret(name2);
+  if (data1.empty() || (!name2.empty() && data2.empty())) {
     // If none of them loaded it, assume it is a file
-    return loadFile(name1, data_item1) && (name2.empty() || loadFile(name2, data_item2));
+    data1 = loadFile(name1);
+    setSecret(name1, data1);
+    if (!name2.empty()) {
+      data2 = loadFile(name2);
+      setSecret(name2, data2);
+    }
   }
-  return true;
 }
 
-bool
-SSLSecret::loadFile(const std::string &name, std::string &data_item)
+std::string
+SSLSecret::loadFile(const std::string &name)
 {
-  struct stat statdata;
-  // Load the secret and add it to the map
-  if (stat(name.c_str(), &statdata) < 0) {
-    Debug("ssl_secret", "File: %s received error: %s", name.c_str(), strerror(errno));
-    return false;
-  }
+  Debug("ssl_secret", "SSLSecret::loadFile(%s)", name.c_str());
   std::error_code error;
-  data_item = ts::file::load(ts::file::path(name), error);
+  std::string const data = ts::file::load(ts::file::path(name), error);
   if (error) {
+    Debug("ssl_secret_err", "SSLSecret::loadFile(%s) failed error code=%d message=%s", name.c_str(), error.value(),
+          error.message().c_str());
     // Loading file failed
     Debug("ssl_secret", "Loading file: %s failed ", name.c_str());
-    return false;
+    return std::string{};
   }
+  Debug("ssl_secret", "Secret data: %.50s", data.c_str());
   if (SSLConfigParams::load_ssl_file_cb) {
     SSLConfigParams::load_ssl_file_cb(name.c_str());
   }
-  return true;
+  return data;
 }
 
-bool
-SSLSecret::setSecret(const std::string &name, const char *data, int data_len)
+void
+SSLSecret::setSecret(const std::string &name, std::string_view data)
 {
   std::scoped_lock lock(secret_map_mutex);
-  auto iter = secret_map.find(name);
-  if (iter == secret_map.end()) {
-    secret_map[name] = "";
-    iter             = secret_map.find(name);
-  }
-  if (iter == secret_map.end()) {
-    return false;
-  }
-  iter->second.assign(data, data_len);
+  secret_map[name] = std::string{data};
   // The full secret data can be sensitive. Print only the first 50 bytes.
-  Debug("ssl_secret", "Set secret for %s to %.50s", name.c_str(), iter->second.c_str());
-  return true;
+  Debug("ssl_secret", "Set secret for %s to %.*s", name.c_str(), int(data.size() > 50 ? 50 : data.size()), data.data());
 }
 
-const std::string *
-SSLSecret::getSecretItem(const std::string &name) const
+std::string
+SSLSecret::getSecret(const std::string &name) const
 {
   std::scoped_lock lock(secret_map_mutex);
   auto iter = secret_map.find(name);
-  if (iter == secret_map.end()) {
-    return nullptr;
-  }
-  return &iter->second;
-}
-
-bool
-SSLSecret::getSecret(const std::string &name, std::string_view &data) const
-{
-  const std::string *data_item = this->getSecretItem(name);
-  if (data_item) {
-    // The full secret data can be sensitive. Print only the first 50 bytes.
-    Debug("ssl_secret", "Get secret for %s: %.50s", name.c_str(), data_item->c_str());
-    data = *data_item;
-  } else {
+  if (secret_map.end() == iter) {
     Debug("ssl_secret", "Get secret for %s: not found", name.c_str());
-    data = std::string_view{};
+    return std::string{};
   }
-  return data_item != nullptr;
+  if (iter->second.empty()) {
+    Debug("ssl_secret", "Get secret for %s: empty", name.c_str());
+    return std::string{};
+  }
+  // The full secret data can be sensitive. Print only the first 50 bytes.
+  Debug("ssl_secret", "Get secret for %s: %.50s", name.c_str(), iter->second.c_str());
+  return iter->second;
 }
 
-bool
-SSLSecret::getOrLoadSecret(const std::string &name1, const std::string &name2, std::string_view &data1, std::string_view &data2)
+void
+SSLSecret::getOrLoadSecret(const std::string &name1, const std::string &name2, std::string &data1, std::string &data2)
 {
-  Debug("ssl_secret", "lookup up secrets for %s and %s", name1.c_str(), name2.empty() ? "[empty]" : name2.c_str());
-  std::scoped_lock lock(secret_map_mutex);
-  bool found_secret1 = this->getSecret(name1, data1);
-  bool found_secret2 = name2.empty() || this->getSecret(name2, data2);
-
-  // If we can't find either secret, load them both again
-  if (!found_secret1 || !found_secret2) {
-    // Make sure each name has an entry
-    if (!found_secret1) {
-      secret_map[name1] = "";
-    }
-    if (!found_secret2) {
-      secret_map[name2] = "";
-    }
-    auto iter1 = secret_map.find(name1);
-    auto iter2 = name2.empty() ? iter1 : secret_map.find(name2);
-    if (this->loadSecret(name1, name2, iter1->second, iter2->second)) {
-      data1 = iter1->second;
-      if (!name2.empty()) {
-        data2 = iter2->second;
+  Debug("ssl_secret", "lookup up secrets for %s and %s", name1.c_str(), name2.c_str());
+  {
+    std::scoped_lock lock(secret_map_mutex);
+    std::string *const data1ptr = &(secret_map[name1]);
+    std::string *const data2ptr = [&]() -> std::string *const {
+      if (name2.empty()) {
+        data2.clear();
+        return &data2;
       }
-      return true;
-    }
-  } else {
-    return true;
+      return &(secret_map[name2]);
+    }();
+    data1 = *data1ptr;
+    data2 = *data2ptr;
+  }
+  // If we can't find either secret, load them both again
+  if (data1.empty() || (!name2.empty() && data2.empty())) {
+    std::string data1tmp;
+    std::string data2tmp;
+    this->loadSecret(name1, name2, data1tmp, data2tmp);
+    data1 = std::move(data1tmp);
+    data2 = std::move(data2tmp);
   }
-  return false;
 }
diff --git a/iocore/net/SSLSessionCache.cc b/iocore/net/SSLSessionCache.cc
index d62dba27be6..0e7f0323d77 100644
--- a/iocore/net/SSLSessionCache.cc
+++ b/iocore/net/SSLSessionCache.cc
@@ -28,8 +28,8 @@
 #include 
 
 #define SSLSESSIONCACHE_STRINGIFY0(x) #x
-#define SSLSESSIONCACHE_STRINGIFY(x) SSLSESSIONCACHE_STRINGIFY0(x)
-#define SSLSESSIONCACHE_LINENO SSLSESSIONCACHE_STRINGIFY(__LINE__)
+#define SSLSESSIONCACHE_STRINGIFY(x)  SSLSESSIONCACHE_STRINGIFY0(x)
+#define SSLSESSIONCACHE_LINENO        SSLSESSIONCACHE_STRINGIFY(__LINE__)
 
 #ifdef DEBUG
 #define PRINT_BUCKET(x) this->print(x " at " __FILE__ ":" SSLSESSIONCACHE_LINENO);
diff --git a/iocore/net/SSLSessionCache.h b/iocore/net/SSLSessionCache.h
index dddf23075d9..bd0b6022b63 100644
--- a/iocore/net/SSLSessionCache.h
+++ b/iocore/net/SSLSessionCache.h
@@ -32,7 +32,7 @@
 #include 
 #include 
 
-#define SSL_MAX_SESSION_SIZE 256
+#define SSL_MAX_SESSION_SIZE      256
 #define SSL_MAX_ORIG_SESSION_SIZE 4096
 
 struct ssl_session_cache_exdata {
@@ -102,7 +102,7 @@ struct SSLSessionID : public TSSslSessionID {
       if (buflen > 2) { // we have enough space for 3 bytes, 2 hex and 1 null terminator
         snprintf(cur_pos, 3 /* including a null terminator */, "%02hhX", static_cast(bytes[i]));
         cur_pos += 2;
-        buflen -= 2;
+        buflen  -= 2;
       } else { // not enough space for any more hex bytes, just null terminate
         *cur_pos = '\0';
         break;
@@ -176,7 +176,7 @@ class SSLSessionCache
   SSLSessionCache();
   ~SSLSessionCache();
 
-  SSLSessionCache(const SSLSessionCache &) = delete;
+  SSLSessionCache(const SSLSessionCache &)            = delete;
   SSLSessionCache &operator=(const SSLSessionCache &) = delete;
 
 private:
diff --git a/iocore/net/SSLStats.cc b/iocore/net/SSLStats.cc
index aaf3a8f8cc0..7ced1463775 100644
--- a/iocore/net/SSLStats.cc
+++ b/iocore/net/SSLStats.cc
@@ -51,8 +51,8 @@ SSLRecRawStatSyncCount(const char *name, RecDataT data_type, RecData *data, RecR
         shared_SSL_CTX ctx = cc->getCtx();
         if (ctx) {
           sessions += SSL_CTX_sess_accept_good(ctx.get());
-          hits += SSL_CTX_sess_hits(ctx.get());
-          misses += SSL_CTX_sess_misses(ctx.get());
+          hits     += SSL_CTX_sess_hits(ctx.get());
+          misses   += SSL_CTX_sess_misses(ctx.get());
           timeouts += SSL_CTX_sess_timeouts(ctx.get());
         }
       }
diff --git a/iocore/net/SSLStats.h b/iocore/net/SSLStats.h
index c46583b57ef..1677023d0b7 100644
--- a/iocore/net/SSLStats.h
+++ b/iocore/net/SSLStats.h
@@ -29,10 +29,10 @@
 #include "SSLDiags.h"
 
 /* Stats should only be accessed using these macros */
-#define SSL_INCREMENT_DYN_STAT(x) RecIncrRawStat(ssl_rsb, nullptr, (int)x, 1)
-#define SSL_DECREMENT_DYN_STAT(x) RecIncrRawStat(ssl_rsb, nullptr, (int)x, -1)
+#define SSL_INCREMENT_DYN_STAT(x)        RecIncrRawStat(ssl_rsb, nullptr, (int)x, 1)
+#define SSL_DECREMENT_DYN_STAT(x)        RecIncrRawStat(ssl_rsb, nullptr, (int)x, -1)
 #define SSL_SET_COUNT_DYN_STAT(x, count) RecSetRawStatCount(ssl_rsb, x, count)
-#define SSL_INCREMENT_DYN_STAT_EX(x, y) RecIncrRawStat(ssl_rsb, nullptr, (int)x, y)
+#define SSL_INCREMENT_DYN_STAT_EX(x, y)  RecIncrRawStat(ssl_rsb, nullptr, (int)x, y)
 #define SSL_CLEAR_DYN_STAT(x)            \
   do {                                   \
     RecSetRawStatSum(ssl_rsb, (x), 0);   \
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 1a2fe1c1cf5..0eb5b81317d 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -902,12 +902,12 @@ ssl_private_key_validate_exec(const char *cmdLine)
 }
 
 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-#define ssl_malloc(size, file, line) ssl_malloc(size)
-#define ssl_realloc(ptr, size, file, line) ssl_realloc(ptr, size)
-#define ssl_free(ptr, file, line) ssl_free(ptr)
-#define ssl_track_malloc(size, file, line) ssl_track_malloc(size)
+#define ssl_malloc(size, file, line)             ssl_malloc(size)
+#define ssl_realloc(ptr, size, file, line)       ssl_realloc(ptr, size)
+#define ssl_free(ptr, file, line)                ssl_free(ptr)
+#define ssl_track_malloc(size, file, line)       ssl_track_malloc(size)
 #define ssl_track_realloc(ptr, size, file, line) ssl_track_realloc(ptr, size)
-#define ssl_track_free(ptr, file, line) ssl_track_free(ptr)
+#define ssl_track_free(ptr, file, line)          ssl_track_free(ptr)
 #endif
 
 void *
@@ -1053,8 +1053,8 @@ SSLPrivateKeyHandler(SSL_CTX *ctx, const SSLConfigParams *params, const char *ke
     scoped_BIO bio(BIO_new_mem_buf(secret_data, secret_data_len));
     pkey = PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr);
     if (nullptr == pkey) {
-      Debug("ssl_load", "failed to load server private key from %s",
-            (!keyPath || keyPath[0] == '\0') ? "[empty key path]" : keyPath);
+      Debug("ssl_load", "failed to load server private key (%.*s) from %s", secret_data_len < 50 ? secret_data_len : 50,
+            secret_data, (!keyPath || keyPath[0] == '\0') ? "[empty key path]" : keyPath);
       return false;
     }
     if (!SSL_CTX_use_PrivateKey(ctx, pkey)) {
@@ -1459,7 +1459,7 @@ SSLMultiCertConfigLoader::_setup_session_cache(SSL_CTX *ctx)
   }
 
   int additional_cache_flags = 0;
-  additional_cache_flags |= (params->ssl_session_cache_auto_clear == 0) ? SSL_SESS_CACHE_NO_AUTO_CLEAR : 0;
+  additional_cache_flags     |= (params->ssl_session_cache_auto_clear == 0) ? SSL_SESS_CACHE_NO_AUTO_CLEAR : 0;
 
   switch (params->ssl_session_cache) {
   case SSLConfigParams::SSL_SESSION_CACHE_MODE_OFF:
@@ -2284,8 +2284,8 @@ SSLMultiCertConfigLoader::load_certs_and_cross_reference_names(
   }
 
   for (size_t i = 0; i < data.cert_names_list.size(); i++) {
-    std::string_view secret_data;
-    std::string_view secret_key_data;
+    std::string secret_data;
+    std::string secret_key_data;
     params->secrets.getOrLoadSecret(data.cert_names_list[i], data.key_list.size() > i ? data.key_list[i] : "", secret_data,
                                     secret_key_data);
     if (secret_data.empty()) {
@@ -2444,8 +2444,8 @@ SSLMultiCertConfigLoader::load_certs(SSL_CTX *ctx, const std::vectorsecrets.getOrLoadSecret(cert_names_list[i], keyPath, secret_data, secret_key_data);
     if (secret_data.empty()) {
       SSLError("failed to load certificate secret for %s with key path %s", cert_names_list[i].c_str(),
@@ -2481,6 +2481,7 @@ SSLMultiCertConfigLoader::load_certs(SSL_CTX *ctx, const std::vector
 
-#define STATE_VIO_OFFSET ((uintptr_t) & ((NetState *)0)->vio)
+#define STATE_VIO_OFFSET   ((uintptr_t) & ((NetState *)0)->vio)
 #define STATE_FROM_VIO(_x) ((NetState *)(((char *)(_x)) - STATE_VIO_OFFSET))
 
 // Global
@@ -243,7 +243,7 @@ read_from_net(NetHandler *nh, UnixNetVConnection *vc, EThread *thread)
             a = togo;
           }
           tiovec[niov].iov_len = a;
-          rattempted += a;
+          rattempted           += a;
           niov++;
           if (a >= togo) {
             break;
@@ -359,6 +359,7 @@ write_to_net_io(NetHandler *nh, UnixNetVConnection *vc, EThread *thread)
 {
   NetState *s       = &vc->write;
   ProxyMutex *mutex = thread->mutex.get();
+  Continuation *c   = vc->write.vio.cont;
 
   MUTEX_TRY_LOCK(lock, s->vio.mutex, thread);
 
@@ -443,6 +444,9 @@ write_to_net_io(NetHandler *nh, UnixNetVConnection *vc, EThread *thread)
   if (towrite != ntodo && !buf.writer()->high_water()) {
     if (write_signal_and_update(VC_EVENT_WRITE_READY, vc) != EVENT_CONT) {
       return;
+    } else if (c != s->vio.cont) { /* The write vio was updated in the handler */
+      write_reschedule(nh, vc);
+      return;
     }
 
     ntodo = s->vio.ntodo();
@@ -691,7 +695,7 @@ UnixNetVConnection::do_io_shutdown(ShutdownHowTo_t howto)
     read.vio.buffer.clear();
     read.vio.nbytes = 0;
     read.vio.cont   = nullptr;
-    f.shutdown |= NetEvent::SHUTDOWN_READ;
+    f.shutdown      |= NetEvent::SHUTDOWN_READ;
     break;
   case IO_SHUTDOWN_WRITE:
     SocketManager::shutdown((this)->con.fd, 1);
@@ -699,7 +703,7 @@ UnixNetVConnection::do_io_shutdown(ShutdownHowTo_t howto)
     write.vio.buffer.clear();
     write.vio.nbytes = 0;
     write.vio.cont   = nullptr;
-    f.shutdown |= NetEvent::SHUTDOWN_WRITE;
+    f.shutdown       |= NetEvent::SHUTDOWN_WRITE;
     break;
   case IO_SHUTDOWN_READWRITE:
     SocketManager::shutdown((this)->con.fd, 2);
diff --git a/iocore/net/UnixUDPNet.cc b/iocore/net/UnixUDPNet.cc
index 46fa1e379f8..ec2eef0e98d 100644
--- a/iocore/net/UnixUDPNet.cc
+++ b/iocore/net/UnixUDPNet.cc
@@ -211,7 +211,7 @@ UDPNetProcessorInternal::udp_read_from_net(UDPNetHandler *nh, UDPConnection *xuc
       if (saved > buffer_size) {
         b->fill(buffer_size);
         saved -= buffer_size;
-        b = b->next.get();
+        b     = b->next.get();
       } else {
         b->fill(saved);
         saved      = 0;
@@ -975,8 +975,8 @@ UDPQueue::SendPackets()
       goto next_pkt;
     }
 
-    bytesUsed += pktLen;
-    bytesThisPipe -= pktLen;
+    bytesUsed           += pktLen;
+    bytesThisPipe       -= pktLen;
     packets[npackets++] = p;
   next_pkt:
     if (bytesThisPipe < 0 && npackets == N_MAX_PACKETS) {
@@ -1223,7 +1223,7 @@ UDPQueue::SendMultipleUDPPackets(UDPPacketInternal **p, uint16_t n)
             std::min(packet->segment_size, static_cast(packet->chain.get()->end() - static_cast(iov->iov_base)));
           msg->msg_iov    = iov;
           msg->msg_iovlen = iov_len;
-          offset += iov->iov_len;
+          offset          += iov->iov_len;
           vlen++;
         }
         ink_assert(offset == packet->chain.get()->size());
diff --git a/iocore/net/YamlSNIConfig.cc b/iocore/net/YamlSNIConfig.cc
index 03656b794a3..7d20f771ce0 100644
--- a/iocore/net/YamlSNIConfig.cc
+++ b/iocore/net/YamlSNIConfig.cc
@@ -117,10 +117,18 @@ YamlSNIConfig::Item::EnableProtocol(YamlSNIConfig::TLSProtocol proto)
 
 VerifyClient::~VerifyClient() {}
 
-TsEnumDescriptor LEVEL_DESCRIPTOR         = {{{"NONE", 0}, {"MODERATE", 1}, {"STRICT", 2}}};
-TsEnumDescriptor POLICY_DESCRIPTOR        = {{{"DISABLED", 0}, {"PERMISSIVE", 1}, {"ENFORCED", 2}}};
-TsEnumDescriptor PROPERTIES_DESCRIPTOR    = {{{"NONE", 0}, {"SIGNATURE", 0x1}, {"NAME", 0x2}, {"ALL", 0x3}}};
-TsEnumDescriptor TLS_PROTOCOLS_DESCRIPTOR = {{{"TLSv1", 0}, {"TLSv1_1", 1}, {"TLSv1_2", 2}, {"TLSv1_3", 3}}};
+TsEnumDescriptor LEVEL_DESCRIPTOR = {
+  {{"NONE", 0}, {"MODERATE", 1}, {"STRICT", 2}}
+};
+TsEnumDescriptor POLICY_DESCRIPTOR = {
+  {{"DISABLED", 0}, {"PERMISSIVE", 1}, {"ENFORCED", 2}}
+};
+TsEnumDescriptor PROPERTIES_DESCRIPTOR = {
+  {{"NONE", 0}, {"SIGNATURE", 0x1}, {"NAME", 0x2}, {"ALL", 0x3}}
+};
+TsEnumDescriptor TLS_PROTOCOLS_DESCRIPTOR = {
+  {{"TLSv1", 0}, {"TLSv1_1", 1}, {"TLSv1_2", 2}, {"TLSv1_3", 3}}
+};
 
 std::set valid_sni_config_keys = {TS_fqdn,
                                                TS_verify_client,
diff --git a/iocore/net/libinknet_stub.cc b/iocore/net/libinknet_stub.cc
index 64c5efee15e..b7a28788dc3 100644
--- a/iocore/net/libinknet_stub.cc
+++ b/iocore/net/libinknet_stub.cc
@@ -79,6 +79,13 @@ APIHook::invoke(int, void *) const
   return 0;
 }
 
+int
+APIHook::blocking_invoke(int, void *) const
+{
+  ink_assert(false);
+  return 0;
+}
+
 APIHook *
 APIHook::next() const
 {
diff --git a/iocore/net/quic/Mock.h b/iocore/net/quic/Mock.h
index 3b0b31e26da..a096afcaf2c 100644
--- a/iocore/net/quic/Mock.h
+++ b/iocore/net/quic/Mock.h
@@ -634,7 +634,8 @@ class MockQUICPacketProtectionKeyInfo : public QUICPacketProtectionKeyInfo
     return EVP_GCM_TLS_TAG_LEN;
   }
 
-  const size_t *encryption_iv_len(QUICKeyPhase) const override
+  const size_t *
+  encryption_iv_len(QUICKeyPhase) const override
   {
     static size_t dummy = 12;
     return &dummy;
@@ -713,7 +714,10 @@ class MockQUICLossDetector : public QUICLossDetector
       _padder(NetVConnectionContext_t::NET_VCONNECTION_UNSET)
   {
   }
-  void rcv_frame(std::shared_ptr) {}
+  void
+  rcv_frame(std::shared_ptr)
+  {
+  }
 
   void
   on_packet_sent(QUICPacketUPtr packet)
@@ -742,14 +746,14 @@ class MockQUICStreamAdapter : public QUICStreamAdapter
   write_to_stream(const uint8_t *buf, size_t len)
   {
     this->_total_sending_data_len += len;
-    this->_sending_data_len += len;
+    this->_sending_data_len       += len;
   }
 
   int64_t
   write(QUICOffset offset, const uint8_t *data, uint64_t data_length, bool fin) override
   {
     this->_total_receiving_data_len += data_length;
-    this->_receiving_data_len += data_length;
+    this->_receiving_data_len       += data_length;
     return data_length;
   }
   bool
@@ -789,7 +793,7 @@ class MockQUICStreamAdapter : public QUICStreamAdapter
   Ptr
   _read(size_t len) override
   {
-    this->_sending_data_len -= len;
+    this->_sending_data_len  -= len;
     Ptr block = make_ptr(new_IOBufferBlock());
     block->alloc(iobuffer_size_to_index(len, BUFFER_SIZE_INDEX_32K));
     block->fill(len);
diff --git a/iocore/net/quic/QUICAckFrameCreator.cc b/iocore/net/quic/QUICAckFrameCreator.cc
index 2b494508d6b..afa4c20b623 100644
--- a/iocore/net/quic/QUICAckFrameCreator.cc
+++ b/iocore/net/quic/QUICAckFrameCreator.cc
@@ -310,7 +310,7 @@ QUICAckFrameManager::QUICAckFrameCreator::_create_ack_frame(uint8_t *buf)
     } else {
       uint64_t delay = this->_calculate_delay();
       ack_frame      = QUICFrameFactory::create_ack_frame(buf, largest_ack_number, delay, length - 1,
-                                                     this->_ack_manager->issue_frame_id(), this->_ack_manager);
+                                                          this->_ack_manager->issue_frame_id(), this->_ack_manager);
     }
 
     gap             = last_ack_number - pn;
diff --git a/iocore/net/quic/QUICCryptoStream.cc b/iocore/net/quic/QUICCryptoStream.cc
index 556918efc99..11f22e52e28 100644
--- a/iocore/net/quic/QUICCryptoStream.cc
+++ b/iocore/net/quic/QUICCryptoStream.cc
@@ -144,7 +144,7 @@ QUICCryptoStream::generate_frame(uint8_t *buf, QUICEncryptionLevel level, uint64
   block->_end = std::min(block->start() + frame_payload_size, block->_buf_end);
   ink_assert(static_cast(block->read_avail()) == frame_payload_size);
 
-  frame = QUICFrameFactory::create_crypto_frame(buf, block, this->_send_offset, this->_issue_frame_id(), owner);
+  frame              = QUICFrameFactory::create_crypto_frame(buf, block, this->_send_offset, this->_issue_frame_id(), owner);
   this->_send_offset += frame_payload_size;
   this->_write_buffer_reader->consume(frame_payload_size);
   this->_records_crypto_frame(level, *static_cast(frame));
diff --git a/iocore/net/quic/QUICFrame.cc b/iocore/net/quic/QUICFrame.cc
index 01bd80035d5..3e36f9a079f 100644
--- a/iocore/net/quic/QUICFrame.cc
+++ b/iocore/net/quic/QUICFrame.cc
@@ -47,7 +47,7 @@ read_varint(uint8_t *&pos, size_t len, uint64_t &field, size_t &field_len)
   }
 
   field = QUICIntUtil::read_QUICVariableInt(pos, len);
-  pos += field_len;
+  pos   += field_len;
   return true;
 }
 
@@ -174,7 +174,7 @@ QUICStreamFrame::parse(const uint8_t *buf, size_t len, const QUICPacketR *packet
   this->_has_offset_field = (buf[0] & 0x04) != 0; // "O" of "0b00010OLF"
   this->_has_length_field = (buf[0] & 0x02) != 0; // "L" of "0b00010OLF"
   this->_fin              = (buf[0] & 0x01) != 0; // "F" of "0b00010OLF"
-  pos += 1;
+  pos                     += 1;
 
   size_t field_len = 0;
   if (!read_varint(pos, LEFT_SPACE(pos), this->_stream_id, field_len)) {
@@ -203,7 +203,7 @@ QUICStreamFrame::parse(const uint8_t *buf, size_t len, const QUICPacketR *packet
   ink_assert(static_cast(this->_block->write_avail()) > data_len);
   memcpy(this->_block->start(), pos, data_len);
   this->_block->fill(data_len);
-  pos += data_len;
+  pos         += data_len;
   this->_size = FRAME_SIZE(pos);
 }
 
@@ -307,14 +307,14 @@ QUICStreamFrame::_store_header(uint8_t *buf, size_t *len, bool include_length_fi
   // [Offset (i)] "O" of "0b0010OLF"
   if (this->has_offset_field()) {
     QUICTypeUtil::write_QUICOffset(this->offset(), buf + *len, &n);
-    *len += n;
+    *len   += n;
     buf[0] += 0x04;
   }
 
   // [Length (i)] "L of "0b0010OLF"
   if (include_length_field) {
     QUICIntUtil::write_QUICVariableInt(this->data_length(), buf + *len, &n);
-    *len += n;
+    *len   += n;
     buf[0] += 0x02;
   }
 
@@ -430,7 +430,7 @@ QUICCryptoFrame::parse(const uint8_t *buf, size_t len, const QUICPacketR *packet
   ink_assert(static_cast(this->_block->write_avail()) > data_len);
   memcpy(this->_block->start(), pos, data_len);
   this->_block->fill(data_len);
-  pos += data_len;
+  pos         += data_len;
   this->_size = FRAME_SIZE(pos);
 }
 
@@ -703,7 +703,7 @@ QUICAckFrame::to_io_buffer_block(size_t limit) const
 
   // Type
   block_start[0] = static_cast(QUICFrameType::ACK);
-  n += 1;
+  n              += 1;
 
   // Largest Acknowledged (i)
   QUICIntUtil::write_QUICVariableInt(this->_largest_acknowledged, block_start + n, &written_len);
@@ -1097,7 +1097,7 @@ QUICRstStreamFrame::to_io_buffer_block(size_t limit) const
 
   // Type
   block_start[0] = static_cast(QUICFrameType::RESET_STREAM);
-  n += 1;
+  n              += 1;
 
   // Stream ID (i)
   QUICTypeUtil::write_QUICStreamId(this->_stream_id, block_start + n, &written_len);
@@ -1186,7 +1186,7 @@ QUICPingFrame::to_io_buffer_block(size_t limit) const
 
   // Type
   block_start[0] = static_cast(QUICFrameType::PING);
-  n += 1;
+  n              += 1;
 
   block->fill(n);
   return block;
@@ -1353,8 +1353,8 @@ QUICConnectionCloseFrame::parse(const uint8_t *buf, size_t len, const QUICPacket
   this->_reason_phrase = reinterpret_cast(pos);
 
   this->_valid = true;
-  pos += this->_reason_phrase_length;
-  this->_size = FRAME_SIZE(pos);
+  pos          += this->_reason_phrase_length;
+  this->_size  = FRAME_SIZE(pos);
 }
 
 QUICFrameType
@@ -1398,7 +1398,7 @@ QUICConnectionCloseFrame::to_io_buffer_block(size_t limit) const
 
   // Type
   block_start[0] = this->_type;
-  n += 1;
+  n              += 1;
 
   // Error Code (i)
   QUICIntUtil::write_QUICVariableInt(this->_error_code, block_start + n, &written_len);
@@ -1453,7 +1453,7 @@ QUICConnectionCloseFrame::debug_msg(char *msg, size_t msg_len) const
 
     int phrase_len = std::min(msg_len - len, static_cast(this->reason_phrase_length()));
     memcpy(msg + len, this->reason_phrase(), phrase_len);
-    len += phrase_len;
+    len      += phrase_len;
     msg[len] = '\0';
     ++len;
   }
@@ -1559,7 +1559,7 @@ QUICMaxDataFrame::to_io_buffer_block(size_t limit) const
 
   // Type
   block_start[0] = static_cast(QUICFrameType::MAX_DATA);
-  n += 1;
+  n              += 1;
 
   // Maximum Data (i)
   QUICTypeUtil::write_QUICMaxData(this->_maximum_data, block_start + n, &written_len);
@@ -1664,7 +1664,7 @@ QUICMaxStreamDataFrame::to_io_buffer_block(size_t limit) const
 
   // Type
   block_start[0] = static_cast(QUICFrameType::MAX_STREAM_DATA);
-  n += 1;
+  n              += 1;
 
   // Stream ID (i)
   QUICTypeUtil::write_QUICStreamId(this->_stream_id, block_start + n, &written_len);
@@ -1772,7 +1772,7 @@ QUICMaxStreamsFrame::to_io_buffer_block(size_t limit) const
 
   // Type
   block_start[0] = static_cast(QUICFrameType::MAX_STREAMS);
-  n += 1;
+  n              += 1;
 
   // Maximum Streams (i)
   QUICTypeUtil::write_QUICStreamId(this->_maximum_streams, block_start + n, &written_len);
@@ -1864,7 +1864,7 @@ QUICDataBlockedFrame::to_io_buffer_block(size_t limit) const
 
   // Type
   block_start[0] = static_cast(QUICFrameType::DATA_BLOCKED);
-  n += 1;
+  n              += 1;
 
   // Data Limit (i)
   QUICTypeUtil::write_QUICOffset(this->_offset, block_start + n, &written_len);
@@ -1962,7 +1962,7 @@ QUICStreamDataBlockedFrame::to_io_buffer_block(size_t limit) const
 
   // Type
   block_start[0] = static_cast(QUICFrameType::STREAM_DATA_BLOCKED);
-  n += 1;
+  n              += 1;
 
   // Stream ID (i)
   QUICTypeUtil::write_QUICStreamId(this->_stream_id, block_start + n, &written_len);
@@ -2058,7 +2058,7 @@ QUICStreamIdBlockedFrame::to_io_buffer_block(size_t limit) const
 
   // Type
   block_start[0] = static_cast(QUICFrameType::STREAMS_BLOCKED);
-  n += 1;
+  n              += 1;
 
   // Stream Limit (i)
   QUICTypeUtil::write_QUICStreamId(this->_stream_id, block_start + n, &written_len);
@@ -2123,14 +2123,14 @@ QUICNewConnectionIdFrame::parse(const uint8_t *buf, size_t len, const QUICPacket
     return;
   }
   size_t cid_len = *pos;
-  pos += 1;
+  pos            += 1;
 
   // Connection ID (8..160)
   if (LEFT_SPACE(pos) < cid_len) {
     return;
   }
   this->_connection_id = QUICTypeUtil::read_QUICConnectionId(pos, cid_len);
-  pos += cid_len;
+  pos                  += cid_len;
 
   // Stateless Reset Token (128)
   if (LEFT_SPACE(pos) < QUICStatelessResetToken::LEN) {
@@ -2178,7 +2178,7 @@ QUICNewConnectionIdFrame::to_io_buffer_block(size_t limit) const
 
   // Type
   block_start[0] = static_cast(QUICFrameType::NEW_CONNECTION_ID);
-  n += 1;
+  n              += 1;
 
   // Sequence Number (i)
   QUICIntUtil::write_QUICVariableInt(this->_sequence, block_start + n, &written_len);
@@ -2190,7 +2190,7 @@ QUICNewConnectionIdFrame::to_io_buffer_block(size_t limit) const
 
   // Length (8)
   *(block_start + n) = this->_connection_id.length();
-  n += 1;
+  n                  += 1;
 
   // Connection ID (8..160)
   QUICTypeUtil::write_QUICConnectionId(this->_connection_id, block_start + n, &written_len);
@@ -2324,7 +2324,7 @@ QUICStopSendingFrame::to_io_buffer_block(size_t limit) const
 
   // Type
   block_start[0] = static_cast(QUICFrameType::STOP_SENDING);
-  n += 1;
+  n              += 1;
 
   // Stream ID (i)
   QUICTypeUtil::write_QUICStreamId(this->_stream_id, block_start + n, &written_len);
@@ -2425,7 +2425,7 @@ QUICPathChallengeFrame::to_io_buffer_block(size_t limit) const
 
   // Type
   block_start[0] = static_cast(QUICFrameType::PATH_CHALLENGE);
-  n += 1;
+  n              += 1;
 
   // Data (64)
   memcpy(block_start + n, this->data(), QUICPathChallengeFrame::DATA_LEN);
@@ -2484,7 +2484,7 @@ QUICPathResponseFrame::to_io_buffer_block(size_t limit) const
 
   // Type
   block_start[0] = static_cast(QUICFrameType::PATH_RESPONSE);
-  n += 1;
+  n              += 1;
 
   // Data (64)
   memcpy(block_start + n, this->data(), QUICPathChallengeFrame::DATA_LEN);
@@ -2620,7 +2620,7 @@ QUICNewTokenFrame::to_io_buffer_block(size_t limit) const
 
   // Type
   block_start[0] = static_cast(QUICFrameType::NEW_TOKEN);
-  n += 1;
+  n              += 1;
 
   // Token Length (i)
   QUICIntUtil::write_QUICVariableInt(this->_token_length, block_start + n, &written_len);
@@ -2717,7 +2717,7 @@ QUICRetireConnectionIdFrame::to_io_buffer_block(size_t limit) const
 
   // Type
   block_start[0] = static_cast(QUICFrameType::RETIRE_CONNECTION_ID);
-  n += 1;
+  n              += 1;
 
   // Sequence Number (i)
   QUICIntUtil::write_QUICVariableInt(this->_seq_num, block_start + n, &written_len);
@@ -2786,7 +2786,7 @@ QUICHandshakeDoneFrame::to_io_buffer_block(size_t limit) const
 
   // Type
   block_start[0] = static_cast(QUICFrameType::HANDSHAKE_DONE);
-  n += 1;
+  n              += 1;
 
   block->fill(n);
   return block;
diff --git a/iocore/net/quic/QUICFrameDispatcher.cc b/iocore/net/quic/QUICFrameDispatcher.cc
index 131bc4001ae..ef846c9bb55 100644
--- a/iocore/net/quic/QUICFrameDispatcher.cc
+++ b/iocore/net/quic/QUICFrameDispatcher.cc
@@ -27,7 +27,7 @@
 static constexpr char tag[]   = "quic_net";
 static constexpr char v_tag[] = "v_quic_net";
 
-#define QUICDebug(fmt, ...) Debug(tag, "[%s] " fmt, this->_info->cids().data(), ##__VA_ARGS__)
+#define QUICDebug(fmt, ...)  Debug(tag, "[%s] " fmt, this->_info->cids().data(), ##__VA_ARGS__)
 #define QUICVDebug(fmt, ...) Debug(v_tag, "[%s] " fmt, this->_info->cids().data(), ##__VA_ARGS__)
 
 //
diff --git a/iocore/net/quic/QUICHKDF.cc b/iocore/net/quic/QUICHKDF.cc
index 51714e6b706..38105d8fe8d 100644
--- a/iocore/net/quic/QUICHKDF.cc
+++ b/iocore/net/quic/QUICHKDF.cc
@@ -40,8 +40,8 @@ QUICHKDF::expand(uint8_t *dst, size_t *dst_len, const uint8_t *secret, size_t se
   int hkdf_label_len = 0;
 
   // length field
-  hkdf_label[0] = (length >> 8) & 0xFF;
-  hkdf_label[1] = length & 0xFF;
+  hkdf_label[0]  = (length >> 8) & 0xFF;
+  hkdf_label[1]  = length & 0xFF;
   hkdf_label_len += 2;
 
   // label (prefix + Label) field
diff --git a/iocore/net/quic/QUICNewRenoCongestionController.cc b/iocore/net/quic/QUICNewRenoCongestionController.cc
index 7745670082d..ac41b8dc90e 100644
--- a/iocore/net/quic/QUICNewRenoCongestionController.cc
+++ b/iocore/net/quic/QUICNewRenoCongestionController.cc
@@ -118,9 +118,9 @@ QUICNewRenoCongestionController::_congestion_event(ink_hrtime sent_time)
   // start of the previous congestion recovery period.
   if (!this->_in_congestion_recovery(sent_time)) {
     this->_congestion_recovery_start_time = Thread::get_hrtime();
-    this->_congestion_window *= this->_k_loss_reduction_factor;
-    this->_congestion_window = std::max(this->_congestion_window, this->_k_minimum_window);
-    this->_ssthresh          = this->_congestion_window;
+    this->_congestion_window              *= this->_k_loss_reduction_factor;
+    this->_congestion_window              = std::max(this->_congestion_window, this->_k_minimum_window);
+    this->_ssthresh                       = this->_congestion_window;
     this->_context.trigger(QUICContext::CallbackEvent::CONGESTION_STATE_CHANGED, QUICCongestionController::State::RECOVERY);
     this->_context.trigger(QUICContext::CallbackEvent::METRICS_UPDATE, this->_congestion_window, this->_bytes_in_flight,
                            this->_ssthresh);
diff --git a/iocore/net/quic/QUICPacket.cc b/iocore/net/quic/QUICPacket.cc
index 4adb0c8dd26..8505b53a446 100644
--- a/iocore/net/quic/QUICPacket.cc
+++ b/iocore/net/quic/QUICPacket.cc
@@ -108,14 +108,14 @@ QUICPacket::store(uint8_t *buf, size_t *len) const
   while (block) {
     memcpy(buf + written, block->start(), block->size());
     written += block->size();
-    block = block->next;
+    block   = block->next;
   }
 
   block = this->payload_block();
   while (block) {
     memcpy(buf + written, block->start(), block->size());
     written += block->size();
-    block = block->next;
+    block   = block->next;
   }
 
   *len = written;
@@ -371,7 +371,7 @@ QUICLongHeaderPacket::_write_common_header(uint8_t *buf) const
 
   buf[0] = 0xC0;
   buf[0] += static_cast(this->type()) << 4;
-  len += 1;
+  len    += 1;
 
   QUICTypeUtil::write_QUICVersion(this->_version, buf + len, &n);
   len += n;
@@ -380,28 +380,28 @@ QUICLongHeaderPacket::_write_common_header(uint8_t *buf) const
   if (this->_dcid != QUICConnectionId::ZERO()) {
     // Len
     buf[len] = this->_dcid.length();
-    len += 1;
+    len      += 1;
 
     // ID
     QUICTypeUtil::write_QUICConnectionId(this->_dcid, buf + len, &n);
     len += n;
   } else {
     buf[len] = 0;
-    len += 1;
+    len      += 1;
   }
 
   // SCID
   if (this->_scid != QUICConnectionId::ZERO()) {
     // Len
     buf[len] = this->_scid.length();
-    len += 1;
+    len      += 1;
 
     // ID
     QUICTypeUtil::write_QUICConnectionId(this->_scid, buf + len, &n);
     len += n;
   } else {
     buf[len] = 0;
-    len += 1;
+    len      += 1;
   }
 
   return len;
@@ -665,7 +665,7 @@ QUICShortHeaderPacket::attach_payload(Ptr payload, bool unprotect
   Ptr tmp = payload;
   while (tmp) {
     this->_payload_length += tmp->size();
-    tmp = tmp->next;
+    tmp                   = tmp->next;
   }
   if (unprotected) {
     this->_payload_length += aead_tag_len;
@@ -812,7 +812,7 @@ QUICStatelessResetPacket::header_block() const
   for (int i = 0; i < MIN_UNPREDICTABLE_FIELD_LEN; ++i) {
     buf[i] = static_cast(rnd() & 0xFF);
   }
-  buf[0] = (buf[0] | 0x40) & 0x7f;
+  buf[0]      = (buf[0] | 0x40) & 0x7f;
   written_len += MIN_UNPREDICTABLE_FIELD_LEN;
 
   block->fill(written_len);
@@ -1021,9 +1021,9 @@ QUICVersionNegotiationPacketR::QUICVersionNegotiationPacketR(UDPConnection *udp_
 
   size_t offset = LONG_HDR_OFFSET_CONNECTION_ID;
   this->_dcid   = {raw_buf + offset, dcil};
-  offset += dcil + 1;
-  this->_scid = {raw_buf + offset, scil};
-  offset += scil;
+  offset        += dcil + 1;
+  this->_scid   = {raw_buf + offset, scil};
+  offset        += scil;
 
   this->_versions  = raw_buf + offset;
   this->_nversions = (len - offset) / sizeof(QUICVersion);
@@ -1175,7 +1175,7 @@ QUICInitialPacket::attach_payload(Ptr payload, bool unprotected)
   Ptr tmp = payload;
   while (tmp) {
     this->_payload_length += tmp->size();
-    tmp = tmp->next;
+    tmp                   = tmp->next;
   }
   if (unprotected) {
     this->_payload_length += aead_tag_len;
@@ -1213,18 +1213,18 @@ QUICInitialPacketR::QUICInitialPacketR(UDPConnection *udp_con, IpEndpoint from,
 
   size_t offset = LONG_HDR_OFFSET_CONNECTION_ID;
   this->_dcid   = {raw_buf + offset, dcil};
-  offset += dcil + 1;
-  this->_scid = {raw_buf + offset, scil};
-  offset += scil;
+  offset        += dcil + 1;
+  this->_scid   = {raw_buf + offset, scil};
+  offset        += scil;
 
   // Token Length Field
   uint64_t token_len = QUICIntUtil::read_QUICVariableInt(raw_buf + offset, len - offset);
-  offset += QUICVariableInt::size(raw_buf + offset);
+  offset             += QUICVariableInt::size(raw_buf + offset);
 
   // Token Field
   if (token_len) {
     this->_token = new QUICAddressValidationToken(raw_buf + offset, token_len);
-    offset += token_len;
+    offset       += token_len;
   } else {
     this->_token = new QUICAddressValidationToken(nullptr, 0);
   }
@@ -1401,7 +1401,7 @@ QUICZeroRttPacket::attach_payload(Ptr payload, bool unprotected)
   Ptr tmp = payload;
   while (tmp) {
     this->_payload_length += tmp->size();
-    tmp = tmp->next;
+    tmp                   = tmp->next;
   }
   if (unprotected) {
     this->_payload_length += aead_tag_len;
@@ -1439,9 +1439,9 @@ QUICZeroRttPacketR::QUICZeroRttPacketR(UDPConnection *udp_con, IpEndpoint from,
 
   size_t offset = LONG_HDR_OFFSET_CONNECTION_ID;
   this->_dcid   = {raw_buf + offset, dcil};
-  offset += dcil + 1;
-  this->_scid = {raw_buf + offset, scil};
-  offset += scil;
+  offset        += dcil + 1;
+  this->_scid   = {raw_buf + offset, scil};
+  offset        += scil;
 
   // Length Field
   offset += QUICVariableInt::size(raw_buf + offset);
@@ -1581,7 +1581,7 @@ QUICHandshakePacket::attach_payload(Ptr payload, bool unprotected
   Ptr tmp = payload;
   while (tmp) {
     this->_payload_length += tmp->size();
-    tmp = tmp->next;
+    tmp                   = tmp->next;
   }
   if (unprotected) {
     this->_payload_length += aead_tag_len;
@@ -1619,9 +1619,9 @@ QUICHandshakePacketR::QUICHandshakePacketR(UDPConnection *udp_con, IpEndpoint fr
 
   size_t offset = LONG_HDR_OFFSET_CONNECTION_ID;
   this->_dcid   = {raw_buf + offset, dcil};
-  offset += dcil + 1;
-  this->_scid = {raw_buf + offset, scil};
-  offset += scil;
+  offset        += dcil + 1;
+  this->_scid   = {raw_buf + offset, scil};
+  offset        += scil;
 
   // Length Field
   offset += QUICVariableInt::size(raw_buf + offset);
@@ -1788,13 +1788,13 @@ QUICRetryPacketR::QUICRetryPacketR(UDPConnection *udp_con, IpEndpoint from, IpEn
 
   size_t offset = LONG_HDR_OFFSET_CONNECTION_ID;
   this->_dcid   = {raw_buf + offset, dcil};
-  offset += dcil + 1;
-  this->_scid = {raw_buf + offset, scil};
-  offset += scil;
+  offset        += dcil + 1;
+  this->_scid   = {raw_buf + offset, scil};
+  offset        += scil;
 
   // Retry Token field
   this->_token = new QUICRetryToken(raw_buf + offset, len - offset - QUICRetryIntegrityTag::LEN);
-  offset += this->_token->length();
+  offset       += this->_token->length();
 
   // Retry Integrity Tag
   memcpy(this->_integrity_tag, raw_buf + offset, QUICRetryIntegrityTag::LEN);
diff --git a/iocore/net/quic/QUICPacket.h b/iocore/net/quic/QUICPacket.h
index aba3d88ede0..6aa64f561d5 100644
--- a/iocore/net/quic/QUICPacket.h
+++ b/iocore/net/quic/QUICPacket.h
@@ -34,7 +34,7 @@
 
 #define QUIC_FIELD_OFFSET_CONNECTION_ID 1
 #define QUIC_FIELD_OFFSET_PACKET_NUMBER 4
-#define QUIC_FIELD_OFFSET_PAYLOAD 5
+#define QUIC_FIELD_OFFSET_PAYLOAD       5
 
 class UDPConnection;
 
diff --git a/iocore/net/quic/QUICPacketPayloadProtector_boringssl.cc b/iocore/net/quic/QUICPacketPayloadProtector_boringssl.cc
index 0352e513d13..8c42d4370a3 100644
--- a/iocore/net/quic/QUICPacketPayloadProtector_boringssl.cc
+++ b/iocore/net/quic/QUICPacketPayloadProtector_boringssl.cc
@@ -67,7 +67,7 @@ QUICPacketPayloadProtector::_protect(uint8_t *cipher, size_t &cipher_len, size_t
       return false;
     }
     cipher_len += len;
-    b = b->next;
+    b          = b->next;
   }
 
   if (!EVP_EncryptFinal_ex(aead_ctx, cipher + cipher_len, &len)) {
diff --git a/iocore/net/quic/QUICPacketPayloadProtector_openssl.cc b/iocore/net/quic/QUICPacketPayloadProtector_openssl.cc
index c900718417b..a9bca670b5a 100644
--- a/iocore/net/quic/QUICPacketPayloadProtector_openssl.cc
+++ b/iocore/net/quic/QUICPacketPayloadProtector_openssl.cc
@@ -67,7 +67,7 @@ QUICPacketPayloadProtector::_protect(uint8_t *cipher, size_t &cipher_len, size_t
       return false;
     }
     cipher_len += len;
-    b = b->next;
+    b          = b->next;
   }
 
   if (!EVP_EncryptFinal_ex(aead_ctx, cipher + cipher_len, &len)) {
diff --git a/iocore/net/quic/QUICPacketReceiveQueue.cc b/iocore/net/quic/QUICPacketReceiveQueue.cc
index 5ab11717da9..a3594519be5 100644
--- a/iocore/net/quic/QUICPacketReceiveQueue.cc
+++ b/iocore/net/quic/QUICPacketReceiveQueue.cc
@@ -72,7 +72,7 @@ QUICPacketReceiveQueue::dequeue(uint8_t *packet_buf, QUICPacketCreationResult &r
     while (b) {
       memcpy(this->_payload.get() + written, b->start(), b->read_avail());
       written += b->read_avail();
-      b = b->next.get();
+      b       = b->next.get();
     }
   }
 
diff --git a/iocore/net/quic/QUICRetryIntegrityTag.h b/iocore/net/quic/QUICRetryIntegrityTag.h
index 3649fff1d7f..757f05fd309 100644
--- a/iocore/net/quic/QUICRetryIntegrityTag.h
+++ b/iocore/net/quic/QUICRetryIntegrityTag.h
@@ -35,12 +35,12 @@ class QUICRetryIntegrityTag
 private:
   // For version 1
   static constexpr uint8_t KEY_FOR_RETRY_INTEGRITY_TAG[]   = {0xbe, 0x0c, 0x69, 0x0b, 0x9f, 0x66, 0x57, 0x5a,
-                                                            0x1d, 0x76, 0x6b, 0x54, 0xe3, 0x68, 0xc8, 0x4e};
+                                                              0x1d, 0x76, 0x6b, 0x54, 0xe3, 0x68, 0xc8, 0x4e};
   static constexpr uint8_t NONCE_FOR_RETRY_INTEGRITY_TAG[] = {0x46, 0x15, 0x99, 0xd3, 0x5d, 0x63,
                                                               0x2b, 0xf2, 0x23, 0x98, 0x25, 0xbb};
   // For draft 29
   static constexpr uint8_t KEY_FOR_RETRY_INTEGRITY_TAG_D29[]   = {0xcc, 0xce, 0x18, 0x7e, 0xd0, 0x9a, 0x09, 0xd0,
-                                                                0x57, 0x28, 0x15, 0x5a, 0x6c, 0xb9, 0x6b, 0xe1};
+                                                                  0x57, 0x28, 0x15, 0x5a, 0x6c, 0xb9, 0x6b, 0xe1};
   static constexpr uint8_t NONCE_FOR_RETRY_INTEGRITY_TAG_D29[] = {0xe5, 0x49, 0x30, 0xf9, 0x7f, 0x21,
                                                                   0x36, 0xf0, 0x53, 0x0a, 0x8c, 0x1c};
 };
diff --git a/iocore/net/quic/QUICStats.h b/iocore/net/quic/QUICStats.h
index 51dcff2623c..f96206dd24b 100644
--- a/iocore/net/quic/QUICStats.h
+++ b/iocore/net/quic/QUICStats.h
@@ -32,10 +32,10 @@ enum class QUICStats {
   count,
 };
 
-#define QUIC_INCREMENT_DYN_STAT(x) RecIncrRawStat(quic_rsb, nullptr, (int)x, 1)
-#define QUIC_DECREMENT_DYN_STAT(x) RecIncrRawStat(quic_rsb, nullptr, (int)x, -1)
+#define QUIC_INCREMENT_DYN_STAT(x)        RecIncrRawStat(quic_rsb, nullptr, (int)x, 1)
+#define QUIC_DECREMENT_DYN_STAT(x)        RecIncrRawStat(quic_rsb, nullptr, (int)x, -1)
 #define QUIC_SET_COUNT_DYN_STAT(x, count) RecSetRawStatCount(quic_rsb, x, count)
-#define QUIC_INCREMENT_DYN_STAT_EX(x, y) RecIncrRawStat(quic_rsb, nullptr, (int)x, y)
+#define QUIC_INCREMENT_DYN_STAT_EX(x, y)  RecIncrRawStat(quic_rsb, nullptr, (int)x, y)
 #define QUIC_CLEAR_DYN_STAT(x)            \
   do {                                    \
     RecSetRawStatSum(quic_rsb, (x), 0);   \
diff --git a/iocore/net/quic/QUICStreamManager_native.cc b/iocore/net/quic/QUICStreamManager_native.cc
index 7ecf64b7d8a..24688c93fc1 100644
--- a/iocore/net/quic/QUICStreamManager_native.cc
+++ b/iocore/net/quic/QUICStreamManager_native.cc
@@ -99,7 +99,7 @@ QUICStreamManagerImpl::create_uni_stream(QUICStreamId &new_stream_id)
 {
   QUICConnectionErrorUPtr error = this->create_stream(this->_next_stream_id_uni);
   if (error == nullptr) {
-    new_stream_id = this->_next_stream_id_uni;
+    new_stream_id             = this->_next_stream_id_uni;
     this->_next_stream_id_uni += QUIC_STREAM_TYPES;
   }
 
@@ -118,7 +118,7 @@ QUICStreamManagerImpl::create_bidi_stream(QUICStreamId &new_stream_id)
 {
   QUICConnectionErrorUPtr error = this->create_stream(this->_next_stream_id_bidi);
   if (error == nullptr) {
-    new_stream_id = this->_next_stream_id_bidi;
+    new_stream_id              = this->_next_stream_id_bidi;
     this->_next_stream_id_bidi += QUIC_STREAM_TYPES;
   }
 
diff --git a/iocore/net/quic/QUICStreamVCAdapter.cc b/iocore/net/quic/QUICStreamVCAdapter.cc
index 7ed06c4a4d1..aad235fdf3b 100644
--- a/iocore/net/quic/QUICStreamVCAdapter.cc
+++ b/iocore/net/quic/QUICStreamVCAdapter.cc
@@ -72,7 +72,7 @@ QUICStreamVCAdapter::_read(size_t len)
     block                  = make_ptr(reader->get_current_block()->clone());
     if (block->size()) {
       block->consume(reader->start_offset);
-      block->_end = std::min(block->start() + len, block->_buf_end);
+      block->_end            = std::min(block->start() + len, block->_buf_end);
       this->_write_vio.ndone += block->size();
     }
     reader->consume(block->size());
diff --git a/iocore/net/quic/QUICTransportParameters.cc b/iocore/net/quic/QUICTransportParameters.cc
index eff5e7da8b0..d9fc0e8010a 100644
--- a/iocore/net/quic/QUICTransportParameters.cc
+++ b/iocore/net/quic/QUICTransportParameters.cc
@@ -99,7 +99,7 @@ QUICTransportParameters::_load(const uint8_t *buf, size_t len, QUICVersion versi
     // Read ID
     if (!QUICVariableInt::decode(param_id, l, p, len)) {
       len -= l;
-      p += l;
+      p   += l;
     } else {
       has_error = true;
       break;
@@ -115,7 +115,7 @@ QUICTransportParameters::_load(const uint8_t *buf, size_t len, QUICVersion versi
     // Read length of value
     if (!QUICVariableInt::decode(param_len, l, p, len)) {
       len -= l;
-      p += l;
+      p   += l;
     } else {
       has_error = true;
       break;
@@ -125,7 +125,7 @@ QUICTransportParameters::_load(const uint8_t *buf, size_t len, QUICVersion versi
     if (len >= param_len) {
       this->_parameters.insert(std::make_pair(param_id, new Value(p, param_len)));
       len -= param_len;
-      p += param_len;
+      p   += param_len;
     } else {
       has_error = true;
       break;
diff --git a/iocore/net/quic/QUICTypes.cc b/iocore/net/quic/QUICTypes.cc
index 18ee6d9237c..b50ac4db0bb 100644
--- a/iocore/net/quic/QUICTypes.cc
+++ b/iocore/net/quic/QUICTypes.cc
@@ -47,7 +47,7 @@ to_hex_str(char *dst, size_t dst_len, const uint8_t *src, size_t src_len)
   for (size_t i = 0; i < src_len; ++i) {
     *dst       = hex_digits[src[i] >> 4];
     *(dst + 1) = hex_digits[src[i] & 0xf];
-    dst += 2;
+    dst        += 2;
   }
   *dst = '\0';
 
@@ -373,11 +373,11 @@ QUICRetryToken::QUICRetryToken(const IpEndpoint &src, QUICConnectionId original_
 
   size_t cid_len;
   *(data + data_len) = original_dcid.length();
-  data_len += 1;
+  data_len           += 1;
   QUICTypeUtil::write_QUICConnectionId(original_dcid, data + data_len, &cid_len);
-  data_len += cid_len;
+  data_len           += cid_len;
   *(data + data_len) = scid.length();
-  data_len += 1;
+  data_len           += 1;
   QUICTypeUtil::write_QUICConnectionId(scid, data + data_len, &cid_len);
   data_len += cid_len;
 
@@ -388,11 +388,11 @@ QUICRetryToken::QUICRetryToken(const IpEndpoint &src, QUICConnectionId original_
   this->_token_len += 1;
 
   *(this->_token + this->_token_len) = original_dcid.length();
-  this->_token_len += 1;
+  this->_token_len                   += 1;
   QUICTypeUtil::write_QUICConnectionId(original_dcid, this->_token + this->_token_len, &cid_len);
-  this->_token_len += cid_len;
+  this->_token_len                   += cid_len;
   *(this->_token + this->_token_len) = scid.length();
-  this->_token_len += 1;
+  this->_token_len                   += 1;
   QUICTypeUtil::write_QUICConnectionId(scid, this->_token + this->_token_len, &cid_len);
   this->_token_len += cid_len;
 }
@@ -466,9 +466,9 @@ QUICPreferredAddress::QUICPreferredAddress(const uint8_t *buf, uint16_t len)
 
   // CID
   uint16_t cid_len = QUICIntUtil::read_nbytes_as_uint(p, 1);
-  p += 1;
-  this->_cid = QUICTypeUtil::read_QUICConnectionId(p, cid_len);
-  p += cid_len;
+  p                += 1;
+  this->_cid       = QUICTypeUtil::read_QUICConnectionId(p, cid_len);
+  p                += cid_len;
 
   // Token
   this->_token = {p};
@@ -553,7 +553,7 @@ QUICPreferredAddress::store(uint8_t *buf, uint16_t &len) const
   // CID
   uint8_t cid_len = this->_cid.length();
   p[0]            = cid_len;
-  p += 1;
+  p               += 1;
   QUICTypeUtil::write_QUICConnectionId(this->_cid, p, &dummy);
   p += cid_len;
 
diff --git a/iocore/net/quic/qlog/QLogEvent.h b/iocore/net/quic/qlog/QLogEvent.h
index 553a34835a4..b3025a0e3b1 100644
--- a/iocore/net/quic/qlog/QLogEvent.h
+++ b/iocore/net/quic/qlog/QLogEvent.h
@@ -53,8 +53,11 @@ class QLogEvent
 
 using QLogEventUPtr = std::unique_ptr;
 
-#define SET(field, type) \
-  void set_##field(type v) { this->_node[#field] = v; }
+#define SET(field, type)     \
+  void set_##field(type v)   \
+  {                          \
+    this->_node[#field] = v; \
+  }
 
 // enum class PacketType : uint8_t { initial, handshake, zerortt, onertt, retry, version_negotiation, unknown };
 using PacketType = std::string;
@@ -148,7 +151,7 @@ namespace Connectivity
       }
     }
 
-#define _SET(a, b) SET_FUNC(ServerListening, a, b)
+#define _SET(a, b)    SET_FUNC(ServerListening, a, b)
 #define _APPEND(a, b) APPEND_FUNC(ServerListening, a, b)
     _SET(port_v4, int)
     _SET(port_v6, int)
@@ -184,7 +187,7 @@ namespace Connectivity
       set_dst_port(dport);
     }
 
-#define _SET(a, b) SET_FUNC(ConnectionStarted, a, b)
+#define _SET(a, b)    SET_FUNC(ConnectionStarted, a, b)
 #define _APPEND(a, b) APPEND_FUNC(ConnectionStarted, a, b)
     _SET(quic_version, std::string);
     _SET(src_cid, std::string);
@@ -223,7 +226,7 @@ namespace Connectivity
       }
     }
 
-#define _SET(a, b) SET_FUNC(ConnectionIdUpdated, a, b)
+#define _SET(a, b)    SET_FUNC(ConnectionIdUpdated, a, b)
 #define _APPEND(a, b) APPEND_FUNC(ConnectionIdUpdated, a, b)
 
     _SET(src_old, std::string);
@@ -501,7 +504,7 @@ namespace Transport
       set_packet_type(type).set_header(h).set_trigger(tr);
     }
 
-#define _SET(a, b) SET_FUNC(PacketEvent, a, b)
+#define _SET(a, b)    SET_FUNC(PacketEvent, a, b)
 #define _APPEND(a, b) APPEND_FUNC(PacketEvent, a, b)
     _SET(packet_type, PacketType)
     _SET(header, PacketHeader)
diff --git a/iocore/utils/I_OneWayTunnel.h b/iocore/utils/I_OneWayTunnel.h
index d74401a88ab..e60828c122d 100644
--- a/iocore/utils/I_OneWayTunnel.h
+++ b/iocore/utils/I_OneWayTunnel.h
@@ -206,6 +206,6 @@ struct OneWayTunnel : public Continuation {
   bool free_vcs             = true;
 
   // noncopyable
-  OneWayTunnel(const OneWayTunnel &) = delete;
+  OneWayTunnel(const OneWayTunnel &)            = delete;
   OneWayTunnel &operator=(const OneWayTunnel &) = delete;
 };
diff --git a/mgmt/DerivativeMetrics.cc b/mgmt/DerivativeMetrics.cc
index 3a3987517bc..eab5c3b6566 100644
--- a/mgmt/DerivativeMetrics.cc
+++ b/mgmt/DerivativeMetrics.cc
@@ -35,58 +35,48 @@
 static const std::vector sum_metrics = {
   // Total bytes of client request body + headers
   {"proxy.process.http.user_agent_total_request_bytes",
-   RECD_INT,
-   {"proxy.process.http.user_agent_request_document_total_size", "proxy.process.http.user_agent_request_header_total_size"}},
-  // Total bytes of client response body + headers
+   RECD_INT,                                                              {"proxy.process.http.user_agent_request_document_total_size", "proxy.process.http.user_agent_request_header_total_size"}      },
+ // Total bytes of client response body + headers
   {"proxy.process.http.user_agent_total_response_bytes",
-   RECD_INT,
-   {"proxy.process.http.user_agent_response_document_total_size", "proxy.process.http.user_agent_response_header_total_size"}},
-  // Total bytes of origin server request body + headers
+   RECD_INT,                                                              {"proxy.process.http.user_agent_response_document_total_size", "proxy.process.http.user_agent_response_header_total_size"}    },
+ // Total bytes of origin server request body + headers
   {"proxy.process.http.origin_server_total_request_bytes",
-   RECD_INT,
-   {"proxy.process.http.origin_server_request_document_total_size", "proxy.process.http.origin_server_request_header_total_size"}},
-  // Total bytes of origin server response body + headers
+   RECD_INT,                                                              {"proxy.process.http.origin_server_request_document_total_size", "proxy.process.http.origin_server_request_header_total_size"}},
+ // Total bytes of origin server response body + headers
   {"proxy.process.http.origin_server_total_response_bytes",
-   RECD_INT,
-   {"proxy.process.http.origin_server_response_document_total_size",
-    "proxy.process.http.origin_server_response_header_total_size"}},
-  // Total bytes of client request and response (total traffic to and from clients)
+   RECD_INT,                                                              {"proxy.process.http.origin_server_response_document_total_size",
+    "proxy.process.http.origin_server_response_header_total_size"}                                                                                                                          },
+ // Total bytes of client request and response (total traffic to and from clients)
   {"proxy.process.user_agent_total_bytes",
-   RECD_INT,
-   {"proxy.process.http.user_agent_total_request_bytes", "proxy.process.http.user_agent_total_response_bytes"}},
-  // Total bytes of origin/parent request and response
+   RECD_INT,                                                              {"proxy.process.http.user_agent_total_request_bytes", "proxy.process.http.user_agent_total_response_bytes"}                   },
+ // Total bytes of origin/parent request and response
   {"proxy.process.origin_server_total_bytes",
-   RECD_INT,
-   {"proxy.process.http.origin_server_total_request_bytes", "proxy.process.http.origin_server_total_response_bytes",
-    "proxy.process.http.parent_proxy_request_total_bytes", "proxy.process.http.parent_proxy_response_total_bytes"}},
-  // Total requests which are cache hits
+   RECD_INT,                                                              {"proxy.process.http.origin_server_total_request_bytes", "proxy.process.http.origin_server_total_response_bytes",
+    "proxy.process.http.parent_proxy_request_total_bytes", "proxy.process.http.parent_proxy_response_total_bytes"}                                                                          },
+ // Total requests which are cache hits
   {"proxy.process.cache_total_hits",
-   RECD_COUNTER,
-   {"proxy.process.http.cache_hit_fresh", "proxy.process.http.cache_hit_revalidated", "proxy.process.http.cache_hit_ims",
-    "proxy.process.http.cache_hit_stale_served"}},
-  // Total requests which are cache misses
+   RECD_COUNTER,                                                          {"proxy.process.http.cache_hit_fresh", "proxy.process.http.cache_hit_revalidated", "proxy.process.http.cache_hit_ims",
+    "proxy.process.http.cache_hit_stale_served"}                                                                                                                                        },
+ // Total requests which are cache misses
   {"proxy.process.cache_total_misses",
-   RECD_COUNTER,
-   {"proxy.process.http.cache_miss_cold", "proxy.process.http.cache_miss_changed", "proxy.process.http.cache_miss_client_no_cache",
-    "proxy.process.http.cache_miss_ims", "proxy.process.http.cache_miss_client_not_cacheable"}},
-  // Total requests, both hits and misses (this is slightly superfluous, but assures correct percentage calculations)
-  {"proxy.process.cache_total_requests", RECD_COUNTER, {"proxy.process.cache_total_hits", "proxy.process.cache_total_misses"}},
-  // Total cache requests bytes which are cache hits
+   RECD_COUNTER,                                                          {"proxy.process.http.cache_miss_cold", "proxy.process.http.cache_miss_changed", "proxy.process.http.cache_miss_client_no_cache",
+    "proxy.process.http.cache_miss_ims", "proxy.process.http.cache_miss_client_not_cacheable"}                                                                                          },
+ // Total requests, both hits and misses (this is slightly superfluous, but assures correct percentage calculations)
+  {"proxy.process.cache_total_requests",                    RECD_COUNTER, {"proxy.process.cache_total_hits", "proxy.process.cache_total_misses"}                                                        },
+ // Total cache requests bytes which are cache hits
   {"proxy.process.cache_total_hits_bytes",
-   RECD_INT,
-   {"proxy.process.http.tcp_hit_user_agent_bytes_stat", "proxy.process.http.tcp_refresh_hit_user_agent_bytes_stat",
-    "proxy.process.http.tcp_ims_hit_user_agent_bytes_stat"}},
-  // Total cache requests bytes which are cache misses
+   RECD_INT,                                                              {"proxy.process.http.tcp_hit_user_agent_bytes_stat", "proxy.process.http.tcp_refresh_hit_user_agent_bytes_stat",
+    "proxy.process.http.tcp_ims_hit_user_agent_bytes_stat"}                                                                                                                                 },
+ // Total cache requests bytes which are cache misses
   {"proxy.process.cache_total_misses_bytes",
-   RECD_INT,
-   {"proxy.process.http.tcp_miss_user_agent_bytes_stat", "proxy.process.http.tcp_expired_miss_user_agent_bytes_stat",
-    "proxy.process.http.tcp_refresh_miss_user_agent_bytes_stat", "proxy.process.http.tcp_ims_miss_user_agent_bytes_stat"}},
-  // Total request bytes, both hits and misses
-  {"proxy.process.cache_total_bytes", RECD_INT, {"proxy.process.cache_total_hits_bytes", "proxy.process.cache_total_misses_bytes"}},
-  // Total of all server connections (sum of origins and parent connections)
+   RECD_INT,                                                              {"proxy.process.http.tcp_miss_user_agent_bytes_stat", "proxy.process.http.tcp_expired_miss_user_agent_bytes_stat",
+    "proxy.process.http.tcp_refresh_miss_user_agent_bytes_stat", "proxy.process.http.tcp_ims_miss_user_agent_bytes_stat"}                                                                   },
+ // Total request bytes, both hits and misses
+  {"proxy.process.cache_total_bytes",                       RECD_INT,     {"proxy.process.cache_total_hits_bytes", "proxy.process.cache_total_misses_bytes"}                                            },
+ // Total of all server connections (sum of origins and parent connections)
   {"proxy.process.current_server_connections",
-   RECD_INT,
-   {"proxy.process.http.current_server_connections", "proxy.process.http.current_parent_proxy_connections"}}};
+   RECD_INT,                                                              {"proxy.process.http.current_server_connections", "proxy.process.http.current_parent_proxy_connections"}                      }
+};
 
 // The constructor is responsible for registering the new metrics. ToDo: At some point we could
 // in theory expand this to support some sort of configuration, and then replace the hardcoded metrics
@@ -125,11 +115,11 @@ DerivativeMetrics::Update()
     for (auto &&metric : metric_parts) {
       switch (type) {
       case RECD_INT:
-        error = RecGetRecordInt(metric, &int_val);
+        error       = RecGetRecordInt(metric, &int_val);
         sum.rec_int += int_val;
         break;
       case RECD_COUNTER:
-        error = RecGetRecordCounter(metric, &counter_val);
+        error           = RecGetRecordCounter(metric, &counter_val);
         sum.rec_counter += counter_val;
         break;
       default:
diff --git a/mgmt/DerivativeMetrics.h b/mgmt/DerivativeMetrics.h
index cc8db1bdc27..6a99a225cbc 100644
--- a/mgmt/DerivativeMetrics.h
+++ b/mgmt/DerivativeMetrics.h
@@ -35,6 +35,6 @@ class DerivativeMetrics
   void Update();
 
   // Don't allow copy and assign
-  DerivativeMetrics(DerivativeMetrics const &) = delete;
+  DerivativeMetrics(DerivativeMetrics const &)            = delete;
   DerivativeMetrics &operator=(DerivativeMetrics const &) = delete;
 };
diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc
index 3bf7cf9f77f..1b9c621a6b3 100644
--- a/mgmt/RecordsConfig.cc
+++ b/mgmt/RecordsConfig.cc
@@ -1299,14 +1299,24 @@ static const RecordElement RecordsConfig[] =
   ,
   {RECT_CONFIG, "proxy.config.http2.max_concurrent_streams_in", RECD_INT, "100", RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL}
   ,
+  {RECT_CONFIG, "proxy.config.http2.max_concurrent_streams_out", RECD_INT, "100", RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL}
+  ,
   {RECT_CONFIG, "proxy.config.http2.min_concurrent_streams_in", RECD_INT, "10", RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL}
   ,
+  {RECT_CONFIG, "proxy.config.http2.min_concurrent_streams_out", RECD_INT, "10", RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL}
+  ,
   {RECT_CONFIG, "proxy.config.http2.max_active_streams_in", RECD_INT, "0", RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL}
   ,
+  {RECT_CONFIG, "proxy.config.http2.max_active_streams_out", RECD_INT, "0", RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL}
+  ,
   {RECT_CONFIG, "proxy.config.http2.initial_window_size_in", RECD_INT, "65535", RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL}
   ,
+  {RECT_CONFIG, "proxy.config.http2.initial_window_size_out", RECD_INT, "65535", RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL}
+  ,
   {RECT_CONFIG, "proxy.config.http2.flow_control.policy_in", RECD_INT, "0", RECU_DYNAMIC, RR_NULL, RECC_STR, "[0-2]", RECA_NULL}
   ,
+  {RECT_CONFIG, "proxy.config.http2.flow_control.policy_out", RECD_INT, "0", RECU_DYNAMIC, RR_NULL, RECC_STR, "[0-2]", RECA_NULL}
+  ,
   {RECT_CONFIG, "proxy.config.http2.max_frame_size", RECD_INT, "16384", RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL}
   ,
   {RECT_CONFIG, "proxy.config.http2.header_table_size", RECD_INT, "4096", RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL}
@@ -1317,6 +1327,8 @@ static const RecordElement RecordsConfig[] =
   ,
   {RECT_CONFIG, "proxy.config.http2.no_activity_timeout_in", RECD_INT, "120", RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL}
   ,
+  {RECT_CONFIG, "proxy.config.http2.no_activity_timeout_out", RECD_INT, "120", RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL}
+  ,
   {RECT_CONFIG, "proxy.config.http2.active_timeout_in", RECD_INT, "0", RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL}
   ,
   {RECT_CONFIG, "proxy.config.http2.push_diary_size", RECD_INT, "256", RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL}
diff --git a/mgmt/WebMgmtUtils.cc b/mgmt/WebMgmtUtils.cc
index d616b262b5d..3dc2bdad1db 100644
--- a/mgmt/WebMgmtUtils.cc
+++ b/mgmt/WebMgmtUtils.cc
@@ -412,7 +412,7 @@ substituteForHTMLChars(const char *buffer)
       break;
     default:
       *safeCurrent = *inCurrent;
-      safeCurrent += 1;
+      safeCurrent  += 1;
       break;
     }
 
diff --git a/mgmt/YamlCfg.cc b/mgmt/YamlCfg.cc
index 292ae38cff6..da267eed7e6 100644
--- a/mgmt/YamlCfg.cc
+++ b/mgmt/YamlCfg.cc
@@ -72,7 +72,7 @@ namespace Yaml
             msg += ", ";
           }
           first = false;
-          msg += key;
+          msg   += key;
         }
       }
       throw YAML::ParserException(_map.Mark(), msg + " invalid in this map");
diff --git a/mgmt/YamlCfg.h b/mgmt/YamlCfg.h
index 25d7e99f466..51ca003afca 100644
--- a/mgmt/YamlCfg.h
+++ b/mgmt/YamlCfg.h
@@ -64,7 +64,7 @@ namespace Yaml
 
     // No copy/move.
     //
-    Map(Map const &) = delete;
+    Map(Map const &)            = delete;
     Map &operator=(Map const &) = delete;
 
   private:
diff --git a/mgmt/api/CoreAPIShared.h b/mgmt/api/CoreAPIShared.h
index 6e1e8d77b9f..a17a98d0e54 100644
--- a/mgmt/api/CoreAPIShared.h
+++ b/mgmt/api/CoreAPIShared.h
@@ -36,10 +36,10 @@
 
 // used by TSReadFromUrl
 #define HTTP_DIVIDER "\r\n\r\n"
-#define URL_BUFSIZE 65536 // the max. length of URL obtainable (in bytes)
-#define URL_TIMEOUT 5000  // the timeout value for send/recv HTTP in ms
-#define HTTP_PORT 80
-#define BUFSIZE 1024
+#define URL_BUFSIZE  65536 // the max. length of URL obtainable (in bytes)
+#define URL_TIMEOUT  5000  // the timeout value for send/recv HTTP in ms
+#define HTTP_PORT    80
+#define BUFSIZE      1024
 
 // used by TSReadFromUrl
 TSMgmtError parseHTTPResponse(char *buffer, char **header, int *hdr_size, char **body, int *bdy_size);
diff --git a/mgmt/api/INKMgmtAPI.cc b/mgmt/api/INKMgmtAPI.cc
index 38e38928c6d..775f41fe103 100644
--- a/mgmt/api/INKMgmtAPI.cc
+++ b/mgmt/api/INKMgmtAPI.cc
@@ -472,8 +472,8 @@ TSReadFromUrlEx(const char *url, char **header, int *headerSize, char **body, in
   char *host_and_port;
   if (tempPath) {
     host_and_port = ats_strndup(url, strlen(url) - strlen(tempPath));
-    tempPath += 1; // advance one position to get rid of leading '/'
-    httpPath = ats_strdup(tempPath);
+    tempPath      += 1; // advance one position to get rid of leading '/'
+    httpPath      = ats_strdup(tempPath);
   } else {
     host_and_port = ats_strdup(url);
     httpPath      = ats_strdup("");
@@ -483,7 +483,7 @@ TSReadFromUrlEx(const char *url, char **header, int *headerSize, char **body, in
   char *colon = strstr(host_and_port, ":");
   if (colon) {
     httpHost = ats_strndup(host_and_port, strlen(host_and_port) - strlen(colon));
-    colon += 1; // advance one position to get rid of leading ':'
+    colon    += 1; // advance one position to get rid of leading ':'
     httpPort = ink_atoi(colon);
     if (httpPort <= 0) {
       httpPort = HTTP_PORT;
diff --git a/mgmt/api/include/mgmtapi.h b/mgmt/api/include/mgmtapi.h
index d36181cbec7..99406a2e910 100644
--- a/mgmt/api/include/mgmtapi.h
+++ b/mgmt/api/include/mgmtapi.h
@@ -44,9 +44,9 @@ extern "C" {
 
 #ifndef TS_RES_MEM_PATH
 #define __TS_RES_PATH(x) #x
-#define _TS_RES_PATH(x) __TS_RES_PATH(x)
-#define TS_RES_PATH(x) x __FILE__ ":" _TS_RES_PATH(__LINE__)
-#define TS_RES_MEM_PATH TS_RES_PATH("memory/")
+#define _TS_RES_PATH(x)  __TS_RES_PATH(x)
+#define TS_RES_PATH(x)   x __FILE__ ":" _TS_RES_PATH(__LINE__)
+#define TS_RES_MEM_PATH  TS_RES_PATH("memory/")
 #endif
 
 #define TM_OPT_BIND_STDOUT "bind_stdout"
@@ -228,11 +228,11 @@ typedef void (*TSDisconnectFunc)(void *data);
 /***************************************************************************
  * API Memory Management
  ***************************************************************************/
-#define TSmalloc(s) _TSmalloc((s), TS_RES_MEM_PATH)
+#define TSmalloc(s)     _TSmalloc((s), TS_RES_MEM_PATH)
 #define TSrealloc(p, s) _TSrealloc((p), (s), TS_RES_MEM_PATH)
-#define TSstrdup(p) _TSstrdup((p), -1, TS_RES_MEM_PATH)
+#define TSstrdup(p)     _TSstrdup((p), -1, TS_RES_MEM_PATH)
 #define TSstrndup(p, n) _TSstrdup((p), (n), TS_RES_MEM_PATH)
-#define TSfree(p) _TSfree(p)
+#define TSfree(p)       _TSfree(p)
 
 tsapi void *_TSmalloc(size_t size, const char *path);
 tsapi void *_TSrealloc(void *ptr, size_t size, const char *path);
diff --git a/mgmt/config/FileManager.h b/mgmt/config/FileManager.h
index 4746e67d6a7..ce558098a8a 100644
--- a/mgmt/config/FileManager.h
+++ b/mgmt/config/FileManager.h
@@ -107,7 +107,7 @@ class FileManager
     }
 
     // noncopyable
-    ConfigManager(const ConfigManager &) = delete;
+    ConfigManager(const ConfigManager &)            = delete;
     ConfigManager &operator=(const ConfigManager &) = delete;
 
   private:
@@ -125,7 +125,7 @@ class FileManager
   using CallbackType = std::function;
 
   ~FileManager();
-  FileManager(const FileManager &obj) = delete;
+  FileManager(const FileManager &obj)         = delete;
   FileManager &operator=(FileManager const &) = delete;
 
   void addFile(const char *fileName, const char *configName, bool root_access_needed, bool isRequired,
diff --git a/mgmt/rpc/handlers/common/ErrorUtils.h b/mgmt/rpc/handlers/common/ErrorUtils.h
index 1b17c9e4c40..4f3242a393b 100644
--- a/mgmt/rpc/handlers/common/ErrorUtils.h
+++ b/mgmt/rpc/handlers/common/ErrorUtils.h
@@ -51,7 +51,7 @@ static constexpr int ERRATA_DEFAULT_ID{1};
 
 template 
 static inline ts::Errata
-make_errata(int code, std::string_view fmt, Args &&... args)
+make_errata(int code, std::string_view fmt, Args &&...args)
 {
   std::string text;
   return ts::Errata{}.push(ERRATA_DEFAULT_ID, code, ts::bwprint(text, fmt, std::forward(args)...));
diff --git a/mgmt/rpc/jsonrpc/JsonRPCManager.h b/mgmt/rpc/jsonrpc/JsonRPCManager.h
index 4baeda00a35..29727ce0285 100644
--- a/mgmt/rpc/jsonrpc/JsonRPCManager.h
+++ b/mgmt/rpc/jsonrpc/JsonRPCManager.h
@@ -146,11 +146,11 @@ class JsonRPCManager
   }
 
 protected: // For unit test.
-  JsonRPCManager()                       = default;
-  JsonRPCManager(JsonRPCManager const &) = delete;
-  JsonRPCManager(JsonRPCManager &&)      = delete;
+  JsonRPCManager()                                  = default;
+  JsonRPCManager(JsonRPCManager const &)            = delete;
+  JsonRPCManager(JsonRPCManager &&)                 = delete;
   JsonRPCManager &operator=(JsonRPCManager const &) = delete;
-  JsonRPCManager &operator=(JsonRPCManager &&) = delete;
+  JsonRPCManager &operator=(JsonRPCManager &&)      = delete;
 
   ///
   /// @brief Remove handler from the registered method handlers. Test only.
diff --git a/mgmt/rpc/jsonrpc/unit_tests/test_basic_protocol.cc b/mgmt/rpc/jsonrpc/unit_tests/test_basic_protocol.cc
index 24aa1fbb158..b0d02de331e 100644
--- a/mgmt/rpc/jsonrpc/unit_tests/test_basic_protocol.cc
+++ b/mgmt/rpc/jsonrpc/unit_tests/test_basic_protocol.cc
@@ -600,7 +600,7 @@ TEST_CASE("Call method with invalid ID", "[invalid_id]")
   {
     std::string req = R"([{"id": "", "jsonrpc": "2.0", "method": "will_not_pass_the_validation"},)"
                       R"({"id": {}, "jsonrpc": "2.0", "method": "will_not_pass_the_validation"}])";
-    auto resp = rpc.handle_call(req);
+    auto resp       = rpc.handle_call(req);
     std::string expected =
       R"([{"jsonrpc": "2.0", "error": {"code": 11, "message": "Use of an empty string as id is discouraged"}}, )"
       R"({"jsonrpc": "2.0", "error": {"code": 7, "message": "Invalid id type"}}])";
diff --git a/mgmt/rpc/server/unit_tests/test_rpcserver.cc b/mgmt/rpc/server/unit_tests/test_rpcserver.cc
index 7649b3b41c0..67c400aad09 100644
--- a/mgmt/rpc/server/unit_tests/test_rpcserver.cc
+++ b/mgmt/rpc/server/unit_tests/test_rpcserver.cc
@@ -148,7 +148,7 @@ getTemporaryDir()
 {
   std::error_code ec;
   fs::path tmpDir = fs::canonical(fs::temp_directory_path(), ec);
-  tmpDir /= "sandbox_XXXXXX";
+  tmpDir          /= "sandbox_XXXXXX";
 
   char dirNameTemplate[tmpDir.string().length() + 1];
   sprintf(dirNameTemplate, "%s", tmpDir.c_str());
@@ -216,7 +216,9 @@ struct ScopedLocalSocket : shared::rpc::IPCSocketClient {
   {
     const std::size_t size = std::distance(from, to);
     if (size <= N) {
-      return {std::string{from, to}};
+      return {
+        std::string{from, to}
+      };
     }
     std::size_t index{0};
     std::array ret;
@@ -293,9 +295,9 @@ std::string
 random_string(std::string::size_type length)
 {
   auto randchar = []() -> char {
-    const char charset[] = "0123456789"
-                           "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-                           "abcdefghijklmnopqrstuvwxyz";
+    const char charset[]   = "0123456789"
+                             "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+                             "abcdefghijklmnopqrstuvwxyz";
     const size_t max_index = (sizeof(charset) - 1);
     return charset[rand() % max_index];
   };
diff --git a/mgmt/utils/ExpandingArray.cc b/mgmt/utils/ExpandingArray.cc
index 0ec893f35d8..ddebeb40316 100644
--- a/mgmt/utils/ExpandingArray.cc
+++ b/mgmt/utils/ExpandingArray.cc
@@ -63,7 +63,7 @@ ExpandingArray::addEntry(void *entry)
 {
   if (numValidValues == internalArraySize) {
     // Time to increase the size of the array
-    internalArray = static_cast(ats_realloc(internalArray, 2 * sizeof(void *) * internalArraySize));
+    internalArray     = static_cast(ats_realloc(internalArray, 2 * sizeof(void *) * internalArraySize));
     internalArraySize *= 2;
   }
 
diff --git a/mgmt/utils/MgmtUtils.cc b/mgmt/utils/MgmtUtils.cc
index f073660d7c3..095b2efe69f 100644
--- a/mgmt/utils/MgmtUtils.cc
+++ b/mgmt/utils/MgmtUtils.cc
@@ -117,7 +117,7 @@ mgmt_writeline(int soc, const char *data, int nbytes)
       return nwritten;
     }
     nleft -= nwritten;
-    tmp += nwritten;
+    tmp   += nwritten;
   }
 
   while (n != 1) {
@@ -173,8 +173,8 @@ mgmt_read_pipe(int fd, char *buf, int bytes_to_read)
     }
 
     bytes_to_read -= err;
-    bytes_read += err;
-    p += err;
+    bytes_read    += err;
+    p             += err;
   }
 
   return bytes_read;
@@ -212,8 +212,8 @@ mgmt_write_pipe(int fd, char *buf, int bytes_to_write)
     }
 
     bytes_to_write -= err;
-    bytes_written += err;
-    p += err;
+    bytes_written  += err;
+    p              += err;
   }
 
   return bytes_written;
diff --git a/plugins/authproxy/authproxy.cc b/plugins/authproxy/authproxy.cc
index a8da078c1ed..83c683910b0 100644
--- a/plugins/authproxy/authproxy.cc
+++ b/plugins/authproxy/authproxy.cc
@@ -105,42 +105,49 @@ StateContinue(AuthRequestContext *, void *)
 }
 
 // State table for sending the auth proxy response to the client.
-static const StateTransition StateTableSendResponse[] = {{TS_EVENT_HTTP_SEND_RESPONSE_HDR, StateAuthProxySendResponse, nullptr},
-                                                         {TS_EVENT_NONE, nullptr, nullptr}};
+static const StateTransition StateTableSendResponse[] = {
+  {TS_EVENT_HTTP_SEND_RESPONSE_HDR, StateAuthProxySendResponse, nullptr},
+  {TS_EVENT_NONE,                   nullptr,                    nullptr}
+};
 
 // State table for reading the proxy response body content.
 static const StateTransition StateTableProxyReadContent[] = {
-  {TS_EVENT_VCONN_READ_READY, StateAuthProxyReadContent, StateTableProxyReadContent},
-  {TS_EVENT_VCONN_READ_COMPLETE, StateAuthProxyReadContent, StateTableProxyReadContent},
-  {TS_EVENT_VCONN_EOS, StateAuthProxyCompleteContent, StateTableProxyReadContent},
-  {TS_EVENT_HTTP_SEND_RESPONSE_HDR, StateContinue, StateTableSendResponse},
-  {TS_EVENT_ERROR, StateUnauthorized, nullptr},
-  {TS_EVENT_IMMEDIATE, StateAuthorized, nullptr},
-  {TS_EVENT_NONE, nullptr, nullptr}};
+  {TS_EVENT_VCONN_READ_READY,       StateAuthProxyReadContent,     StateTableProxyReadContent},
+  {TS_EVENT_VCONN_READ_COMPLETE,    StateAuthProxyReadContent,     StateTableProxyReadContent},
+  {TS_EVENT_VCONN_EOS,              StateAuthProxyCompleteContent, StateTableProxyReadContent},
+  {TS_EVENT_HTTP_SEND_RESPONSE_HDR, StateContinue,                 StateTableSendResponse    },
+  {TS_EVENT_ERROR,                  StateUnauthorized,             nullptr                   },
+  {TS_EVENT_IMMEDIATE,              StateAuthorized,               nullptr                   },
+  {TS_EVENT_NONE,                   nullptr,                       nullptr                   }
+};
 
 // State table for reading the auth proxy response header.
 static const StateTransition StateTableProxyReadHeader[] = {
-  {TS_EVENT_VCONN_READ_READY, StateAuthProxyReadHeaders, StateTableProxyReadHeader},
-  {TS_EVENT_VCONN_READ_COMPLETE, StateAuthProxyReadHeaders, StateTableProxyReadHeader},
-  {TS_EVENT_HTTP_READ_REQUEST_HDR, StateAuthProxyCompleteHeaders, StateTableProxyReadHeader},
-  {TS_EVENT_HTTP_SEND_RESPONSE_HDR, StateContinue, StateTableSendResponse},
-  {TS_EVENT_HTTP_CONTINUE, StateAuthProxyReadContent, StateTableProxyReadContent},
-  {TS_EVENT_VCONN_EOS, StateUnauthorized, nullptr}, // XXX Should we check headers on EOS?
-  {TS_EVENT_ERROR, StateUnauthorized, nullptr},
-  {TS_EVENT_IMMEDIATE, StateAuthorized, nullptr},
-  {TS_EVENT_NONE, nullptr, nullptr}};
+  {TS_EVENT_VCONN_READ_READY,       StateAuthProxyReadHeaders,     StateTableProxyReadHeader },
+  {TS_EVENT_VCONN_READ_COMPLETE,    StateAuthProxyReadHeaders,     StateTableProxyReadHeader },
+  {TS_EVENT_HTTP_READ_REQUEST_HDR,  StateAuthProxyCompleteHeaders, StateTableProxyReadHeader },
+  {TS_EVENT_HTTP_SEND_RESPONSE_HDR, StateContinue,                 StateTableSendResponse    },
+  {TS_EVENT_HTTP_CONTINUE,          StateAuthProxyReadContent,     StateTableProxyReadContent},
+  {TS_EVENT_VCONN_EOS,              StateUnauthorized,             nullptr                   }, // XXX Should we check headers on EOS?
+  {TS_EVENT_ERROR,                  StateUnauthorized,             nullptr                   },
+  {TS_EVENT_IMMEDIATE,              StateAuthorized,               nullptr                   },
+  {TS_EVENT_NONE,                   nullptr,                       nullptr                   }
+};
 
 // State table for sending the request to the auth proxy.
 static const StateTransition StateTableProxyRequest[] = {
-  {TS_EVENT_VCONN_WRITE_READY, StateAuthProxyWriteReady, StateTableProxyRequest},
+  {TS_EVENT_VCONN_WRITE_READY,    StateAuthProxyWriteReady,    StateTableProxyRequest   },
   {TS_EVENT_VCONN_WRITE_COMPLETE, StateAuthProxyWriteComplete, StateTableProxyReadHeader},
-  {TS_EVENT_ERROR, StateUnauthorized, nullptr},
-  {TS_EVENT_NONE, nullptr, nullptr}};
+  {TS_EVENT_ERROR,                StateUnauthorized,           nullptr                  },
+  {TS_EVENT_NONE,                 nullptr,                     nullptr                  }
+};
 
 // Initial state table.
-static const StateTransition StateTableInit[] = {{TS_EVENT_HTTP_POST_REMAP, StateAuthProxyConnect, StateTableProxyRequest},
-                                                 {TS_EVENT_ERROR, StateUnauthorized, nullptr},
-                                                 {TS_EVENT_NONE, nullptr, nullptr}};
+static const StateTransition StateTableInit[] = {
+  {TS_EVENT_HTTP_POST_REMAP, StateAuthProxyConnect, StateTableProxyRequest},
+  {TS_EVENT_ERROR,           StateUnauthorized,     nullptr               },
+  {TS_EVENT_NONE,            nullptr,               nullptr               }
+};
 
 struct AuthRequestContext {
   TSHttpTxn txn = nullptr; // Original client transaction we are authorizing.
@@ -723,13 +730,13 @@ AuthParseOptions(int argc, const char **argv)
   // on some platforms (e.g. Solaris / Illumos). On sane platforms (e.g. linux), it'll get
   // automatically casted back to the const char*, as the struct is defined in .
   static const struct option longopt[] = {
-    {const_cast("auth-host"), required_argument, nullptr, 'h'},
-    {const_cast("auth-port"), required_argument, nullptr, 'p'},
-    {const_cast("auth-transform"), required_argument, nullptr, 't'},
-    {const_cast("force-cacheability"), no_argument, nullptr, 'c'},
-    {const_cast("cache-internal"), no_argument, nullptr, 'i'},
+    {const_cast("auth-host"),             required_argument, nullptr, 'h'},
+    {const_cast("auth-port"),             required_argument, nullptr, 'p'},
+    {const_cast("auth-transform"),        required_argument, nullptr, 't'},
+    {const_cast("force-cacheability"),    no_argument,       nullptr, 'c'},
+    {const_cast("cache-internal"),        no_argument,       nullptr, 'i'},
     {const_cast("forward-header-prefix"), required_argument, nullptr, 'f'},
-    {nullptr, 0, nullptr, 0},
+    {nullptr,                                     0,                 nullptr, 0  },
   };
 
   AuthOptions *options = AuthNew();
diff --git a/plugins/authproxy/utils.h b/plugins/authproxy/utils.h
index bd672ee729b..a7224a1802a 100644
--- a/plugins/authproxy/utils.h
+++ b/plugins/authproxy/utils.h
@@ -73,7 +73,7 @@ struct HttpIoBuffer {
   }
 
   // noncopyable
-  HttpIoBuffer(const HttpIoBuffer &) = delete;            // delete
+  HttpIoBuffer(const HttpIoBuffer &)            = delete; // delete
   HttpIoBuffer &operator=(const HttpIoBuffer &) = delete; // delete
 };
 
@@ -91,7 +91,7 @@ struct HttpHeader {
   TSMLoc header;
 
   // noncopyable
-  HttpHeader(const HttpHeader &) = delete;            // delete
+  HttpHeader(const HttpHeader &)            = delete; // delete
   HttpHeader &operator=(const HttpHeader &) = delete; // delete
 };
 
diff --git a/plugins/background_fetch/background_fetch.cc b/plugins/background_fetch/background_fetch.cc
index ba6837265e2..0e1efc33e63 100644
--- a/plugins/background_fetch/background_fetch.cc
+++ b/plugins/background_fetch/background_fetch.cc
@@ -49,7 +49,8 @@ static const std::array FILTER_HEADERS{
    {TS_MIME_FIELD_IF_MODIFIED_SINCE, static_cast(TS_MIME_LEN_IF_MODIFIED_SINCE)},
    {TS_MIME_FIELD_IF_NONE_MATCH, static_cast(TS_MIME_LEN_IF_NONE_MATCH)},
    {TS_MIME_FIELD_IF_RANGE, static_cast(TS_MIME_LEN_IF_RANGE)},
-   {TS_MIME_FIELD_IF_UNMODIFIED_SINCE, static_cast(TS_MIME_LEN_IF_UNMODIFIED_SINCE)}}};
+   {TS_MIME_FIELD_IF_UNMODIFIED_SINCE, static_cast(TS_MIME_LEN_IF_UNMODIFIED_SINCE)}}
+};
 
 ///////////////////////////////////////////////////////////////////////////
 // Hold the global background fetch state. This is currently shared across all
@@ -60,8 +61,8 @@ using OutstandingRequests = std::unordered_map;
 class BgFetchState
 {
 public:
-  BgFetchState()                     = default;
-  BgFetchState(BgFetchState const &) = delete;
+  BgFetchState()                       = default;
+  BgFetchState(BgFetchState const &)   = delete;
   void operator=(BgFetchState const &) = delete;
 
   static BgFetchState &
diff --git a/plugins/background_fetch/configs.cc b/plugins/background_fetch/configs.cc
index 92d589b0e7c..d6eace2f8a5 100644
--- a/plugins/background_fetch/configs.cc
+++ b/plugins/background_fetch/configs.cc
@@ -34,10 +34,12 @@
 bool
 BgFetchConfig::parseOptions(int argc, const char *argv[])
 {
-  static const struct option longopt[] = {{const_cast("log"), required_argument, nullptr, 'l'},
-                                          {const_cast("config"), required_argument, nullptr, 'c'},
-                                          {const_cast("allow-304"), no_argument, nullptr, 'a'},
-                                          {nullptr, no_argument, nullptr, '\0'}};
+  static const struct option longopt[] = {
+    {const_cast("log"),       required_argument, nullptr, 'l' },
+    {const_cast("config"),    required_argument, nullptr, 'c' },
+    {const_cast("allow-304"), no_argument,       nullptr, 'a' },
+    {nullptr,                         no_argument,       nullptr, '\0'}
+  };
 
   while (true) {
     int opt = getopt_long(argc, const_cast(argv), "lc", longopt, nullptr);
diff --git a/plugins/cache_promote/chance_policy.h b/plugins/cache_promote/chance_policy.h
index 8c43f454cf3..fb74ab88fad 100644
--- a/plugins/cache_promote/chance_policy.h
+++ b/plugins/cache_promote/chance_policy.h
@@ -26,7 +26,8 @@
 class ChancePolicy : public PromotionPolicy
 {
 public:
-  bool doPromote(TSHttpTxn /* txnp ATS_UNUSED */) override
+  bool
+  doPromote(TSHttpTxn /* txnp ATS_UNUSED */) override
   {
     TSDebug(PLUGIN_NAME, "ChancePolicy::doPromote(%f)", getSample());
     incrementStat(_promoted_id, 1);
@@ -51,8 +52,8 @@ class ChancePolicy : public PromotionPolicy
   {
     std::string_view remap_identifier                 = remap_id;
     const std::tuple stats[] = {
-      {"cache_hits", &_cache_hits_id},
-      {"promoted", &_promoted_id},
+      {"cache_hits",     &_cache_hits_id    },
+      {"promoted",       &_promoted_id      },
       {"total_requests", &_total_requests_id},
     };
 
diff --git a/plugins/cache_promote/configs.cc b/plugins/cache_promote/configs.cc
index d38d963db89..980fcea080f 100644
--- a/plugins/cache_promote/configs.cc
+++ b/plugins/cache_promote/configs.cc
@@ -25,18 +25,18 @@
 // ToDo: It's ugly that this is a "global" options list, clearly each policy should be able
 // to add to this list, making them more modular.
 static const struct option longopt[] = {
-  {const_cast("policy"), required_argument, nullptr, 'p'},
-  {const_cast("stats-enable-with-id"), required_argument, nullptr, 'e'},
-  // This is for both Chance and LRU (optional) policy
-  {const_cast("sample"), required_argument, nullptr, 's'},
-  // For the LRU policy
-  {const_cast("buckets"), required_argument, nullptr, 'b'},
-  {const_cast("hits"), required_argument, nullptr, 'h'},
-  {const_cast("bytes"), required_argument, nullptr, 'B'},
-  {const_cast("label"), required_argument, nullptr, 'l'},
-  {const_cast("internal-enabled"), no_argument, nullptr, 'i'},
-  // EOF
-  {nullptr, no_argument, nullptr, '\0'},
+  {const_cast("policy"),               required_argument, nullptr, 'p' },
+  {const_cast("stats-enable-with-id"), required_argument, nullptr, 'e' },
+ // This is for both Chance and LRU (optional) policy
+  {const_cast("sample"),               required_argument, nullptr, 's' },
+ // For the LRU policy
+  {const_cast("buckets"),              required_argument, nullptr, 'b' },
+  {const_cast("hits"),                 required_argument, nullptr, 'h' },
+  {const_cast("bytes"),                required_argument, nullptr, 'B' },
+  {const_cast("label"),                required_argument, nullptr, 'l' },
+  {const_cast("internal-enabled"),     no_argument,       nullptr, 'i' },
+ // EOF
+  {nullptr,                                    no_argument,       nullptr, '\0'},
 };
 
 // The destructor is responsible for returning the policy to the PolicyManager.
diff --git a/plugins/cache_promote/lru_policy.cc b/plugins/cache_promote/lru_policy.cc
index f5254093830..dfba26ed971 100644
--- a/plugins/cache_promote/lru_policy.cc
+++ b/plugins/cache_promote/lru_policy.cc
@@ -259,10 +259,14 @@ LRUPolicy::stats_add(const char *remap_id)
 {
   std::string_view remap_identifier                 = remap_id;
   const std::tuple stats[] = {
-    {"cache_hits", &_cache_hits_id}, {"freelist_size", &_freelist_size_id},
-    {"lru_size", &_lru_size_id},     {"lru_hit", &_lru_hit_id},
-    {"lru_miss", &_lru_miss_id},     {"lru_vacated", &_lru_vacated_id},
-    {"promoted", &_promoted_id},     {"total_requests", &_total_requests_id},
+    {"cache_hits",     &_cache_hits_id    },
+    {"freelist_size",  &_freelist_size_id },
+    {"lru_size",       &_lru_size_id      },
+    {"lru_hit",        &_lru_hit_id       },
+    {"lru_miss",       &_lru_miss_id      },
+    {"lru_vacated",    &_lru_vacated_id   },
+    {"promoted",       &_promoted_id      },
+    {"total_requests", &_total_requests_id},
   };
 
   if (nullptr == remap_id) {
diff --git a/plugins/cache_promote/policy_manager.h b/plugins/cache_promote/policy_manager.h
index bdf7bfba1f1..bd4d9574505 100644
--- a/plugins/cache_promote/policy_manager.h
+++ b/plugins/cache_promote/policy_manager.h
@@ -41,7 +41,7 @@ class PolicyManager
   void releasePolicy(PromotionPolicy *policy);
 
   // Don't allow copy-constructors.
-  PolicyManager(PolicyManager const &) = delete;
+  PolicyManager(PolicyManager const &)  = delete;
   void operator=(PolicyManager const &) = delete;
 
 private:
diff --git a/plugins/cache_range_requests/cache_range_requests.cc b/plugins/cache_range_requests/cache_range_requests.cc
index 46539f370ad..fc979c97693 100644
--- a/plugins/cache_range_requests/cache_range_requests.cc
+++ b/plugins/cache_range_requests/cache_range_requests.cc
@@ -36,7 +36,7 @@
 #include 
 #include 
 
-#define PLUGIN_NAME "cache_range_requests"
+#define PLUGIN_NAME         "cache_range_requests"
 #define DEBUG_LOG(fmt, ...) TSDebug(PLUGIN_NAME, "[%s:%d] %s(): " fmt, __FILE__, __LINE__, __func__, ##__VA_ARGS__)
 #define ERROR_LOG(fmt, ...) TSError("[%s:%d] %s(): " fmt, __FILE__, __LINE__, __func__, ##__VA_ARGS__)
 
@@ -105,13 +105,13 @@ create_pluginconfig(int argc, char *const argv[])
   }
 
   static const struct option longopts[] = {
-    {const_cast("consider-ims"), no_argument, nullptr, 'c'},
-    {const_cast("ims-header"), required_argument, nullptr, 'i'},
-    {const_cast("no-modify-cachekey"), no_argument, nullptr, 'n'},
-    {const_cast("ps-cachekey"), no_argument, nullptr, 'p'},
-    {const_cast("verify-cacheability"), no_argument, nullptr, 'v'},
-    {const_cast("cache-complete-responses"), no_argument, nullptr, 'r'},
-    {nullptr, 0, nullptr, 0},
+    {const_cast("consider-ims"),             no_argument,       nullptr, 'c'},
+    {const_cast("ims-header"),               required_argument, nullptr, 'i'},
+    {const_cast("no-modify-cachekey"),       no_argument,       nullptr, 'n'},
+    {const_cast("ps-cachekey"),              no_argument,       nullptr, 'p'},
+    {const_cast("verify-cacheability"),      no_argument,       nullptr, 'v'},
+    {const_cast("cache-complete-responses"), no_argument,       nullptr, 'r'},
+    {nullptr,                                        0,                 nullptr, 0  },
   };
 
   // getopt assumes args start at '1'
diff --git a/plugins/cachekey/cachekey.h b/plugins/cachekey/cachekey.h
index 0b47e85984d..5dea72fecf3 100644
--- a/plugins/cachekey/cachekey.h
+++ b/plugins/cachekey/cachekey.h
@@ -69,7 +69,7 @@ class CacheKey
   bool finalize() const;
 
   // noncopyable
-  CacheKey(const CacheKey &) = delete;            // disallow
+  CacheKey(const CacheKey &)            = delete; // disallow
   CacheKey &operator=(const CacheKey &) = delete; // disallow
 
 private:
diff --git a/plugins/cachekey/configs.cc b/plugins/cachekey/configs.cc
index b2bc42d5e70..01a81fcd5a6 100644
--- a/plugins/cachekey/configs.cc
+++ b/plugins/cachekey/configs.cc
@@ -376,31 +376,31 @@ bool
 Configs::init(int argc, const char *argv[], bool perRemapConfig)
 {
   static const struct option longopt[] = {
-    {const_cast("exclude-params"), optional_argument, nullptr, 'a'},
-    {const_cast("include-params"), optional_argument, nullptr, 'b'},
+    {const_cast("exclude-params"),       optional_argument, nullptr, 'a'},
+    {const_cast("include-params"),       optional_argument, nullptr, 'b'},
     {const_cast("include-match-params"), optional_argument, nullptr, 'c'},
     {const_cast("exclude-match-params"), optional_argument, nullptr, 'd'},
-    {const_cast("sort-params"), optional_argument, nullptr, 'e'},
-    {const_cast("remove-all-params"), optional_argument, nullptr, 'f'},
-    {const_cast("include-headers"), optional_argument, nullptr, 'g'},
-    {const_cast("include-cookies"), optional_argument, nullptr, 'h'},
-    {const_cast("ua-capture"), optional_argument, nullptr, 'i'},
-    {const_cast("ua-allowlist"), optional_argument, nullptr, 'j'},
-    {const_cast("ua-denylist"), optional_argument, nullptr, 'k'},
-    {const_cast("static-prefix"), optional_argument, nullptr, 'l'},
-    {const_cast("capture-prefix"), optional_argument, nullptr, 'm'},
-    {const_cast("capture-prefix-uri"), optional_argument, nullptr, 'n'},
-    {const_cast("capture-path"), optional_argument, nullptr, 'o'},
-    {const_cast("capture-path-uri"), optional_argument, nullptr, 'p'},
-    {const_cast("remove-prefix"), optional_argument, nullptr, 'q'},
-    {const_cast("remove-path"), optional_argument, nullptr, 'r'},
-    {const_cast("separator"), optional_argument, nullptr, 's'},
-    {const_cast("uri-type"), optional_argument, nullptr, 't'},
-    {const_cast("key-type"), optional_argument, nullptr, 'u'},
-    {const_cast("capture-header"), optional_argument, nullptr, 'v'},
-    {const_cast("canonical-prefix"), optional_argument, nullptr, 'w'},
-    /* reserve 'z' for 'config' files */
-    {nullptr, 0, nullptr, 0},
+    {const_cast("sort-params"),          optional_argument, nullptr, 'e'},
+    {const_cast("remove-all-params"),    optional_argument, nullptr, 'f'},
+    {const_cast("include-headers"),      optional_argument, nullptr, 'g'},
+    {const_cast("include-cookies"),      optional_argument, nullptr, 'h'},
+    {const_cast("ua-capture"),           optional_argument, nullptr, 'i'},
+    {const_cast("ua-allowlist"),         optional_argument, nullptr, 'j'},
+    {const_cast("ua-denylist"),          optional_argument, nullptr, 'k'},
+    {const_cast("static-prefix"),        optional_argument, nullptr, 'l'},
+    {const_cast("capture-prefix"),       optional_argument, nullptr, 'm'},
+    {const_cast("capture-prefix-uri"),   optional_argument, nullptr, 'n'},
+    {const_cast("capture-path"),         optional_argument, nullptr, 'o'},
+    {const_cast("capture-path-uri"),     optional_argument, nullptr, 'p'},
+    {const_cast("remove-prefix"),        optional_argument, nullptr, 'q'},
+    {const_cast("remove-path"),          optional_argument, nullptr, 'r'},
+    {const_cast("separator"),            optional_argument, nullptr, 's'},
+    {const_cast("uri-type"),             optional_argument, nullptr, 't'},
+    {const_cast("key-type"),             optional_argument, nullptr, 'u'},
+    {const_cast("capture-header"),       optional_argument, nullptr, 'v'},
+    {const_cast("canonical-prefix"),     optional_argument, nullptr, 'w'},
+ /* reserve 'z' for 'config' files */
+    {nullptr,                                    0,                 nullptr, 0  },
   };
 
   bool status = true;
diff --git a/plugins/cachekey/pattern.h b/plugins/cachekey/pattern.h
index 2b36fd70884..2415f47040f 100644
--- a/plugins/cachekey/pattern.h
+++ b/plugins/cachekey/pattern.h
@@ -92,7 +92,7 @@ class MultiPattern
   String _name;                 /**< @brief multi-pattern name */
 
   // noncopyable
-  MultiPattern(const MultiPattern &) = delete;            // disallow
+  MultiPattern(const MultiPattern &)            = delete; // disallow
   MultiPattern &operator=(const MultiPattern &) = delete; // disallow
 };
 
@@ -115,7 +115,7 @@ class NonMatchingMultiPattern : public MultiPattern
   }
 
   // noncopyable
-  NonMatchingMultiPattern(const NonMatchingMultiPattern &) = delete;            // disallow
+  NonMatchingMultiPattern(const NonMatchingMultiPattern &)            = delete; // disallow
   NonMatchingMultiPattern &operator=(const NonMatchingMultiPattern &) = delete; // disallow
 };
 
@@ -132,7 +132,7 @@ class Classifier
   void add(MultiPattern *pattern);
 
   // noncopyable
-  Classifier(const Classifier &) = delete;            // disallow
+  Classifier(const Classifier &)            = delete; // disallow
   Classifier &operator=(const Classifier &) = delete; // disallow
 
 private:
diff --git a/plugins/certifier/certifier.cc b/plugins/certifier/certifier.cc
index 49b6bea420f..4becb75dcbb 100644
--- a/plugins/certifier/certifier.cc
+++ b/plugins/certifier/certifier.cc
@@ -251,7 +251,7 @@ class SslLRUList
         }
         data->prev = nullptr;
         data->next = nullptr;
-        size -= 1;
+        size       -= 1;
       }
     }
     TSMutexUnlock(list_mutex);
@@ -569,9 +569,13 @@ TSPluginInit(int argc, const char *argv[])
 
   // Read options from plugin.config
   static const struct option longopts[] = {
-    {"sign-cert", required_argument, nullptr, 'c'},   {"sign-key", required_argument, nullptr, 'k'},
-    {"sign-serial", required_argument, nullptr, 'r'}, {"max", required_argument, nullptr, 'm'},
-    {"store", required_argument, nullptr, 's'},       {nullptr, no_argument, nullptr, 0}};
+    {"sign-cert",   required_argument, nullptr, 'c'},
+    {"sign-key",    required_argument, nullptr, 'k'},
+    {"sign-serial", required_argument, nullptr, 'r'},
+    {"max",         required_argument, nullptr, 'm'},
+    {"store",       required_argument, nullptr, 's'},
+    {nullptr,       no_argument,       nullptr, 0  }
+  };
 
   int opt = 0;
   while (opt >= 0) {
diff --git a/plugins/esi/combo_handler.cc b/plugins/esi/combo_handler.cc
index d8b9ec09900..9096bd2e77e 100644
--- a/plugins/esi/combo_handler.cc
+++ b/plugins/esi/combo_handler.cc
@@ -267,7 +267,7 @@ CacheControlHeader::update(TSMBuffer bufp, TSMLoc hdr_loc)
         if (strncasecmp(val, TS_HTTP_VALUE_MAX_AGE, TS_HTTP_LEN_MAX_AGE) == 0) {
           unsigned int max_age = 0;
           char *ptr            = const_cast(val);
-          ptr += TS_HTTP_LEN_MAX_AGE;
+          ptr                  += TS_HTTP_LEN_MAX_AGE;
           while ((*ptr == ' ') || (*ptr == '\t')) {
             ptr++;
           }
@@ -356,7 +356,7 @@ TSPluginInit(int argc, const char *argv[])
     int c;
     static const struct option longopts[] = {
       {"max-files", required_argument, nullptr, 'f'},
-      {nullptr, 0, nullptr, 0},
+      {nullptr,     0,                 nullptr, 0  },
     };
 
     int longindex = 0;
@@ -652,7 +652,7 @@ parseQueryParameters(const char *query, int query_len, ClientRequest &creq)
                 common_prefix_path      = common_prefix;
                 common_prefix_path_size = i;
                 ++i; // go beyond the ':'
-                common_prefix += i;
+                common_prefix      += i;
                 common_prefix_size -= i;
                 break;
               }
@@ -866,7 +866,7 @@ readInterceptRequest(InterceptData &int_data)
         int_data.read_complete = true;
       }
       consumed += data_len;
-      block = TSIOBufferBlockNext(block);
+      block    = TSIOBufferBlockNext(block);
     }
   }
   LOG_DEBUG("Consumed %d bytes from input vio", consumed);
diff --git a/plugins/esi/esi.cc b/plugins/esi/esi.cc
index e1ec1c4f1c5..8993a808876 100644
--- a/plugins/esi/esi.cc
+++ b/plugins/esi/esi.cc
@@ -61,21 +61,21 @@ struct OptionInfo {
 static HandlerManager *gHandlerManager = nullptr;
 static Utils::HeaderValueList gAllowlistCookies;
 
-#define DEBUG_TAG "plugin_esi"
-#define PROCESSOR_DEBUG_TAG "plugin_esi_processor"
-#define GZIP_DEBUG_TAG "plugin_esi_gzip"
-#define GUNZIP_DEBUG_TAG "plugin_esi_gunzip"
-#define PARSER_DEBUG_TAG "plugin_esi_parser"
-#define FETCHER_DEBUG_TAG "plugin_esi_fetcher"
-#define VARS_DEBUG_TAG "plugin_esi_vars"
+#define DEBUG_TAG             "plugin_esi"
+#define PROCESSOR_DEBUG_TAG   "plugin_esi_processor"
+#define GZIP_DEBUG_TAG        "plugin_esi_gzip"
+#define GUNZIP_DEBUG_TAG      "plugin_esi_gunzip"
+#define PARSER_DEBUG_TAG      "plugin_esi_parser"
+#define FETCHER_DEBUG_TAG     "plugin_esi_fetcher"
+#define VARS_DEBUG_TAG        "plugin_esi_vars"
 #define HANDLER_MGR_DEBUG_TAG "plugin_esi_handler_mgr"
-#define EXPR_DEBUG_TAG VARS_DEBUG_TAG
+#define EXPR_DEBUG_TAG        VARS_DEBUG_TAG
 
-#define MIME_FIELD_XESI "X-Esi"
+#define MIME_FIELD_XESI     "X-Esi"
 #define MIME_FIELD_XESI_LEN 5
 
 #define HTTP_VALUE_PRIVATE_EXPIRES "-1"
-#define HTTP_VALUE_PRIVATE_CC "max-age=0, private"
+#define HTTP_VALUE_PRIVATE_CC      "max-age=0, private"
 
 enum DataType {
   DATA_TYPE_RAW_ESI     = 0,
@@ -1595,12 +1595,12 @@ esiPluginInit(int argc, const char *argv[], struct OptionInfo *pOptionInfo)
   if (argc > 1) {
     int c;
     static const struct option longopts[] = {
-      {const_cast("packed-node-support"), no_argument, nullptr, 'n'},
-      {const_cast("private-response"), no_argument, nullptr, 'p'},
-      {const_cast("disable-gzip-output"), no_argument, nullptr, 'z'},
-      {const_cast("first-byte-flush"), no_argument, nullptr, 'b'},
-      {const_cast("handler-filename"), required_argument, nullptr, 'f'},
-      {nullptr, 0, nullptr, 0},
+      {const_cast("packed-node-support"), no_argument,       nullptr, 'n'},
+      {const_cast("private-response"),    no_argument,       nullptr, 'p'},
+      {const_cast("disable-gzip-output"), no_argument,       nullptr, 'z'},
+      {const_cast("first-byte-flush"),    no_argument,       nullptr, 'b'},
+      {const_cast("handler-filename"),    required_argument, nullptr, 'f'},
+      {nullptr,                                   0,                 nullptr, 0  },
     };
 
     int longindex = 0;
diff --git a/plugins/esi/fetcher/HttpDataFetcherImpl.cc b/plugins/esi/fetcher/HttpDataFetcherImpl.cc
index 70e4334c24d..9d467c4c42b 100644
--- a/plugins/esi/fetcher/HttpDataFetcherImpl.cc
+++ b/plugins/esi/fetcher/HttpDataFetcherImpl.cc
@@ -112,7 +112,7 @@ HttpDataFetcherImpl::addFetchRequest(const string &url, FetchedDataProcessor *ca
   event_ids.success_event_id = _curr_event_id_base;
   event_ids.failure_event_id = _curr_event_id_base + 1;
   event_ids.timeout_event_id = _curr_event_id_base + 2;
-  _curr_event_id_base += 3;
+  _curr_event_id_base        += 3;
 
   TSFetchUrl(http_req, length, reinterpret_cast(&_client_addr), _contp, AFTER_BODY, event_ids);
   if (http_req != buff) {
diff --git a/plugins/esi/lib/DocNode.cc b/plugins/esi/lib/DocNode.cc
index 030304a7822..7053fa0ce9c 100644
--- a/plugins/esi/lib/DocNode.cc
+++ b/plugins/esi/lib/DocNode.cc
@@ -44,9 +44,9 @@ packString(const char *str, int32_t str_len, string &buffer)
 inline void
 unpackString(const char *&packed_data, const char *&item, int32_t &item_len)
 {
-  item_len = *(reinterpret_cast(packed_data));
+  item_len    = *(reinterpret_cast(packed_data));
   packed_data += sizeof(int32_t);
-  item = item_len ? packed_data : nullptr;
+  item        = item_len ? packed_data : nullptr;
   packed_data += item_len;
 }
 
@@ -54,7 +54,7 @@ template 
 inline void
 unpackItem(const char *&packed_data, T &item)
 {
-  item = *(reinterpret_cast(packed_data));
+  item        = *(reinterpret_cast(packed_data));
   packed_data += sizeof(T);
 }
 
@@ -62,7 +62,7 @@ void
 DocNode::pack(string &buffer) const
 {
   int32_t orig_buf_size = buffer.size();
-  buffer += DOCNODE_VERSION;
+  buffer                += DOCNODE_VERSION;
   buffer.append(sizeof(int32_t), ' '); // reserve space for length
   buffer.append(reinterpret_cast(&type), sizeof(type));
   packString(data, data_len, buffer);
diff --git a/plugins/esi/lib/EsiGzip.cc b/plugins/esi/lib/EsiGzip.cc
index 2687bd875bb..01f0a80c61c 100644
--- a/plugins/esi/lib/EsiGzip.cc
+++ b/plugins/esi/lib/EsiGzip.cc
@@ -42,7 +42,7 @@ inline void
 append(string &out, T data)
 {
   for (unsigned int i = 0; i < sizeof(data); ++i) {
-    out += static_cast(data & 0xff);
+    out  += static_cast(data & 0xff);
     data = data >> 8;
   }
 }
@@ -102,7 +102,7 @@ EsiGzip::stream_encode(const char *data, int data_len, std::string &cdata)
 
       return false;
     }
-    _crc = crc32(_crc, reinterpret_cast(data), data_len);
+    _crc               = crc32(_crc, reinterpret_cast(data), data_len);
     _total_data_length += data_len;
   }
   _downstream_length += cdata.size() - initial_cdata_size;
@@ -148,7 +148,7 @@ EsiGzip::stream_finish(std::string &cdata, int &downstream_length)
   append(cdata, static_cast(_crc));
   append(cdata, static_cast(_total_data_length));
   _downstream_length += cdata.size() - initial_cdata_size;
-  downstream_length = _downstream_length;
+  downstream_length  = _downstream_length;
   return true;
 }
 
diff --git a/plugins/esi/lib/EsiParser.cc b/plugins/esi/lib/EsiParser.cc
index 95080aa413e..e995c27877f 100644
--- a/plugins/esi/lib/EsiParser.cc
+++ b/plugins/esi/lib/EsiParser.cc
@@ -138,7 +138,7 @@ EsiParser::_searchData(const string &data, size_t start_pos, const char *str, in
       }
     } else {
       i_data -= i_str;
-      i_str = 0;
+      i_str  = 0;
     }
     ++i_data;
   }
@@ -334,7 +334,7 @@ EsiParser::_parse(const string &data, int &parse_start_pos, DocNodeList &node_li
       }
     }
 
-    curr_pos += node_info->tag_suffix_len;
+    curr_pos      += node_info->tag_suffix_len;
     search_result = _searchData(data, curr_pos, node_info->closing_tag, node_info->closing_tag_len, end_pos);
 
     if ((search_result == NO_MATCH) || (search_result == PARTIAL_MATCH)) {
diff --git a/plugins/esi/lib/Expression.cc b/plugins/esi/lib/Expression.cc
index 0bb72702da5..e07feda1d67 100644
--- a/plugins/esi/lib/Expression.cc
+++ b/plugins/esi/lib/Expression.cc
@@ -90,7 +90,7 @@ Expression::expand(const char *expr, int expr_len /* = -1 */)
         _debugLog(_debug_tag, "[%s] Got value [%.*s] for variable [%.*s]", __FUNCTION__, var_value.size(), var_value.data(),
                   var_size, expr + var_start_index);
         last_variable_expanded = (var_value.size() > 0);
-        _value += var_value;
+        _value                 += var_value;
       } else {
         _debugLog(_debug_tag, "[%s] Parsing out empty variable", __FUNCTION__);
       }
diff --git a/plugins/esi/lib/Utils.h b/plugins/esi/lib/Utils.h
index c093441f4e6..544a1923676 100644
--- a/plugins/esi/lib/Utils.h
+++ b/plugins/esi/lib/Utils.h
@@ -71,7 +71,7 @@ namespace Utils
         ;
       for (j = (data_len - 1); ((j > i) && isspace(data[j])); --j)
         ;
-      data += i;
+      data     += i;
       data_len = j - i + 1;
     }
   }
diff --git a/plugins/esi/lib/Variables.h b/plugins/esi/lib/Variables.h
index c747ba9d216..0764b131f8a 100644
--- a/plugins/esi/lib/Variables.h
+++ b/plugins/esi/lib/Variables.h
@@ -98,7 +98,7 @@ class Variables : private ComponentBase
   ~Variables() override { _releaseCookieJar(); };
 
   // noncopyable
-  Variables(const Variables &) = delete;            // non-copyable
+  Variables(const Variables &)            = delete; // non-copyable
   Variables &operator=(const Variables &) = delete; // non-copyable
 
 private:
diff --git a/plugins/esi/lib/gzip.cc b/plugins/esi/lib/gzip.cc
index d87cb77d631..d623f817e1c 100644
--- a/plugins/esi/lib/gzip.cc
+++ b/plugins/esi/lib/gzip.cc
@@ -36,7 +36,7 @@ inline void
 append(string &out, T data)
 {
   for (unsigned int i = 0; i < sizeof(data); ++i) {
-    out += static_cast(data & 0xff);
+    out  += static_cast(data & 0xff);
     data = data >> 8;
   }
 }
@@ -94,12 +94,12 @@ EsiLib::gzip(const ByteBlockList &blocks, std::string &cdata)
     if (block.data && (block.data_len > 0)) {
       zstrm.next_in  = reinterpret_cast(const_cast(block.data));
       zstrm.avail_in = block.data_len;
-      in_data_size += block.data_len;
+      in_data_size   += block.data_len;
       deflate_result = runDeflateLoop(zstrm, 0, cdata);
       if (deflate_result != Z_OK) {
         break; // break out of the blocks iteration
       }
-      crc = crc32(crc, reinterpret_cast(block.data), block.data_len);
+      crc            = crc32(crc, reinterpret_cast(block.data), block.data_len);
       total_data_len += block.data_len;
     }
   }
@@ -134,7 +134,7 @@ EsiLib::gunzip(const char *data, int data_len, BufferList &buf_list)
     Utils::ERROR_LOG("[%s] Header check failed!", __FUNCTION__);
     return false;
   }
-  data += GZIP_HEADER_SIZE;
+  data     += GZIP_HEADER_SIZE;
   data_len -= (GZIP_HEADER_SIZE + GZIP_TRAILER_SIZE);
   buf_list.clear();
   z_stream zstrm;
@@ -173,7 +173,7 @@ EsiLib::gunzip(const char *data, int data_len, BufferList &buf_list)
       break;
     }
     unzipped_data_size += curr_buf_size;
-    crc = crc32(crc, reinterpret_cast(raw_buf), curr_buf_size);
+    crc                = crc32(crc, reinterpret_cast(raw_buf), curr_buf_size);
 
     // push empty object onto list and add data to in-list object to
     // avoid data copy for temporary
diff --git a/plugins/esi/serverIntercept.cc b/plugins/esi/serverIntercept.cc
index 8c4db893a4d..b6ac7863554 100644
--- a/plugins/esi/serverIntercept.cc
+++ b/plugins/esi/serverIntercept.cc
@@ -183,7 +183,7 @@ handleRead(SContData *cont_data, bool &read_complete)
         cont_data->body.append(data, data_len);
       }
       consumed += data_len;
-      block = TSIOBufferBlockNext(block);
+      block    = TSIOBufferBlockNext(block);
     }
   }
 
diff --git a/plugins/esi/test/gzip_test.cc b/plugins/esi/test/gzip_test.cc
index 2d8ea6ec2e1..cbfe7b6b989 100644
--- a/plugins/esi/test/gzip_test.cc
+++ b/plugins/esi/test/gzip_test.cc
@@ -45,7 +45,7 @@ main()
     cout << endl << "===================== Test 1" << endl;
     const char expected_cdata[] = "\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\x03\xf3\x48\xcd\xc9\xc9\x57\x08\xcf\x2f\xca\x49\x51\x04\x00"
                                   "\xa3\x1c\x29\x1c\x0c\x00\x00\x00";
-    const char expected_data[] = "Hello World!";
+    const char expected_data[]  = "Hello World!";
 
     string cdata;
     // check output of gzip
@@ -75,7 +75,7 @@ main()
     // OS_TYPE (byte[9]) is 0
     const char expected_cdata[] = "\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\x00\xf3\x48\xcd\xc9\xc9\x57\x08\xcf\x2f\xca\x49\x51\x04\x00"
                                   "\xa3\x1c\x29\x1c\x0c\x00\x00\x00";
-    const char expected_data[] = "Hello World!";
+    const char expected_data[]  = "Hello World!";
 
     BufferList buf_list;
     string data;
diff --git a/plugins/experimental/access_control/access_control.cc b/plugins/experimental/access_control/access_control.cc
index 9cb949579bc..18cbdb2a821 100644
--- a/plugins/experimental/access_control/access_control.cc
+++ b/plugins/experimental/access_control/access_control.cc
@@ -236,7 +236,7 @@ KvpAccessToken::parse(const StringView token)
 
   /* Now identify the pay-load which was signed */
   payloadSize += _tokenConfig.messageDigestName.size() + _tokenConfig.kvDelimiter.size();
-  _payload = _token.substr(0, payloadSize);
+  _payload    = _token.substr(0, payloadSize);
 
   DEBUG_OUT("payload:'" << _payload << "'");
 
diff --git a/plugins/experimental/access_control/access_control.h b/plugins/experimental/access_control/access_control.h
index 7d860083507..7aefefc5bd2 100644
--- a/plugins/experimental/access_control/access_control.h
+++ b/plugins/experimental/access_control/access_control.h
@@ -291,4 +291,4 @@ class AccessTokenFactory
 /* Define user friendly names for supported hash functions and cryptographic signature schemes */
 #define WDN_HASH_SHA256 "HMAC-SHA-256"
 #define WDN_HASH_SHA512 "HMAC-SHA-512"
-#define WDN_RSA_PSS "RSA_PSS"
+#define WDN_RSA_PSS     "RSA_PSS"
diff --git a/plugins/experimental/access_control/config.cc b/plugins/experimental/access_control/config.cc
index b401e6fc838..a3cff02b226 100644
--- a/plugins/experimental/access_control/config.cc
+++ b/plugins/experimental/access_control/config.cc
@@ -169,23 +169,25 @@ load(T &container, const String &filename)
 bool
 AccessControlConfig::init(int argc, char *argv[])
 {
-  static const struct option longopt[] = {{const_cast("invalid-syntax-status-code"), optional_argument, nullptr, 'a'},
-                                          {const_cast("invalid-signature-status-code"), optional_argument, nullptr, 'b'},
-                                          {const_cast("invalid-timing-status-code"), optional_argument, nullptr, 'c'},
-                                          {const_cast("invalid-scope-status-code"), optional_argument, nullptr, 'd'},
-                                          {const_cast("invalid-origin-response"), optional_argument, nullptr, 'e'},
-                                          {const_cast("internal-error-status-code"), optional_argument, nullptr, 'f'},
-                                          {const_cast("check-cookie"), optional_argument, nullptr, 'g'},
-                                          {const_cast("symmetric-keys-map"), optional_argument, nullptr, 'h'},
-                                          {const_cast("reject-invalid-token-requests"), optional_argument, nullptr, 'i'},
-                                          {const_cast("extract-subject-to-header"), optional_argument, nullptr, 'j'},
-                                          {const_cast("extract-tokenid-to-header"), optional_argument, nullptr, 'k'},
-                                          {const_cast("extract-status-to-header"), optional_argument, nullptr, 'l'},
-                                          {const_cast("token-response-header"), optional_argument, nullptr, 'm'},
-                                          {const_cast("use-redirects"), optional_argument, nullptr, 'n'},
-                                          {const_cast("include-uri-paths-file"), optional_argument, nullptr, 'o'},
-                                          {const_cast("exclude-uri-paths-file"), optional_argument, nullptr, 'p'},
-                                          {nullptr, 0, nullptr, 0}};
+  static const struct option longopt[] = {
+    {const_cast("invalid-syntax-status-code"),    optional_argument, nullptr, 'a'},
+    {const_cast("invalid-signature-status-code"), optional_argument, nullptr, 'b'},
+    {const_cast("invalid-timing-status-code"),    optional_argument, nullptr, 'c'},
+    {const_cast("invalid-scope-status-code"),     optional_argument, nullptr, 'd'},
+    {const_cast("invalid-origin-response"),       optional_argument, nullptr, 'e'},
+    {const_cast("internal-error-status-code"),    optional_argument, nullptr, 'f'},
+    {const_cast("check-cookie"),                  optional_argument, nullptr, 'g'},
+    {const_cast("symmetric-keys-map"),            optional_argument, nullptr, 'h'},
+    {const_cast("reject-invalid-token-requests"), optional_argument, nullptr, 'i'},
+    {const_cast("extract-subject-to-header"),     optional_argument, nullptr, 'j'},
+    {const_cast("extract-tokenid-to-header"),     optional_argument, nullptr, 'k'},
+    {const_cast("extract-status-to-header"),      optional_argument, nullptr, 'l'},
+    {const_cast("token-response-header"),         optional_argument, nullptr, 'm'},
+    {const_cast("use-redirects"),                 optional_argument, nullptr, 'n'},
+    {const_cast("include-uri-paths-file"),        optional_argument, nullptr, 'o'},
+    {const_cast("exclude-uri-paths-file"),        optional_argument, nullptr, 'p'},
+    {nullptr,                                             0,                 nullptr, 0  }
+  };
 
   bool status = true;
   optind      = 0;
diff --git a/plugins/experimental/access_control/pattern.h b/plugins/experimental/access_control/pattern.h
index f4f37a7a600..e002d409086 100644
--- a/plugins/experimental/access_control/pattern.h
+++ b/plugins/experimental/access_control/pattern.h
@@ -90,7 +90,7 @@ class MultiPattern
   String _name;                 /**< @brief multi-pattern name */
 
   // noncopyable
-  MultiPattern(const MultiPattern &) = delete;            // disallow
+  MultiPattern(const MultiPattern &)            = delete; // disallow
   MultiPattern &operator=(const MultiPattern &) = delete; // disallow
 };
 
@@ -119,7 +119,7 @@ class NonMatchingMultiPattern : public MultiPattern
   }
 
   // noncopyable
-  NonMatchingMultiPattern(const NonMatchingMultiPattern &) = delete;            // disallow
+  NonMatchingMultiPattern(const NonMatchingMultiPattern &)            = delete; // disallow
   NonMatchingMultiPattern &operator=(const NonMatchingMultiPattern &) = delete; // disallow
 };
 
@@ -140,7 +140,7 @@ class Classifier
   bool empty();
 
   // noncopyable
-  Classifier(const Classifier &) = delete;            // disallow
+  Classifier(const Classifier &)            = delete; // disallow
   Classifier &operator=(const Classifier &) = delete; // disallow
 
 private:
diff --git a/plugins/experimental/access_control/unit_tests/test_access_control.cc b/plugins/experimental/access_control/unit_tests/test_access_control.cc
index 5bbd6c58919..6b5f1e21845 100644
--- a/plugins/experimental/access_control/unit_tests/test_access_control.cc
+++ b/plugins/experimental/access_control/unit_tests/test_access_control.cc
@@ -27,7 +27,9 @@
 
 /* AccessToken ***************************************************************************************************************** */
 
-StringMap secrets = {{"1", "1234567890"}};
+StringMap secrets = {
+  {"1", "1234567890"}
+};
 
 bool enableDebug = true;
 
diff --git a/plugins/experimental/access_control/utils.cc b/plugins/experimental/access_control/utils.cc
index 5c7af1e2662..775c15b3590 100644
--- a/plugins/experimental/access_control/utils.cc
+++ b/plugins/experimental/access_control/utils.cc
@@ -98,7 +98,7 @@ hexDecode(const char *in, size_t inLen, char *out, size_t outLen)
 
   while (src < (srcEnd - 1) && dst < dstEnd) {
     *dst++ = hex2uchar(*src) << 4 | hex2uchar(*(src + 1));
-    src += 2;
+    src    += 2;
   }
   return dst - out;
 }
@@ -151,7 +151,7 @@ urlDecode(const char *in, size_t inLen, char *out, size_t outLen)
       if (src[1] && src[2]) {
         int u  = hex2uchar(*(src + 1)) << 4 | hex2uchar(*(src + 2));
         *dst++ = static_cast(u);
-        src += 2;
+        src    += 2;
       }
     } else if (*src == '+') {
       *dst++ = ' ';
diff --git a/plugins/experimental/acme/acme.c b/plugins/experimental/acme/acme.c
index 2a01c4f87a7..b1d1dc2df36 100644
--- a/plugins/experimental/acme/acme.c
+++ b/plugins/experimental/acme/acme.c
@@ -202,7 +202,7 @@ acme_process_write(TSCont contp, TSEvent event, AcmeState *my_state)
     char buf[64]; /* Plenty of space for CL: header */
     int len;
 
-    len = snprintf(buf, sizeof(buf), "Content-Length: %zd\r\n\r\n", (size_t)my_state->stat_buf.st_size);
+    len                    = snprintf(buf, sizeof(buf), "Content-Length: %zd\r\n\r\n", (size_t)my_state->stat_buf.st_size);
     my_state->output_bytes += add_data_to_resp(buf, len, my_state);
     my_state->output_bytes += add_file_to_resp(my_state);
 
@@ -303,8 +303,8 @@ TSPluginInit(int argc, const char *argv[])
   const char *proof = "acme";
 
   static const struct option longopt[] = {
-    {(char *)"proof-directory", optional_argument, NULL, 'p'},
-    {NULL, no_argument, NULL, '\0'},
+    {(char *)"proof-directory", optional_argument, NULL, 'p' },
+    {NULL,                      no_argument,       NULL, '\0'},
   };
 
   memset(&gConfig, 0, sizeof(gConfig));
diff --git a/plugins/experimental/cache_fill/background_fetch.h b/plugins/experimental/cache_fill/background_fetch.h
index 1a70ec95e9b..64b7e72234d 100644
--- a/plugins/experimental/cache_fill/background_fetch.h
+++ b/plugins/experimental/cache_fill/background_fetch.h
@@ -46,8 +46,8 @@ const char PLUGIN_NAME[] = "cache_fill";
 class BgFetchState
 {
 public:
-  BgFetchState()                     = default;
-  BgFetchState(BgFetchState const &) = delete;
+  BgFetchState()                       = default;
+  BgFetchState(BgFetchState const &)   = delete;
   void operator=(BgFetchState const &) = delete;
 
   static BgFetchState &
diff --git a/plugins/experimental/cookie_remap/cookie_remap.cc b/plugins/experimental/cookie_remap/cookie_remap.cc
index b87258732d4..3ac75d0be19 100644
--- a/plugins/experimental/cookie_remap/cookie_remap.cc
+++ b/plugins/experimental/cookie_remap/cookie_remap.cc
@@ -98,7 +98,7 @@ class UrlComponents
 
   // No copying/moving.
   //
-  UrlComponents(UrlComponents const &) = delete;
+  UrlComponents(UrlComponents const &)            = delete;
   UrlComponents &operator=(UrlComponents const &) = delete;
 
   ~UrlComponents()
@@ -1053,9 +1053,9 @@ sub_lookup(char const *targ, int targ_len)
     if (count <= 0) {
       break;
     }
-    targ += opt->comp.size();
+    targ     += opt->comp.size();
     targ_len -= opt->comp.size();
-    opt = reinterpret_cast(reinterpret_cast(opt->next) + offsetof(decltype(sub), o1));
+    opt      = reinterpret_cast(reinterpret_cast(opt->next) + offsetof(decltype(sub), o1));
   }
   return count;
 }
diff --git a/plugins/experimental/cookie_remap/cookiejar.h b/plugins/experimental/cookie_remap/cookiejar.h
index 25475817f2e..0eff29146cf 100644
--- a/plugins/experimental/cookie_remap/cookiejar.h
+++ b/plugins/experimental/cookie_remap/cookiejar.h
@@ -32,7 +32,7 @@ class CookieJar
 
   bool create(const string &strCookie);
 
-  CookieJar(const CookieJar &) = delete;
+  CookieJar(const CookieJar &)            = delete;
   CookieJar &operator=(const CookieJar &) = delete;
 
   bool get_full(const string &cookie_name, string &val);
diff --git a/plugins/experimental/cookie_remap/strip.cc b/plugins/experimental/cookie_remap/strip.cc
index 0b0b9ad1a94..68fc64225ab 100644
--- a/plugins/experimental/cookie_remap/strip.cc
+++ b/plugins/experimental/cookie_remap/strip.cc
@@ -72,7 +72,7 @@ write_spaces_if_room(char **p, const char *maxp, int &slen)
     memset(*p, ' ', slen);
   }
 
-  *p += slen;
+  *p   += slen;
   slen = 0;
 }
 
diff --git a/plugins/experimental/cookie_remap/strip.h b/plugins/experimental/cookie_remap/strip.h
index 4c3ba3a77fb..9a0a739ed61 100644
--- a/plugins/experimental/cookie_remap/strip.h
+++ b/plugins/experimental/cookie_remap/strip.h
@@ -25,19 +25,19 @@ extern "C" {
 #endif
 
 /* return codes */
-#define STRIP_RESULT_OK 0            /**< success */
-#define STRIP_RESULT_BAD_PARAM -1    /**< one or more invalid arguments */
+#define STRIP_RESULT_OK           0  /**< success */
+#define STRIP_RESULT_BAD_PARAM    -1 /**< one or more invalid arguments */
 #define STRIP_RESULT_OUTLEN_SMALL -2 /**< output buffer not large enough */
-#define STRIP_RESULT_EMPTY_IN -3     /**< in consists solely of whitespace */
+#define STRIP_RESULT_EMPTY_IN     -3 /**< in consists solely of whitespace */
 
 /* defined flags */
-#define STRIP_FLAG_NONE 0x0            /**< no flags */
-#define STRIP_FLAG_STRIP_LOW 0x1       /**< stripped, html: strip low */
-#define STRIP_FLAG_STRIP_HIGH 0x2      /**< stripped, html: strip high */
-#define STRIP_FLAG_LEAVE_WHITESP 0x4   /**< all: avoid trimming spaces */
-#define STRIP_FLAG_UNSAFE_QUOTES 0x8   /**< html: dont encode quotes */
+#define STRIP_FLAG_NONE           0x0  /**< no flags */
+#define STRIP_FLAG_STRIP_LOW      0x1  /**< stripped, html: strip low */
+#define STRIP_FLAG_STRIP_HIGH     0x2  /**< stripped, html: strip high */
+#define STRIP_FLAG_LEAVE_WHITESP  0x4  /**< all: avoid trimming spaces */
+#define STRIP_FLAG_UNSAFE_QUOTES  0x8  /**< html: dont encode quotes */
 #define STRIP_FLAG_UNSAFE_SLASHES 0x10 /**< all: dont encode backslashes */
-#define STRIP_FLAG_UNSAFE_SPACES 0x20  /**< html: stripped tag isn't space */
+#define STRIP_FLAG_UNSAFE_SPACES  0x20 /**< html: stripped tag isn't space */
 
 /** Output the input after stripping all characters that are
  *  unsafe in an HTML context.
diff --git a/plugins/experimental/fastcgi/src/ats_fastcgi.h b/plugins/experimental/fastcgi/src/ats_fastcgi.h
index 708b982b7de..67163193277 100644
--- a/plugins/experimental/fastcgi/src/ats_fastcgi.h
+++ b/plugins/experimental/fastcgi/src/ats_fastcgi.h
@@ -18,12 +18,12 @@
 
 #pragma once
 
-#define PLUGIN_VENDOR "Apache Software Foundation"
+#define PLUGIN_VENDOR  "Apache Software Foundation"
 #define PLUGIN_SUPPORT "dev@trafficserver.apache.org"
 
 #define ATS_MODULE_FCGI_NAME "ats_fastcgi"
 #define ATS_MOD_FCGI_VERSION "ats_fastcgi"
-#define ATS_FCGI_PROFILER true
+#define ATS_FCGI_PROFILER    true
 
 #include "fcgi_config.h"
 #include 
diff --git a/plugins/experimental/fastcgi/src/ats_fcgi_client.cc b/plugins/experimental/fastcgi/src/ats_fcgi_client.cc
index 0ac436e6553..d6d39e1e5ca 100644
--- a/plugins/experimental/fastcgi/src/ats_fcgi_client.cc
+++ b/plugins/experimental/fastcgi/src/ats_fcgi_client.cc
@@ -149,7 +149,7 @@ FCGIClientRequest::GenerateFcgiRequestHeaders()
   if (endsWith(requestScript, "/")) {
     ats_plugin::FcgiPluginConfig *gConfig = InterceptGlobal::plugin_data->getGlobalConfigObj();
     index                                 = gConfig->getHtml();
-    requestScript += index;
+    requestScript                         += index;
   }
 
   fcgiReqHeader["DOCUMENT_ROOT"]     = InterceptGlobal::plugin_data->getGlobalConfigObj()->getDocumentRootDir();
@@ -233,7 +233,7 @@ FCGIClientRequest::createBeginRequest()
   int len = 0, nb = 0;
 
   for (const auto &it : state_->requestHeaders) {
-    nb = serializeNameValue(state_->pBuffInc, it);
+    nb  = serializeNameValue(state_->pBuffInc, it);
     len += nb;
   }
 
@@ -245,7 +245,7 @@ FCGIClientRequest::createBeginRequest()
   state_->pBuffInc += sizeof(FCGI_Header);
 
   for (const auto &it : state_->requestHeaders) {
-    nb = serializeNameValue(state_->pBuffInc, it);
+    nb               = serializeNameValue(state_->pBuffInc, it);
     state_->pBuffInc += nb;
   }
 
@@ -402,7 +402,7 @@ FCGIClientRequest::fcgiProcessContent(uchar **beg_buf, uchar *end_buf, FCGIRecor
   offset            = rec->offset;
 
   if (*state == fcgi_state_padding) {
-    *state = fcgi_state_done;
+    *state   = fcgi_state_done;
     *beg_buf += (size_t)((int)rec->length - (int)offset + (int)h->paddingLength);
     return FCGI_PROCESS_DONE;
   }
@@ -420,18 +420,18 @@ FCGIClientRequest::fcgiProcessContent(uchar **beg_buf, uchar *end_buf, FCGIRecor
 
   if (tot_len <= nb) {
     rec->offset += tot_len;
-    *state = fcgi_state_done;
-    *beg_buf += tot_len;
+    *state      = fcgi_state_done;
+    *beg_buf    += tot_len;
     return FCGI_PROCESS_DONE;
   } else if (con_len <= nb) {
     /* Have to still skip all or some of padding */
-    *state = fcgi_state_padding;
+    *state      = fcgi_state_padding;
     rec->offset += nb;
-    *beg_buf += nb;
+    *beg_buf    += nb;
     return FCGI_PROCESS_AGAIN;
   } else {
     rec->offset += nb;
-    *beg_buf += nb;
+    *beg_buf    += nb;
     return FCGI_PROCESS_AGAIN;
   }
 
diff --git a/plugins/experimental/fastcgi/src/ats_fcgi_client.h b/plugins/experimental/fastcgi/src/ats_fcgi_client.h
index 9da6aa209b6..cd99e83ab99 100644
--- a/plugins/experimental/fastcgi/src/ats_fcgi_client.h
+++ b/plugins/experimental/fastcgi/src/ats_fcgi_client.h
@@ -40,8 +40,8 @@ typedef unsigned char uchar;
 #define PRINT_OPAQUE_STRUCT(p) print_mem((p), sizeof(*(p)))
 
 #define FCGI_PROCESS_AGAIN 1
-#define FCGI_PROCESS_DONE 2
-#define FCGI_PROCESS_ERR 3
+#define FCGI_PROCESS_DONE  2
+#define FCGI_PROCESS_ERR   3
 
 namespace ats_plugin
 {
diff --git a/plugins/experimental/fastcgi/src/fcgi_config.h b/plugins/experimental/fastcgi/src/fcgi_config.h
index fbf0c63cd19..dff2bdb84aa 100644
--- a/plugins/experimental/fastcgi/src/fcgi_config.h
+++ b/plugins/experimental/fastcgi/src/fcgi_config.h
@@ -25,8 +25,8 @@
 #include 
 #include 
 
-#define PLUGIN_NAME "ats_fastcgi"
-#define PLUGIN_VENDOR "Apache Software Foundation"
+#define PLUGIN_NAME    "ats_fastcgi"
+#define PLUGIN_VENDOR  "Apache Software Foundation"
 #define PLUGIN_SUPPORT "dev@trafficserver.apache.org"
 #pragma once
 namespace ats_plugin
diff --git a/plugins/experimental/fastcgi/src/fcgi_protocol.h b/plugins/experimental/fastcgi/src/fcgi_protocol.h
index 96a1158349b..9de04e36587 100644
--- a/plugins/experimental/fastcgi/src/fcgi_protocol.h
+++ b/plugins/experimental/fastcgi/src/fcgi_protocol.h
@@ -52,18 +52,18 @@ typedef struct {
 /*
  * Values for type component of FCGI_Header
  */
-#define FCGI_BEGIN_REQUEST 1
-#define FCGI_ABORT_REQUEST 2
-#define FCGI_END_REQUEST 3
-#define FCGI_PARAMS 4
-#define FCGI_STDIN 5
-#define FCGI_STDOUT 6
-#define FCGI_STDERR 7
-#define FCGI_DATA 8
-#define FCGI_GET_VALUES 9
+#define FCGI_BEGIN_REQUEST     1
+#define FCGI_ABORT_REQUEST     2
+#define FCGI_END_REQUEST       3
+#define FCGI_PARAMS            4
+#define FCGI_STDIN             5
+#define FCGI_STDOUT            6
+#define FCGI_STDERR            7
+#define FCGI_DATA              8
+#define FCGI_GET_VALUES        9
 #define FCGI_GET_VALUES_RESULT 10
-#define FCGI_UNKNOWN_TYPE 11
-#define FCGI_MAXTYPE (FCGI_UNKNOWN_TYPE)
+#define FCGI_UNKNOWN_TYPE      11
+#define FCGI_MAXTYPE           (FCGI_UNKNOWN_TYPE)
 
 /*
  * Value for requestId component of FCGI_Header
@@ -90,9 +90,9 @@ typedef struct {
 /*
  * Values for role component of FCGI_BeginRequestBody
  */
-#define FCGI_RESPONDER 1
+#define FCGI_RESPONDER  1
 #define FCGI_AUTHORIZER 2
-#define FCGI_FILTER 3
+#define FCGI_FILTER     3
 
 typedef struct {
   unsigned char appStatusB3;
@@ -112,15 +112,15 @@ typedef struct {
  * Values for protocolStatus component of FCGI_EndRequestBody
  */
 #define FCGI_REQUEST_COMPLETE 0
-#define FCGI_CANT_MPX_CONN 1
-#define FCGI_OVERLOADED 2
-#define FCGI_UNKNOWN_ROLE 3
+#define FCGI_CANT_MPX_CONN    1
+#define FCGI_OVERLOADED       2
+#define FCGI_UNKNOWN_ROLE     3
 
 /*
  * Variable names for FCGI_GET_VALUES / FCGI_GET_VALUES_RESULT records
  */
-#define FCGI_MAX_CONNS "FCGI_MAX_CONNS"
-#define FCGI_MAX_REQS "FCGI_MAX_REQS"
+#define FCGI_MAX_CONNS  "FCGI_MAX_CONNS"
+#define FCGI_MAX_REQS   "FCGI_MAX_REQS"
 #define FCGI_MPXS_CONNS "FCGI_MPXS_CONNS"
 
 typedef struct {
diff --git a/plugins/experimental/fastcgi/src/server.h b/plugins/experimental/fastcgi/src/server.h
index b7b54de8b90..184cf58388d 100644
--- a/plugins/experimental/fastcgi/src/server.h
+++ b/plugins/experimental/fastcgi/src/server.h
@@ -54,7 +54,7 @@ struct ServerConnectionInfo {
 class ThreadData
 {
 public:
-  ThreadData(ThreadData const &) = delete;
+  ThreadData(ThreadData const &)     = delete;
   void operator=(ThreadData const &) = delete;
 
   ThreadData(Server *server) : _server(server)
@@ -93,7 +93,7 @@ class Server
 {
 public:
   static Server *server();
-  Server(Server const &) = delete;
+  Server(Server const &)         = delete;
   void operator=(Server const &) = delete;
 
   Server();
diff --git a/plugins/experimental/fastcgi/src/server_intercept.cc b/plugins/experimental/fastcgi/src/server_intercept.cc
index 9a6587bcef5..c9e73bc1e98 100644
--- a/plugins/experimental/fastcgi/src/server_intercept.cc
+++ b/plugins/experimental/fastcgi/src/server_intercept.cc
@@ -76,7 +76,7 @@ ServerIntercept::streamReqBody(const string &data)
   TSDebug(PLUGIN_NAME, "[ServerIntercept:%s] bodyCount: %d", __FUNCTION__, bodyCount++);
   if (!Server::server()->writeRequestBody(_request_id, data)) {
     dataBuffered = true;
-    clientBody += data;
+    clientBody   += data;
   }
 }
 
diff --git a/plugins/experimental/fq_pacing/fq_pacing.c b/plugins/experimental/fq_pacing/fq_pacing.c
index ecbe8c7901e..c86ee858379 100644
--- a/plugins/experimental/fq_pacing/fq_pacing.c
+++ b/plugins/experimental/fq_pacing/fq_pacing.c
@@ -132,7 +132,10 @@ TSRemapNewInstance(int argc, char *argv[], void **ih, char *errbuf, int errbuf_s
 
   if (argc > 1) {
     int c;
-    static const struct option longopts[] = {{"rate", required_argument, NULL, 'r'}, {NULL, 0, NULL, 0}};
+    static const struct option longopts[] = {
+      {"rate", required_argument, NULL, 'r'},
+      {NULL,   0,                 NULL, 0  }
+    };
 
     // The "-" in optstring is required to prevent permutation of argv, which
     // makes the plugin loader crashy
diff --git a/plugins/experimental/http_stats/http_stats.cc b/plugins/experimental/http_stats/http_stats.cc
index d4b4ea0f2a4..c453ea8320f 100644
--- a/plugins/experimental/http_stats/http_stats.cc
+++ b/plugins/experimental/http_stats/http_stats.cc
@@ -595,11 +595,13 @@ TSRemapDoRemap(void *ih, TSHttpTxn rh, TSRemapRequestInfo *rri)
 TSReturnCode
 TSRemapNewInstance(int argc, char *argv[], void **ih, char * /* errbuf ATS_UNUSED */, int /* errbuf_size ATS_UNUSED */)
 {
-  static const struct option longopt[] = {{"csv", no_argument, nullptr, 'c'},
-                                          {"integer-counters", no_argument, NULL, 'i'},
-                                          {"wrap-counters", no_argument, NULL, 'w'},
-                                          {"max-age", required_argument, nullptr, 'a'},
-                                          {nullptr, no_argument, nullptr, '\0'}};
+  static const struct option longopt[] = {
+    {"csv",              no_argument,       nullptr, 'c' },
+    {"integer-counters", no_argument,       NULL,    'i' },
+    {"wrap-counters",    no_argument,       NULL,    'w' },
+    {"max-age",          required_argument, nullptr, 'a' },
+    {nullptr,            no_argument,       nullptr, '\0'}
+  };
 
   HTTPStatsConfig *cfg = new HTTPStatsConfig;
 
diff --git a/plugins/experimental/icap/icap_plugin.cc b/plugins/experimental/icap/icap_plugin.cc
index 092f257ab8b..b5da5633078 100644
--- a/plugins/experimental/icap/icap_plugin.cc
+++ b/plugins/experimental/icap/icap_plugin.cc
@@ -54,7 +54,7 @@ enum class State {
 };
 
 #define ICAP_SERVICE_URL "icap://127.0.0.1/avscan"
-#define ICAP_VERSION "1.0"
+#define ICAP_VERSION     "1.0"
 
 struct TransformData {
   State state = State::BEGIN;
@@ -360,7 +360,7 @@ handle_read_http_body(TSCont contp, TransformData *data)
           int64_t pos          = sm.position(0);
           int64_t token_length = sm[0].length();
 
-          data->http_body_chunk_length = std::stoi(sm[2].str().c_str(), nullptr, 16);
+          data->http_body_chunk_length         = std::stoi(sm[2].str().c_str(), nullptr, 16);
           data->http_body_total_length_written += data->http_body_chunk_length;
           TSIOBufferReaderConsume(data->icap_resp_reader, pos + token_length - consumed);
           break;
@@ -368,7 +368,7 @@ handle_read_http_body(TSCont contp, TransformData *data)
 
         TSIOBufferReaderConsume(data->icap_resp_reader, data_len);
         consumed += data_len;
-        blk = TSIOBufferBlockNext(blk);
+        blk      = TSIOBufferBlockNext(blk);
       }
       if (blk == nullptr) {
         return 0;
@@ -378,8 +378,8 @@ handle_read_http_body(TSCont contp, TransformData *data)
     /* Write the chunk to downstream */
     int64_t towrite;
 
-    avail   = TSIOBufferReaderAvail(data->icap_resp_reader);
-    towrite = data->http_body_chunk_length < avail ? data->http_body_chunk_length : avail;
+    avail                        = TSIOBufferReaderAvail(data->icap_resp_reader);
+    towrite                      = data->http_body_chunk_length < avail ? data->http_body_chunk_length : avail;
     data->http_body_chunk_length -= towrite;
     TSIOBufferCopy(TSVIOBufferGet(data->output_vio), data->icap_resp_reader, towrite, 0);
     TSIOBufferReaderConsume(data->icap_resp_reader, towrite);
diff --git a/plugins/experimental/inliner/cache-handler.h b/plugins/experimental/inliner/cache-handler.h
index 88544639609..c6e01fefaad 100644
--- a/plugins/experimental/inliner/cache-handler.h
+++ b/plugins/experimental/inliner/cache-handler.h
@@ -93,7 +93,7 @@ namespace inliner
           size = std::min(size, l);
           std::copy(pointer, pointer + size, std::back_inserter(content_));
           length += size;
-          l -= size;
+          l      -= size;
         }
       }
 
@@ -198,7 +198,7 @@ namespace inliner
         size = std::min(size, l);
         o.append(pointer, size);
         length += size;
-        l -= size;
+        l      -= size;
       }
     }
 
@@ -244,7 +244,7 @@ namespace inliner
       h.reader_ = nullptr;
     }
 
-    CacheHandler(const CacheHandler &) = delete;
+    CacheHandler(const CacheHandler &)            = delete;
     CacheHandler &operator=(const CacheHandler &) = delete;
 
     void
@@ -320,11 +320,11 @@ namespace inliner
       const std::string::const_iterator b1 = b.begin(), b2 = b.end(), i = std::find(b1, b2, '/');
 
       std::string request = "GET ";
-      request += std::string(i, b2);
-      request += " HTTP/1.1\r\n";
-      request += "Host: ";
-      request += std::string(b1, i);
-      request += "\r\n\r\n";
+      request             += std::string(i, b2);
+      request             += " HTTP/1.1\r\n";
+      request             += "Host: ";
+      request             += std::string(b1, i);
+      request             += "\r\n\r\n";
 
       ats::io::IO *const io = new io::IO();
 
diff --git a/plugins/experimental/inliner/cache.h b/plugins/experimental/inliner/cache.h
index 38b80762ab6..d036d140858 100644
--- a/plugins/experimental/inliner/cache.h
+++ b/plugins/experimental/inliner/cache.h
@@ -41,7 +41,7 @@ namespace cache
     }
 
     Key() : key_(TSCacheKeyCreate()) { assert(key_ != nullptr); }
-    Key(const Key &) = delete;
+    Key(const Key &)            = delete;
     Key &operator=(const Key &) = delete;
 
     explicit Key(const std::string &s) : key_(TSCacheKeyCreate())
@@ -64,7 +64,7 @@ namespace cache
 
     T t_;
 
-    template  Read(A &&... a) : t_(std::forward(a)...) {}
+    template  Read(A &&...a) : t_(std::forward(a)...) {}
     static int
     handle(TSCont c, TSEvent e, void *d)
     {
@@ -91,7 +91,7 @@ namespace cache
 
   template 
   void
-  fetch(const std::string &k, A &&... a)
+  fetch(const std::string &k, A &&...a)
   {
     const Key key(k);
     const TSCont continuation = TSContCreate(Read::handle, TSMutexCreate());
diff --git a/plugins/experimental/inliner/chunk-decoder.cc b/plugins/experimental/inliner/chunk-decoder.cc
index 455fa168575..40149549bac 100644
--- a/plugins/experimental/inliner/chunk-decoder.cc
+++ b/plugins/experimental/inliner/chunk-decoder.cc
@@ -142,7 +142,7 @@ ChunkDecoder::decode(const TSIOBufferReader &r)
       const char *p = TSIOBufferBlockReadStart(block, r, &size);
       assert(p != nullptr);
       const int i = parseSize(p, size);
-      size -= i;
+      size        -= i;
       TSIOBufferReaderConsume(r, i);
       if (state_ == State::kEnd) {
         assert(size_ == 0);
@@ -167,7 +167,7 @@ ChunkDecoder::decode(const TSIOBufferReader &r)
         break;
       } else {
         length += size;
-        size_ -= size;
+        size_  -= size;
       }
     }
     block = TSIOBufferBlockNext(block);
diff --git a/plugins/experimental/inliner/html-parser.cc b/plugins/experimental/inliner/html-parser.cc
index d4097f6968d..5854316a0d1 100644
--- a/plugins/experimental/inliner/html-parser.cc
+++ b/plugins/experimental/inliner/html-parser.cc
@@ -225,7 +225,7 @@ namespace inliner
       } else if (c == '/' || c == '>') {
         return true;
       } else if (isValidValue(c)) {
-        state_ = Attribute::kUnquotedValue;
+        state_                   = Attribute::kUnquotedValue;
         attributes.back().second += c;
       }
       break;
@@ -293,9 +293,9 @@ namespace inliner
           const size_t p = c - b;
           if (p > 0 && tag_ == Tag::kTagIMG) {
             done += bypass(p, o);
-            o += p;
-            l -= p;
-            b = c;
+            o    += p;
+            l    -= p;
+            b    = c;
           }
         } else if (tag_ == Tag::kTagInvalid) {
           state_ = State::kTagBypass;
diff --git a/plugins/experimental/inliner/inliner-handler.h b/plugins/experimental/inliner/inliner-handler.h
index c8733d3c838..a2478e24cad 100644
--- a/plugins/experimental/inliner/inliner-handler.h
+++ b/plugins/experimental/inliner/inliner-handler.h
@@ -54,7 +54,7 @@ namespace inliner
 
     Handler(const TSIOBufferReader, ats::io::IOSinkPointer &&);
 
-    Handler(const Handler &) = delete;
+    Handler(const Handler &)            = delete;
     Handler &operator=(const Handler &) = delete;
 
     void parse();
diff --git a/plugins/experimental/inliner/ts.cc b/plugins/experimental/inliner/ts.cc
index f8b05649594..5ed527b915a 100644
--- a/plugins/experimental/inliner/ts.cc
+++ b/plugins/experimental/inliner/ts.cc
@@ -300,7 +300,7 @@ namespace io
 
     assert(operation->buffer_ != nullptr);
     const Node::Result result = data_->process(operation->buffer_);
-    operation->bytes_ += result.first;
+    operation->bytes_         += result.first;
     operation->process();
     if (result.second && data_.unique()) {
       data_.reset();
@@ -446,7 +446,7 @@ namespace io
     for (; it != end; ++it) {
       assert(*it != nullptr);
       const Node::Result result = (*it)->process(b);
-      length += result.first;
+      length                    += result.first;
       if (!result.second || !it->unique()) {
         break;
       }
diff --git a/plugins/experimental/inliner/ts.h b/plugins/experimental/inliner/ts.h
index 9ab8bdd25fc..77cbd21b9fc 100644
--- a/plugins/experimental/inliner/ts.h
+++ b/plugins/experimental/inliner/ts.h
@@ -93,7 +93,7 @@ namespace io
       assert(reader != nullptr);
     }
 
-    ReaderSize(const ReaderSize &) = delete;
+    ReaderSize(const ReaderSize &)            = delete;
     ReaderSize &operator=(const ReaderSize &) = delete;
     void *operator new(const std::size_t)     = delete;
   };
@@ -103,7 +103,7 @@ namespace io
     const size_t offset;
 
     ReaderOffset(const TSIOBufferReader r, const size_t o) : reader(r), offset(o) { assert(reader != nullptr); }
-    ReaderOffset(const ReaderOffset &) = delete;
+    ReaderOffset(const ReaderOffset &)            = delete;
     ReaderOffset &operator=(const ReaderOffset &) = delete;
     void *operator new(const std::size_t)         = delete;
   };
@@ -156,7 +156,7 @@ namespace io
     ~WriteOperation();
 
     // noncopyable
-    WriteOperation(const WriteOperation &) = delete;
+    WriteOperation(const WriteOperation &)            = delete;
     WriteOperation &operator=(const WriteOperation &) = delete;
 
     WriteOperation &operator<<(const TSIOBufferReader);
@@ -193,7 +193,7 @@ namespace io
     ~IOSink();
 
     // noncopyable
-    IOSink(const IOSink &) = delete;
+    IOSink(const IOSink &)            = delete;
     IOSink &operator=(const IOSink &) = delete;
 
     template 
@@ -210,7 +210,7 @@ namespace io
 
     template 
     static IOSinkPointer
-    Create(A &&... a)
+    Create(A &&...a)
     {
       return IOSinkPointer(new IOSink(WriteOperation::Create(std::forward(a)...)));
     }
@@ -256,7 +256,7 @@ namespace io
     }
 
     // noncopyable
-    BufferNode(const BufferNode &) = delete;
+    BufferNode(const BufferNode &)            = delete;
     BufferNode &operator=(const BufferNode &) = delete;
     BufferNode &operator<<(const TSIOBufferReader);
     BufferNode &operator<<(const ReaderSize &);
@@ -273,7 +273,7 @@ namespace io
 
     template  Data(T &&t) : root_(std::forward(t)), first_(false) {}
     // noncopyable
-    Data(const Data &) = delete;
+    Data(const Data &)            = delete;
     Data &operator=(const Data &) = delete;
 
     Node::Result process(const TSIOBuffer) override;
@@ -284,9 +284,9 @@ namespace io
 
     ~Sink();
 
-    template  Sink(A &&... a) : data_(std::forward(a)...) {}
+    template  Sink(A &&...a) : data_(std::forward(a)...) {}
     // noncopyable
-    Sink(const Sink &) = delete;
+    Sink(const Sink &)            = delete;
     Sink &operator=(const Sink &) = delete;
 
     SinkPointer branch();
diff --git a/plugins/experimental/ja3_fingerprint/ja3_fingerprint.cc b/plugins/experimental/ja3_fingerprint/ja3_fingerprint.cc
index 3229e6b080a..7fa3f1298dd 100644
--- a/plugins/experimental/ja3_fingerprint/ja3_fingerprint.cc
+++ b/plugins/experimental/ja3_fingerprint/ja3_fingerprint.cc
@@ -97,7 +97,7 @@ custom_get_ja3_prefixed(int unit, const unsigned char *&data, int len, std::stri
       if (!first) {
         result += '-';
       }
-      first = false;
+      first  = false;
       result += std::to_string(tmp);
     }
   }
@@ -147,8 +147,8 @@ custom_get_ja3(SSL *s)
 
   // Get version
   int version = (((int)p[0]) << 8) | (int)p[1];
-  ja3 += std::to_string(version) + ',';
-  p += 2;
+  ja3         += std::to_string(version) + ',';
+  p           += 2;
 
   // Skip client random
   p += SSL3_RANDOM_SIZE;
@@ -174,7 +174,7 @@ custom_get_ja3(SSL *s)
   std::string eclist, ecpflist;
 
   // Skip length blob
-  p += 2;
+  p          += 2;
   bool first = true;
   while (p < d + n) {
     // Each extension blob is comprised of [2bytes] type + [2bytes] size + [size bytes] data
@@ -203,7 +203,7 @@ custom_get_ja3(SSL *s)
         ja3 += '-';
       }
       first = false;
-      ja3 += std::to_string(type);
+      ja3   += std::to_string(type);
     }
   }
 
@@ -222,7 +222,7 @@ custom_get_ja3(SSL *s)
 
   // Get version
   unsigned int version = SSL_client_hello_get0_legacy_version(s);
-  ja3 += std::to_string(version) + ',';
+  ja3                  += std::to_string(version) + ',';
 
   // Get cipher suites
   len = SSL_client_hello_get0_ciphers(s, &p);
@@ -234,7 +234,7 @@ custom_get_ja3(SSL *s)
   std::string eclist, ecpflist;
   if (SSL_client_hello_get0_ext(s, 0x0a, &p, &len) == 1) {
     // Skip first 2 bytes since we already have length
-    p += 2;
+    p   += 2;
     len -= 2;
     custom_get_ja3_prefixed(2, p, len, eclist);
   }
@@ -253,7 +253,7 @@ custom_get_ja3(SSL *s)
           ja3 += '-';
         }
         first = false;
-        ja3 += std::to_string(type);
+        ja3   += std::to_string(type);
       }
     }
     OPENSSL_free(o);
@@ -400,7 +400,11 @@ req_hdr_ja3_handler(TSCont contp, TSEvent event, void *edata)
 static bool
 read_config_option(int argc, const char *argv[], int &raw, int &log)
 {
-  const struct option longopts[] = {{"ja3raw", no_argument, &raw, 1}, {"ja3log", no_argument, &log, 1}, {nullptr, 0, nullptr, 0}};
+  const struct option longopts[] = {
+    {"ja3raw", no_argument, &raw,    1},
+    {"ja3log", no_argument, &log,    1},
+    {nullptr,  0,           nullptr, 0}
+  };
 
   int opt = 0;
   while ((opt = getopt_long(argc, const_cast(argv), "", longopts, nullptr)) >= 0) {
diff --git a/plugins/experimental/maxmind_acl/mmdb.h b/plugins/experimental/maxmind_acl/mmdb.h
index 372cfdacd86..6cfa374ab34 100644
--- a/plugins/experimental/maxmind_acl/mmdb.h
+++ b/plugins/experimental/maxmind_acl/mmdb.h
@@ -44,7 +44,7 @@
 #include 
 #endif
 
-#define PLUGIN_NAME "maxmind_acl"
+#define PLUGIN_NAME  "maxmind_acl"
 #define CONFIG_TMOUT 60000
 
 typedef struct {
diff --git a/plugins/experimental/memcache/tsmemcache.cc b/plugins/experimental/memcache/tsmemcache.cc
index cb1b32f6652..97ae58ff7dc 100644
--- a/plugins/experimental/memcache/tsmemcache.cc
+++ b/plugins/experimental/memcache/tsmemcache.cc
@@ -34,7 +34,7 @@
   - cleanup creader dependency in stream_event
  */
 
-#define REALTIME_MAXDELTA 60 * 60 * 24 * 30
+#define REALTIME_MAXDELTA       60 * 60 * 24 * 30
 #define STRCMP_REST(_c, _s, _e) (((_e) - (_s)) < (int)sizeof(_c) || STRCMP(_s, _c) || !isspace((_s)[sizeof(_c) - 1]))
 
 ClassAllocator theMCAllocator("MC");
@@ -1132,7 +1132,7 @@ MC::ascii_set(char *s, char *e)
   SKIP_SPACE;
   if (*s == 'n' && !STRCMP_REST("oreply", s + 1, e)) {
     f.noreply = 1;
-    s += 7;
+    s         += 7;
     if (s >= e) {
       return ASCII_CLIENT_ERROR("bad command line");
     }
@@ -1165,7 +1165,7 @@ MC::ascii_delete(char *s, char *e)
   SKIP_SPACE;
   if (*s == 'n' && !STRCMP_REST("oreply", s + 1, e)) {
     f.noreply = 1;
-    s += 7;
+    s         += 7;
     if (s >= e) {
       return ASCII_CLIENT_ERROR("bad command line");
     }
@@ -1199,7 +1199,7 @@ MC::ascii_incr_decr(char *s, char *e)
   SKIP_SPACE;
   if (*s == 'n' && !STRCMP_REST("oreply", s + 1, e)) {
     f.noreply = 1;
-    s += 7;
+    s         += 7;
     if (s >= e) {
       return ASCII_CLIENT_ERROR("bad command line");
     }
diff --git a/plugins/experimental/memcache/tsmemcache.h b/plugins/experimental/memcache/tsmemcache.h
index 69a78819be4..14994b16286 100644
--- a/plugins/experimental/memcache/tsmemcache.h
+++ b/plugins/experimental/memcache/tsmemcache.h
@@ -34,19 +34,19 @@
 #include "tscore/ink_hrtime.h"
 #include "tscore/CryptoHash.h"
 
-#define TSMEMCACHE_VERSION "1.0.0"
-#define TSMEMCACHE_MAX_CMD_SIZE (128 * 1024 * 1024) // silly large
-#define TSMEMCACHE_MAX_KEY_LEN 250
-#define TSMEMCACHE_TMP_CMD_BUFFER_SIZE 320
-#define TSMEMCACHE_HEADER_MAGIC 0x8765ACDC
+#define TSMEMCACHE_VERSION              "1.0.0"
+#define TSMEMCACHE_MAX_CMD_SIZE         (128 * 1024 * 1024) // silly large
+#define TSMEMCACHE_MAX_KEY_LEN          250
+#define TSMEMCACHE_TMP_CMD_BUFFER_SIZE  320
+#define TSMEMCACHE_HEADER_MAGIC         0x8765ACDC
 #define TSMEMCACHE_RETRY_WRITE_INTERVAL HRTIME_MSECONDS(20)
 
 #define TSMEMCACHE_WRITE_SYNC 0 // not yet
 
 #define TSMEMCACHE_EVENT_GOT_ITEM 100000
-#define TSMEMCACHE_EVENT_GOT_KEY 100001
-#define TSMEMCACHE_STREAM_DONE 100002
-#define TSMEMCACHE_TUNNEL_DONE 100003
+#define TSMEMCACHE_EVENT_GOT_KEY  100001
+#define TSMEMCACHE_STREAM_DONE    100002
+#define TSMEMCACHE_TUNNEL_DONE    100003
 
 #define CHECK_RET(_e, _r) \
   do {                    \
@@ -54,7 +54,7 @@
     if (ret != _r)        \
       return _r;          \
   } while (0)
-#define WRITE(_s) write(_s "", sizeof(_s "") - 1)
+#define WRITE(_s)  write(_s "", sizeof(_s "") - 1)
 #define STRLEN(_s) (sizeof(_s "") - 1)
 
 class NetVConnection;
@@ -62,7 +62,7 @@ class NetVConnection;
 struct MCCacheHeader {
   uint32_t magic;
   uint32_t flags;
-  uint32_t nkey : 8;
+  uint32_t nkey     : 8;
   uint32_t reserved : 24;
   uint32_t exptime; // seconds offset from settime
   uint64_t settime;
@@ -104,14 +104,14 @@ struct MCAccept : public Continuation {
     SET_HANDLER(_h);                           \
   } while (0)
 
-#define TS_POP_HANDLER handler = handler_stack[--ihandler_stack]
-#define TS_POP_CALL(_event, _data) handleEvent((TS_POP_HANDLER, _event), _data)
+#define TS_POP_HANDLER                 handler = handler_stack[--ihandler_stack]
+#define TS_POP_CALL(_event, _data)     handleEvent((TS_POP_HANDLER, _event), _data)
 #define TS_SET_CALL(_h, _event, _data) handleEvent((SET_HANDLER(_h), _event), _data)
-#define ASCII_RESPONSE(_s) ascii_response((_s "\r\n"), sizeof(_s "\r\n") - 1)
-#define ASCII_ERROR() ascii_response(("ERROR\r\n"), sizeof("ERROR\r\n") - 1)
-#define ASCII_CLIENT_ERROR(_s) ascii_response(("CLIENT_ERROR: " _s "\r\n"), sizeof("CLIENT_ERROR: " _s "\r\n") - 1)
-#define ASCII_SERVER_ERROR(_s) ascii_response(("SERVER_ERROR: " _s "\r\n"), sizeof("SERVER_ERROR: " _s "\r\n") - 1)
-#define STRCMP(_s, _const_string) strncmp(_s, _const_string "", sizeof(_const_string) - 1)
+#define ASCII_RESPONSE(_s)             ascii_response((_s "\r\n"), sizeof(_s "\r\n") - 1)
+#define ASCII_ERROR()                  ascii_response(("ERROR\r\n"), sizeof("ERROR\r\n") - 1)
+#define ASCII_CLIENT_ERROR(_s)         ascii_response(("CLIENT_ERROR: " _s "\r\n"), sizeof("CLIENT_ERROR: " _s "\r\n") - 1)
+#define ASCII_SERVER_ERROR(_s)         ascii_response(("SERVER_ERROR: " _s "\r\n"), sizeof("SERVER_ERROR: " _s "\r\n") - 1)
+#define STRCMP(_s, _const_string)      strncmp(_s, _const_string "", sizeof(_const_string) - 1)
 
 struct MC : Continuation {
   Action *pending_action;
@@ -140,15 +140,15 @@ struct MC : Continuation {
   char tmp_cmd_buffer[TSMEMCACHE_TMP_CMD_BUFFER_SIZE];
   union {
     struct {
-      unsigned int noreply : 1;
-      unsigned int return_cas : 1;
-      unsigned int set_add : 1;
-      unsigned int set_cas : 1;
-      unsigned int set_append : 1;
+      unsigned int noreply     : 1;
+      unsigned int return_cas  : 1;
+      unsigned int set_add     : 1;
+      unsigned int set_cas     : 1;
+      unsigned int set_append  : 1;
       unsigned int set_prepend : 1;
       unsigned int set_replace : 1;
-      unsigned int set_incr : 1;
-      unsigned int set_decr : 1;
+      unsigned int set_incr    : 1;
+      unsigned int set_decr    : 1;
     } f;
     unsigned int ff;
   };
diff --git a/plugins/experimental/money_trace/money_trace.cc b/plugins/experimental/money_trace/money_trace.cc
index 69d3252685c..4e8f9ee6d49 100644
--- a/plugins/experimental/money_trace/money_trace.cc
+++ b/plugins/experimental/money_trace/money_trace.cc
@@ -46,12 +46,12 @@ config_from_args(int const argc, char const *argv[], PluginType const ptype)
   Config *const conf = new Config;
 
   static const struct option longopt[] = {
-    {const_cast("passthru"), required_argument, nullptr, 'a'},
-    {const_cast("create-if-none"), required_argument, nullptr, 'c'},
+    {const_cast("passthru"),           required_argument, nullptr, 'a'},
+    {const_cast("create-if-none"),     required_argument, nullptr, 'c'},
     {const_cast("global-skip-header"), required_argument, nullptr, 'g'},
-    {const_cast("header"), required_argument, nullptr, 'h'},
-    {const_cast("pregen-header"), required_argument, nullptr, 'p'},
-    {nullptr, 0, nullptr, 0},
+    {const_cast("header"),             required_argument, nullptr, 'h'},
+    {const_cast("pregen-header"),      required_argument, nullptr, 'p'},
+    {nullptr,                                  0,                 nullptr, 0  },
   };
 
   // getopt assumes args start at '1' so this hack is needed
diff --git a/plugins/experimental/mp4/mp4.cc b/plugins/experimental/mp4/mp4.cc
index 0791d5d7c5e..014a2d49419 100644
--- a/plugins/experimental/mp4/mp4.cc
+++ b/plugins/experimental/mp4/mp4.cc
@@ -412,7 +412,7 @@ mp4_transform_handler(TSCont contp, Mp4Context *mc)
         TSIOBufferCopy(mtc->output.buffer, mtc->res_reader, avail, 0);
         TSIOBufferReaderConsume(mtc->res_reader, avail);
 
-        mtc->pos += avail;
+        mtc->pos   += avail;
         mtc->total += avail;
         write_down = true;
       }
diff --git a/plugins/experimental/mp4/mp4_meta.cc b/plugins/experimental/mp4/mp4_meta.cc
index 873f5a0c5d5..bbec129f603 100644
--- a/plugins/experimental/mp4/mp4_meta.cc
+++ b/plugins/experimental/mp4/mp4_meta.cc
@@ -18,35 +18,52 @@
 
 #include "mp4_meta.h"
 
-static mp4_atom_handler mp4_atoms[] = {{"ftyp", &Mp4Meta::mp4_read_ftyp_atom},
-                                       {"moov", &Mp4Meta::mp4_read_moov_atom},
-                                       {"mdat", &Mp4Meta::mp4_read_mdat_atom},
-                                       {nullptr, nullptr}};
-
-static mp4_atom_handler mp4_moov_atoms[] = {{"mvhd", &Mp4Meta::mp4_read_mvhd_atom},
-                                            {"trak", &Mp4Meta::mp4_read_trak_atom},
-                                            {"cmov", &Mp4Meta::mp4_read_cmov_atom},
-                                            {nullptr, nullptr}};
-
-static mp4_atom_handler mp4_trak_atoms[] = {{"tkhd", &Mp4Meta::mp4_read_tkhd_atom},
-                                            {"mdia", &Mp4Meta::mp4_read_mdia_atom},
-                                            {nullptr, nullptr}};
-
-static mp4_atom_handler mp4_mdia_atoms[] = {{"mdhd", &Mp4Meta::mp4_read_mdhd_atom},
-                                            {"hdlr", &Mp4Meta::mp4_read_hdlr_atom},
-                                            {"minf", &Mp4Meta::mp4_read_minf_atom},
-                                            {nullptr, nullptr}};
-
-static mp4_atom_handler mp4_minf_atoms[] = {{"vmhd", &Mp4Meta::mp4_read_vmhd_atom},
-                                            {"smhd", &Mp4Meta::mp4_read_smhd_atom},
-                                            {"dinf", &Mp4Meta::mp4_read_dinf_atom},
-                                            {"stbl", &Mp4Meta::mp4_read_stbl_atom},
-                                            {nullptr, nullptr}};
+static mp4_atom_handler mp4_atoms[] = {
+  {"ftyp",  &Mp4Meta::mp4_read_ftyp_atom},
+  {"moov",  &Mp4Meta::mp4_read_moov_atom},
+  {"mdat",  &Mp4Meta::mp4_read_mdat_atom},
+  {nullptr, nullptr                     }
+};
+
+static mp4_atom_handler mp4_moov_atoms[] = {
+  {"mvhd",  &Mp4Meta::mp4_read_mvhd_atom},
+  {"trak",  &Mp4Meta::mp4_read_trak_atom},
+  {"cmov",  &Mp4Meta::mp4_read_cmov_atom},
+  {nullptr, nullptr                     }
+};
+
+static mp4_atom_handler mp4_trak_atoms[] = {
+  {"tkhd",  &Mp4Meta::mp4_read_tkhd_atom},
+  {"mdia",  &Mp4Meta::mp4_read_mdia_atom},
+  {nullptr, nullptr                     }
+};
+
+static mp4_atom_handler mp4_mdia_atoms[] = {
+  {"mdhd",  &Mp4Meta::mp4_read_mdhd_atom},
+  {"hdlr",  &Mp4Meta::mp4_read_hdlr_atom},
+  {"minf",  &Mp4Meta::mp4_read_minf_atom},
+  {nullptr, nullptr                     }
+};
+
+static mp4_atom_handler mp4_minf_atoms[] = {
+  {"vmhd",  &Mp4Meta::mp4_read_vmhd_atom},
+  {"smhd",  &Mp4Meta::mp4_read_smhd_atom},
+  {"dinf",  &Mp4Meta::mp4_read_dinf_atom},
+  {"stbl",  &Mp4Meta::mp4_read_stbl_atom},
+  {nullptr, nullptr                     }
+};
 
 static mp4_atom_handler mp4_stbl_atoms[] = {
-  {"stsd", &Mp4Meta::mp4_read_stsd_atom}, {"stts", &Mp4Meta::mp4_read_stts_atom}, {"stss", &Mp4Meta::mp4_read_stss_atom},
-  {"ctts", &Mp4Meta::mp4_read_ctts_atom}, {"stsc", &Mp4Meta::mp4_read_stsc_atom}, {"stsz", &Mp4Meta::mp4_read_stsz_atom},
-  {"stco", &Mp4Meta::mp4_read_stco_atom}, {"co64", &Mp4Meta::mp4_read_co64_atom}, {nullptr, nullptr}};
+  {"stsd",  &Mp4Meta::mp4_read_stsd_atom},
+  {"stts",  &Mp4Meta::mp4_read_stts_atom},
+  {"stss",  &Mp4Meta::mp4_read_stss_atom},
+  {"ctts",  &Mp4Meta::mp4_read_ctts_atom},
+  {"stsc",  &Mp4Meta::mp4_read_stsc_atom},
+  {"stsz",  &Mp4Meta::mp4_read_stsz_atom},
+  {"stco",  &Mp4Meta::mp4_read_stco_atom},
+  {"co64",  &Mp4Meta::mp4_read_co64_atom},
+  {nullptr, nullptr                     }
+};
 
 static void mp4_reader_set_32value(TSIOBufferReader readerp, int64_t offset, uint32_t n);
 static void mp4_reader_set_64value(TSIOBufferReader readerp, int64_t offset, uint64_t n);
@@ -98,7 +115,7 @@ Mp4Meta::mp4_meta_consume(int64_t size)
 {
   TSIOBufferReaderConsume(meta_reader, size);
   meta_avail -= size;
-  passed += size;
+  passed     += size;
 }
 
 int
@@ -522,7 +539,8 @@ Mp4Meta::mp4_read_trak_atom(int64_t atom_header_size, int64_t atom_data_size)
   return rc;
 }
 
-int Mp4Meta::mp4_read_cmov_atom(int64_t /*atom_header_size ATS_UNUSED */, int64_t /* atom_data_size ATS_UNUSED */)
+int
+Mp4Meta::mp4_read_cmov_atom(int64_t /*atom_header_size ATS_UNUSED */, int64_t /* atom_data_size ATS_UNUSED */)
 {
   return -1;
 }
@@ -649,7 +667,7 @@ Mp4Meta::mp4_read_vmhd_atom(int64_t atom_header_size, int64_t atom_data_size)
 
   atom_size = atom_data_size + atom_header_size;
 
-  trak = trak_vec[trak_num - 1];
+  trak            = trak_vec[trak_num - 1];
   trak->vmhd_size += atom_size;
 
   trak->atoms[MP4_VMHD_ATOM].buffer = TSIOBufferCreate();
@@ -669,7 +687,7 @@ Mp4Meta::mp4_read_smhd_atom(int64_t atom_header_size, int64_t atom_data_size)
 
   atom_size = atom_data_size + atom_header_size;
 
-  trak = trak_vec[trak_num - 1];
+  trak            = trak_vec[trak_num - 1];
   trak->smhd_size += atom_size;
 
   trak->atoms[MP4_SMHD_ATOM].buffer = TSIOBufferCreate();
@@ -689,7 +707,7 @@ Mp4Meta::mp4_read_dinf_atom(int64_t atom_header_size, int64_t atom_data_size)
 
   atom_size = atom_data_size + atom_header_size;
 
-  trak = trak_vec[trak_num - 1];
+  trak            = trak_vec[trak_num - 1];
   trak->dinf_size += atom_size;
 
   trak->atoms[MP4_DINF_ATOM].buffer = TSIOBufferCreate();
@@ -725,7 +743,7 @@ Mp4Meta::mp4_read_stsd_atom(int64_t atom_header_size, int64_t atom_data_size)
 
   atom_size = atom_data_size + atom_header_size;
 
-  trak = trak_vec[trak_num - 1];
+  trak       = trak_vec[trak_num - 1];
   trak->size += atom_size;
 
   trak->atoms[MP4_STSD_ATOM].buffer = TSIOBufferCreate();
@@ -917,7 +935,7 @@ Mp4Meta::mp4_read_stsz_atom(int64_t atom_header_size, int64_t atom_data_size)
     TSIOBufferCopy(trak->atoms[MP4_STSZ_DATA].buffer, meta_reader, esize, sizeof(mp4_stsz_atom));
 
   } else {
-    atom_size = atom_header_size + atom_data_size;
+    atom_size  = atom_header_size + atom_data_size;
     trak->size += atom_size;
     mp4_reader_set_32value(trak->atoms[MP4_STSZ_ATOM].reader, 0, atom_size);
   }
@@ -999,7 +1017,8 @@ Mp4Meta::mp4_read_co64_atom(int64_t atom_header_size, int64_t atom_data_size)
   return 1;
 }
 
-int Mp4Meta::mp4_read_mdat_atom(int64_t /* atom_header_size ATS_UNUSED */, int64_t /* atom_data_size ATS_UNUSED */)
+int
+Mp4Meta::mp4_read_mdat_atom(int64_t /* atom_header_size ATS_UNUSED */, int64_t /* atom_data_size ATS_UNUSED */)
 {
   mdat_atom.buffer = TSIOBufferCreate();
   mdat_atom.reader = TSIOBufferReaderAlloc(mdat_atom.buffer);
@@ -1038,14 +1057,14 @@ Mp4Meta::mp4_update_stts_atom(Mp4Trak *trak)
     count    = mp4_reader_get_32value(readerp, offsetof(mp4_stts_entry, count));
 
     if (start_time < static_cast(count) * duration) {
-      pass = static_cast(start_time / duration);
+      pass         = static_cast(start_time / duration);
       start_sample += pass;
 
       goto found;
     }
 
     start_sample += count;
-    start_time -= static_cast(count) * duration;
+    start_time   -= static_cast(count) * duration;
     TSIOBufferReaderConsume(readerp, sizeof(mp4_stts_entry));
   }
 
@@ -1077,7 +1096,7 @@ Mp4Meta::mp4_update_stts_atom(Mp4Trak *trak)
     }
 
     start_sample -= count;
-    sum += static_cast(count) * duration;
+    sum          += static_cast(count) * duration;
 
     TSIOBufferReaderConsume(readerp, sizeof(mp4_stts_entry));
   }
@@ -1088,7 +1107,7 @@ Mp4Meta::mp4_update_stts_atom(Mp4Trak *trak)
 
   left = entries - i;
 
-  atom_size = sizeof(mp4_stts_atom) + left * sizeof(mp4_stts_entry);
+  atom_size  = sizeof(mp4_stts_atom) + left * sizeof(mp4_stts_entry);
   trak->size += atom_size;
 
   mp4_reader_set_32value(trak->atoms[MP4_STTS_ATOM].reader, offsetof(mp4_stts_atom, size), atom_size);
@@ -1141,7 +1160,7 @@ Mp4Meta::mp4_update_stss_atom(Mp4Trak *trak)
     TSIOBufferReaderConsume(readerp, sizeof(uint32_t));
   }
 
-  atom_size = sizeof(mp4_stss_atom) + left * sizeof(uint32_t);
+  atom_size  = sizeof(mp4_stss_atom) + left * sizeof(uint32_t);
   trak->size += atom_size;
 
   mp4_reader_set_32value(trak->atoms[MP4_STSS_ATOM].reader, offsetof(mp4_stss_atom, size), atom_size);
@@ -1203,8 +1222,8 @@ Mp4Meta::mp4_update_ctts_atom(Mp4Trak *trak)
 
 found:
 
-  left      = entries - i;
-  atom_size = sizeof(mp4_ctts_atom) + left * sizeof(mp4_ctts_entry);
+  left       = entries - i;
+  atom_size  = sizeof(mp4_ctts_atom) + left * sizeof(mp4_ctts_entry);
   trak->size += atom_size;
 
   mp4_reader_set_32value(trak->atoms[MP4_CTTS_ATOM].reader, offsetof(mp4_ctts_atom, size), atom_size);
@@ -1281,8 +1300,8 @@ Mp4Meta::mp4_update_stsc_atom(Mp4Trak *trak)
   readerp = TSIOBufferReaderClone(trak->atoms[MP4_STSC_DATA].reader);
   TSIOBufferReaderConsume(readerp, sizeof(mp4_stsc_entry) * (i - 1));
 
-  trak->start_chunk = chunk - 1;
-  trak->start_chunk += start_sample / samples;
+  trak->start_chunk   = chunk - 1;
+  trak->start_chunk   += start_sample / samples;
   trak->chunk_samples = start_sample % samples;
 
   atom_size = sizeof(mp4_stsc_atom) + entries * sizeof(mp4_stsc_entry);
@@ -1356,7 +1375,7 @@ Mp4Meta::mp4_update_stsz_atom(Mp4Trak *trak)
     TSIOBufferReaderConsume(readerp, sizeof(uint32_t));
   }
 
-  atom_size = sizeof(mp4_stsz_atom) + avail - pass;
+  atom_size  = sizeof(mp4_stsz_atom) + avail - pass;
   trak->size += atom_size;
 
   mp4_reader_set_32value(trak->atoms[MP4_STSZ_ATOM].reader, offsetof(mp4_stsz_atom, size), atom_size);
@@ -1386,8 +1405,8 @@ Mp4Meta::mp4_update_co64_atom(Mp4Trak *trak)
   readerp = trak->atoms[MP4_CO64_DATA].reader;
   avail   = TSIOBufferReaderAvail(readerp);
 
-  pass      = trak->start_chunk * sizeof(uint64_t);
-  atom_size = sizeof(mp4_co64_atom) + avail - pass;
+  pass       = trak->start_chunk * sizeof(uint64_t);
+  atom_size  = sizeof(mp4_co64_atom) + avail - pass;
   trak->size += atom_size;
 
   TSIOBufferReaderConsume(readerp, pass);
@@ -1419,8 +1438,8 @@ Mp4Meta::mp4_update_stco_atom(Mp4Trak *trak)
   readerp = trak->atoms[MP4_STCO_DATA].reader;
   avail   = TSIOBufferReaderAvail(readerp);
 
-  pass      = trak->start_chunk * sizeof(uint32_t);
-  atom_size = sizeof(mp4_stco_atom) + avail - pass;
+  pass       = trak->start_chunk * sizeof(uint32_t);
+  atom_size  = sizeof(mp4_stco_atom) + avail - pass;
   trak->size += atom_size;
 
   TSIOBufferReaderConsume(readerp, pass);
@@ -1871,7 +1890,7 @@ IOBufferReaderCopy(TSIOBufferReader readerp, void *buf, int64_t length)
     if (need > 0) {
       memcpy(static_cast(buf) + n, start, need);
       length -= need;
-      n += need;
+      n      += need;
     }
 
     if (length == 0) {
diff --git a/plugins/experimental/mp4/mp4_meta.h b/plugins/experimental/mp4/mp4_meta.h
index d4a11293af1..10d823ed509 100644
--- a/plugins/experimental/mp4/mp4_meta.h
+++ b/plugins/experimental/mp4/mp4_meta.h
@@ -28,7 +28,7 @@
 
 #include 
 
-#define MP4_MAX_TRAK_NUM 6
+#define MP4_MAX_TRAK_NUM    6
 #define MP4_MAX_BUFFER_SIZE (10 * 1024 * 1024)
 #define MP4_MIN_BUFFER_SIZE 1024
 
diff --git a/plugins/experimental/otel_tracer/otel_tracer.cc b/plugins/experimental/otel_tracer/otel_tracer.cc
index 30b0324bbfe..02d2bf00c23 100644
--- a/plugins/experimental/otel_tracer/otel_tracer.cc
+++ b/plugins/experimental/otel_tracer/otel_tracer.cc
@@ -336,10 +336,10 @@ TSPluginInit(int argc, const char *argv[])
   if (argc > 1) {
     int c;
     static const struct option longopts[] = {
-      {const_cast("url"), required_argument, nullptr, 'u'},
-      {const_cast("service-name"), required_argument, nullptr, 's'},
+      {const_cast("url"),           required_argument, nullptr, 'u'},
+      {const_cast("service-name"),  required_argument, nullptr, 's'},
       {const_cast("sampling-rate"), required_argument, nullptr, 'r'},
-      {nullptr, 0, nullptr, 0},
+      {nullptr,                             0,                 nullptr, 0  },
     };
 
     int longindex = 0;
diff --git a/plugins/experimental/otel_tracer/tracer_common.h b/plugins/experimental/otel_tracer/tracer_common.h
index d4caf573c6d..8d24a9e2253 100644
--- a/plugins/experimental/otel_tracer/tracer_common.h
+++ b/plugins/experimental/otel_tracer/tracer_common.h
@@ -127,8 +127,11 @@ InitTracer(std::string url, std::string service_name, double rate)
   processors.push_back(std::move(processor));
 
   // Set service name
-  opentelemetry::sdk::resource::ResourceAttributes attributes = {{"service.name", service_name}, {"version", (uint32_t)1}};
-  auto resource                                               = opentelemetry::sdk::resource::Resource::Create(attributes);
+  opentelemetry::sdk::resource::ResourceAttributes attributes = {
+    {"service.name", service_name},
+    {"version",      (uint32_t)1 }
+  };
+  auto resource = opentelemetry::sdk::resource::Resource::Create(attributes);
 
   auto context  = std::make_shared(std::move(processors), resource,
                                                            std::unique_ptr(new sdktrace::ParentBasedSampler(
diff --git a/plugins/experimental/parent_select/strategy.h b/plugins/experimental/parent_select/strategy.h
index eab0e6bd0f0..aaadfba70ad 100644
--- a/plugins/experimental/parent_select/strategy.h
+++ b/plugins/experimental/parent_select/strategy.h
@@ -48,8 +48,8 @@ extern const std::string_view active_health_check;
 extern const std::string_view passive_health_check;
 
 #define PL_NH_Debug(tag, fmt, ...) TSDebug(tag, "[%s:%d]: " fmt, __FILE__, __LINE__, ##__VA_ARGS__)
-#define PL_NH_Error(fmt, ...) TSError("(%s) [%s:%d]: " fmt, PLUGIN_NAME, __FILE__, __LINE__, ##__VA_ARGS__)
-#define PL_NH_Note(fmt, ...) TSDebug(PL_NH_DEBUG_TAG, "[%s:%d]: " fmt, __FILE__, __LINE__, ##__VA_ARGS__)
+#define PL_NH_Error(fmt, ...)      TSError("(%s) [%s:%d]: " fmt, PLUGIN_NAME, __FILE__, __LINE__, ##__VA_ARGS__)
+#define PL_NH_Note(fmt, ...)       TSDebug(PL_NH_DEBUG_TAG, "[%s:%d]: " fmt, __FILE__, __LINE__, ##__VA_ARGS__)
 
 constexpr const char *policy_strings[] = {"PL_NH_UNDEFINED", "PL_NH_FIRST_LIVE", "PL_NH_RR_STRICT",
                                           "PL_NH_RR_IP",     "PL_NH_RR_LATCHED", "PL_NH_CONSISTENT_HASH"};
diff --git a/plugins/experimental/rate_limit/ip_reputation.cc b/plugins/experimental/rate_limit/ip_reputation.cc
index 129cd9584a1..d05cadf4705 100644
--- a/plugins/experimental/rate_limit/ip_reputation.cc
+++ b/plugins/experimental/rate_limit/ip_reputation.cc
@@ -100,7 +100,7 @@ SieveLru::initialize(uint32_t num_buckets, uint32_t size)
   // Create the other buckets, in smaller and smaller sizes (power of 2)
   for (uint32_t i = lastBucket(); i <= entryBucket(); ++i) {
     _buckets[i] = new SieveBucket(cur_size);
-    cur_size *= 2;
+    cur_size    *= 2;
   }
 
   _buckets[blockBucket()] = new SieveBucket(cur_size / 2); // Block LRU, same size as entry bucket
@@ -151,7 +151,7 @@ SieveLru::increment(KeyClass key)
         (std::chrono::duration_cast(SystemClock::now() - added) > max_age)) {
       auto last_lru = _buckets[entryBucket()];
 
-      count >>= 3; // Age the count by a factor of 1/8th
+      count  >>= 3; // Age the count by a factor of 1/8th
       bucket = entryBucket();
       last_lru->moveTop(lru, map_item);
     } else {
diff --git a/plugins/experimental/rate_limit/iprep_simu.cc b/plugins/experimental/rate_limit/iprep_simu.cc
index 887df68b861..9509346e2a5 100644
--- a/plugins/experimental/rate_limit/iprep_simu.cc
+++ b/plugins/experimental/rate_limit/iprep_simu.cc
@@ -83,8 +83,13 @@ parseArgs(int argc, char **argv)
   CmdConfigs options;
   int c;
   constexpr struct option long_options[] = {
-    {"help", no_argument, NULL, 'h'},       {"buckets", required_argument, NULL, 'b'},   {"perma", required_argument, NULL, 'p'},
-    {"size", required_argument, NULL, 's'}, {"threshold", required_argument, NULL, 't'}, {NULL, 0, NULL, 0}};
+    {"help",      no_argument,       NULL, 'h'},
+    {"buckets",   required_argument, NULL, 'b'},
+    {"perma",     required_argument, NULL, 'p'},
+    {"size",      required_argument, NULL, 's'},
+    {"threshold", required_argument, NULL, 't'},
+    {NULL,        0,                 NULL, 0  }
+  };
 
   // Make sure the optional values have been set
 
@@ -208,9 +213,9 @@ main(int argc, char *argv[])
     for (uint32_t size = options.start_size; size <= options.end_size; size += options.incr_size) {
       for (uint32_t buckets = options.start_buckets; buckets <= options.end_buckets; buckets += options.incr_buckets) {
         for (uint32_t threshold = options.start_threshold; threshold <= options.end_threshold;
-             threshold += options.incr_threshold) {
+             threshold          += options.incr_threshold) {
           for (uint32_t permablock = options.start_permablock; permablock <= options.end_permablock;
-               permablock += options.incr_permablock) {
+               permablock          += options.incr_permablock) {
             // Setup the buckets and metrics for this loop
             IpReputation::SieveLru ipt(buckets, size);
 
diff --git a/plugins/experimental/rate_limit/sni_limiter.cc b/plugins/experimental/rate_limit/sni_limiter.cc
index fcc8fb838f4..3d652fbc44c 100644
--- a/plugins/experimental/rate_limit/sni_limiter.cc
+++ b/plugins/experimental/rate_limit/sni_limiter.cc
@@ -142,20 +142,20 @@ bool
 SniRateLimiter::initialize(int argc, const char *argv[])
 {
   static const struct option longopt[] = {
-    {const_cast("limit"), required_argument, nullptr, 'l'},
-    {const_cast("queue"), required_argument, nullptr, 'q'},
-    {const_cast("maxage"), required_argument, nullptr, 'm'},
-    {const_cast("prefix"), required_argument, nullptr, 'p'},
-    {const_cast("tag"), required_argument, nullptr, 't'},
-    // These are all for the IP reputation system. ToDo: These should be global rather than per SNI ?
-    {const_cast("iprep_maxage"), required_argument, nullptr, 'a'},
-    {const_cast("iprep_buckets"), required_argument, nullptr, 'B'},
-    {const_cast("iprep_bucketsize"), required_argument, nullptr, 'S'},
-    {const_cast("iprep_permablock_limit"), required_argument, nullptr, 'L'},
-    {const_cast("iprep_permablock_pressure"), required_argument, nullptr, 'P'},
-    {const_cast("iprep_permablock_maxage"), required_argument, nullptr, 'A'},
-    // EOF
-    {nullptr, no_argument, nullptr, '\0'},
+    {const_cast("limit"),                     required_argument, nullptr, 'l' },
+    {const_cast("queue"),                     required_argument, nullptr, 'q' },
+    {const_cast("maxage"),                    required_argument, nullptr, 'm' },
+    {const_cast("prefix"),                    required_argument, nullptr, 'p' },
+    {const_cast("tag"),                       required_argument, nullptr, 't' },
+ // These are all for the IP reputation system. ToDo: These should be global rather than per SNI ?
+    {const_cast("iprep_maxage"),              required_argument, nullptr, 'a' },
+    {const_cast("iprep_buckets"),             required_argument, nullptr, 'B' },
+    {const_cast("iprep_bucketsize"),          required_argument, nullptr, 'S' },
+    {const_cast("iprep_permablock_limit"),    required_argument, nullptr, 'L' },
+    {const_cast("iprep_permablock_pressure"), required_argument, nullptr, 'P' },
+    {const_cast("iprep_permablock_maxage"),   required_argument, nullptr, 'A' },
+ // EOF
+    {nullptr,                                         no_argument,       nullptr, '\0'},
   };
 
   TSDebug(PLUGIN_NAME, "Initializing an SNI Rate Limiter");
diff --git a/plugins/experimental/rate_limit/txn_limiter.cc b/plugins/experimental/rate_limit/txn_limiter.cc
index 6e336658886..335b419fa6e 100644
--- a/plugins/experimental/rate_limit/txn_limiter.cc
+++ b/plugins/experimental/rate_limit/txn_limiter.cc
@@ -107,16 +107,16 @@ bool
 TxnRateLimiter::initialize(int argc, const char *argv[])
 {
   static const struct option longopt[] = {
-    {const_cast("limit"), required_argument, nullptr, 'l'},
-    {const_cast("queue"), required_argument, nullptr, 'q'},
-    {const_cast("error"), required_argument, nullptr, 'e'},
-    {const_cast("retry"), required_argument, nullptr, 'r'},
-    {const_cast("header"), required_argument, nullptr, 'h'},
-    {const_cast("maxage"), required_argument, nullptr, 'm'},
-    {const_cast("prefix"), required_argument, nullptr, 'p'},
-    {const_cast("tag"), required_argument, nullptr, 't'},
-    // EOF
-    {nullptr, no_argument, nullptr, '\0'},
+    {const_cast("limit"),  required_argument, nullptr, 'l' },
+    {const_cast("queue"),  required_argument, nullptr, 'q' },
+    {const_cast("error"),  required_argument, nullptr, 'e' },
+    {const_cast("retry"),  required_argument, nullptr, 'r' },
+    {const_cast("header"), required_argument, nullptr, 'h' },
+    {const_cast("maxage"), required_argument, nullptr, 'm' },
+    {const_cast("prefix"), required_argument, nullptr, 'p' },
+    {const_cast("tag"),    required_argument, nullptr, 't' },
+ // EOF
+    {nullptr,                      no_argument,       nullptr, '\0'},
   };
 
   while (true) {
diff --git a/plugins/experimental/redo_cache_lookup/redo_cache_lookup.cc b/plugins/experimental/redo_cache_lookup/redo_cache_lookup.cc
index 6b6c496c77c..e7b65fb2f59 100644
--- a/plugins/experimental/redo_cache_lookup/redo_cache_lookup.cc
+++ b/plugins/experimental/redo_cache_lookup/redo_cache_lookup.cc
@@ -81,7 +81,9 @@ TSPluginInit(int argc, const char *argv[])
   const char *fallback = nullptr;
 
   // Read options from plugin.config
-  static const struct option longopts[] = {{"fallback", required_argument, nullptr, 'f'}};
+  static const struct option longopts[] = {
+    {"fallback", required_argument, nullptr, 'f'}
+  };
 
   int opt = 0;
 
diff --git a/plugins/experimental/remap_stats/remap_stats.cc b/plugins/experimental/remap_stats/remap_stats.cc
index 39db77accf1..20de2553948 100644
--- a/plugins/experimental/remap_stats/remap_stats.cc
+++ b/plugins/experimental/remap_stats/remap_stats.cc
@@ -30,7 +30,7 @@
 #include 
 
 #define PLUGIN_NAME "remap_stats"
-#define DEBUG_TAG PLUGIN_NAME
+#define DEBUG_TAG   PLUGIN_NAME
 
 #define MAX_STAT_LENGTH (1 << 8)
 
@@ -169,7 +169,7 @@ handle_txn_close(TSCont cont, TSEvent event ATS_UNUSED, void *edata)
     }
 
     uint64_t in_bytes = TSHttpTxnClientReqHdrBytesGet(txn);
-    in_bytes += TSHttpTxnClientReqBodyBytesGet(txn);
+    in_bytes          += TSHttpTxnClientReqBodyBytesGet(txn);
 
     ts::LocalBufferWriter stat_name;
 
@@ -177,7 +177,7 @@ handle_txn_close(TSCont cont, TSEvent event ATS_UNUSED, void *edata)
     stat_add(stat_name.data(), static_cast(in_bytes), config->persist_type, config->stat_creation_mutex);
 
     uint64_t out_bytes = TSHttpTxnClientRespHdrBytesGet(txn);
-    out_bytes += TSHttpTxnClientRespBodyBytesGet(txn);
+    out_bytes          += TSHttpTxnClientRespBodyBytesGet(txn);
 
     create_stat_name(stat_name, hostsv, "out_bytes");
     stat_add(stat_name.data(), static_cast(out_bytes), config->persist_type, config->stat_creation_mutex);
diff --git a/plugins/experimental/slice/Config.cc b/plugins/experimental/slice/Config.cc
index 65ca648ba8f..ee2a6c777a3 100644
--- a/plugins/experimental/slice/Config.cc
+++ b/plugins/experimental/slice/Config.cc
@@ -113,19 +113,19 @@ Config::fromArgs(int const argc, char const *const argv[])
 
   // standard parsing
   constexpr struct option longopts[] = {
-    {const_cast("blockbytes"), required_argument, nullptr, 'b'},
-    {const_cast("crr-ims-header"), required_argument, nullptr, 'c'},
-    {const_cast("disable-errorlog"), no_argument, nullptr, 'd'},
-    {const_cast("exclude-regex"), required_argument, nullptr, 'e'},
-    {const_cast("include-regex"), required_argument, nullptr, 'i'},
-    {const_cast("ref-relative"), no_argument, nullptr, 'l'},
-    {const_cast("pace-errorlog"), required_argument, nullptr, 'p'},
-    {const_cast("remap-host"), required_argument, nullptr, 'r'},
-    {const_cast("skip-header"), required_argument, nullptr, 's'},
-    {const_cast("blockbytes-test"), required_argument, nullptr, 't'},
-    {const_cast("prefetch-count"), required_argument, nullptr, 'f'},
-    {const_cast("strip-range-for-head"), no_argument, nullptr, 'h'},
-    {nullptr, 0, nullptr, 0},
+    {const_cast("blockbytes"),           required_argument, nullptr, 'b'},
+    {const_cast("crr-ims-header"),       required_argument, nullptr, 'c'},
+    {const_cast("disable-errorlog"),     no_argument,       nullptr, 'd'},
+    {const_cast("exclude-regex"),        required_argument, nullptr, 'e'},
+    {const_cast("include-regex"),        required_argument, nullptr, 'i'},
+    {const_cast("ref-relative"),         no_argument,       nullptr, 'l'},
+    {const_cast("pace-errorlog"),        required_argument, nullptr, 'p'},
+    {const_cast("remap-host"),           required_argument, nullptr, 'r'},
+    {const_cast("skip-header"),          required_argument, nullptr, 's'},
+    {const_cast("blockbytes-test"),      required_argument, nullptr, 't'},
+    {const_cast("prefetch-count"),       required_argument, nullptr, 'f'},
+    {const_cast("strip-range-for-head"), no_argument,       nullptr, 'h'},
+    {nullptr,                                    0,                 nullptr, 0  },
   };
 
   // getopt assumes args start at '1' so this hack is needed
diff --git a/plugins/experimental/slice/Data.h b/plugins/experimental/slice/Data.h
index 8e654a69bc4..175171aed90 100644
--- a/plugins/experimental/slice/Data.h
+++ b/plugins/experimental/slice/Data.h
@@ -42,7 +42,7 @@ enum BlockState {
 };
 
 struct Data {
-  Data(Data const &) = delete;
+  Data(Data const &)            = delete;
   Data &operator=(Data const &) = delete;
 
   Config *const m_config;
diff --git a/plugins/experimental/slice/HttpHeader.cc b/plugins/experimental/slice/HttpHeader.cc
index d98d112a3f7..50fcc35ddc5 100644
--- a/plugins/experimental/slice/HttpHeader.cc
+++ b/plugins/experimental/slice/HttpHeader.cc
@@ -354,7 +354,7 @@ HdrMgr::populateFrom(TSHttpParser const http_parser, TSIOBufferReader const read
       int64_t const bytes_parsed(ptr - bstart);
 
       consumed += bytes_parsed;
-      avail -= bytes_parsed;
+      avail    -= bytes_parsed;
 
       if (TS_PARSE_CONT == parse_res) {
         block = TSIOBufferBlockNext(block);
diff --git a/plugins/experimental/slice/HttpHeader.h b/plugins/experimental/slice/HttpHeader.h
index 81f1817fb73..060a00504d2 100644
--- a/plugins/experimental/slice/HttpHeader.h
+++ b/plugins/experimental/slice/HttpHeader.h
@@ -149,7 +149,7 @@ struct HttpHeader {
 };
 
 struct TxnHdrMgr {
-  TxnHdrMgr(TxnHdrMgr const &) = delete;
+  TxnHdrMgr(TxnHdrMgr const &)            = delete;
   TxnHdrMgr &operator=(TxnHdrMgr const &) = delete;
 
   TSMBuffer m_buffer{nullptr};
@@ -187,7 +187,7 @@ struct TxnHdrMgr {
 };
 
 struct HdrMgr {
-  HdrMgr(HdrMgr const &) = delete;
+  HdrMgr(HdrMgr const &)            = delete;
   HdrMgr &operator=(HdrMgr const &) = delete;
 
   TSMBuffer m_buffer{nullptr};
diff --git a/plugins/experimental/slice/Stage.h b/plugins/experimental/slice/Stage.h
index 47ae28a96df..5f88e0d33dc 100644
--- a/plugins/experimental/slice/Stage.h
+++ b/plugins/experimental/slice/Stage.h
@@ -115,7 +115,7 @@ struct Channel {
 
 struct Stage // upstream or downstream (server or client)
 {
-  Stage(Stage const &) = delete;
+  Stage(Stage const &)            = delete;
   Stage &operator=(Stage const &) = delete;
 
   TSVConn m_vc{nullptr};
diff --git a/plugins/experimental/slice/client.cc b/plugins/experimental/slice/client.cc
index 3d19372440a..bfb036ccb87 100644
--- a/plugins/experimental/slice/client.cc
+++ b/plugins/experimental/slice/client.cc
@@ -59,7 +59,7 @@ handle_client_req(TSCont contp, TSEvent event, Data *const data)
     char rangestr[1024];
     int rangelen             = sizeof(rangestr);
     bool const hasRange      = header.valueForKey(TS_MIME_FIELD_RANGE, TS_MIME_LEN_RANGE, rangestr, &rangelen,
-                                             0); // <-- first range only
+                                                  0); // <-- first range only
     Config const *const conf = data->m_config;
     if (hasRange) {
       // write parsed header into slicer meta tag
diff --git a/plugins/experimental/slice/slice.h b/plugins/experimental/slice/slice.h
index 4f9df58a382..d2b6a404cf7 100644
--- a/plugins/experimental/slice/slice.h
+++ b/plugins/experimental/slice/slice.h
@@ -34,7 +34,7 @@
 
 #if !defined(UNITTEST)
 
-#define __FILENAME__ (strrchr(__FILE__, '/') ? strrchr(__FILE__, '/') + 1 : __FILE__)
+#define __FILENAME__        (strrchr(__FILE__, '/') ? strrchr(__FILE__, '/') + 1 : __FILE__)
 #define DEBUG_LOG(fmt, ...) TSDebug(PLUGIN_NAME, "[%s:% 4d] %s(): " fmt, __FILENAME__, __LINE__, __func__, ##__VA_ARGS__)
 
 #define ERROR_LOG(fmt, ...)                                                                         \
diff --git a/plugins/experimental/slice/slice_test.cc b/plugins/experimental/slice/slice_test.cc
index 4fcbc5be7bd..27814d66299 100644
--- a/plugins/experimental/slice/slice_test.cc
+++ b/plugins/experimental/slice/slice_test.cc
@@ -117,10 +117,23 @@ testParseRange()
     "bytes 0-1023/146515" // this should be rejected (Content-range)
   };                      // invalid
 
-  std::vector const exps = {Range{0, 1023 + 1}, Range{1, 1024 + 1}, Range{11, 11 + 1}, Range{1, Range::maxval},
-                                   Range{-1, -1},      Range{3, 17 + 1},   Range{3, 17 + 1},  Range{3, 17 + 1},
-                                   Range{3, 11 + 1},   Range{3, 11 + 1},   Range{0, 1},       Range{-20, 0},
-                                   Range{-1, -1},      Range{-1, -1},      Range{-1, -1}};
+  std::vector const exps = {
+    Range{0,   1023 + 1     },
+    Range{1,   1024 + 1     },
+    Range{11,  11 + 1       },
+    Range{1,   Range::maxval},
+    Range{-1,  -1           },
+    Range{3,   17 + 1       },
+    Range{3,   17 + 1       },
+    Range{3,   17 + 1       },
+    Range{3,   11 + 1       },
+    Range{3,   11 + 1       },
+    Range{0,   1            },
+    Range{-20, 0            },
+    Range{-1,  -1           },
+    Range{-1,  -1           },
+    Range{-1,  -1           }
+  };
 
   std::vector const expsres = {true, true, true, true, false, true, true, true, true, true, true, true, false, false, false};
 
diff --git a/plugins/experimental/slice/transfer.cc b/plugins/experimental/slice/transfer.cc
index ce31b754031..cb6a33c79cc 100644
--- a/plugins/experimental/slice/transfer.cc
+++ b/plugins/experimental/slice/transfer.cc
@@ -39,8 +39,8 @@ transfer_content_bytes(Data *const data)
     if (0 < toskip) {
       TSIOBufferReaderConsume(reader, toskip);
       data->m_blockskip -= toskip;
-      avail -= toskip;
-      consumed += toskip;
+      avail             -= toskip;
+      consumed          += toskip;
     }
   }
 
@@ -55,7 +55,7 @@ transfer_content_bytes(Data *const data)
       data->m_bytessent += copied;
       TSIOBufferReaderConsume(reader, copied);
 
-      avail -= copied;
+      avail    -= copied;
       consumed += copied;
     }
   }
diff --git a/plugins/experimental/slice/unit-tests/slice_test.cc b/plugins/experimental/slice/unit-tests/slice_test.cc
index 6f15ce0c48e..d6d43f91e11 100644
--- a/plugins/experimental/slice/unit-tests/slice_test.cc
+++ b/plugins/experimental/slice/unit-tests/slice_test.cc
@@ -103,10 +103,23 @@ testParseRange()
     "bytes 0-1023/146515" // this should be rejected (Content-range)
   };                      // invalid
 
-  std::vector const exps = {Range{0, 1023 + 1}, Range{1, 1024 + 1}, Range{11, 11 + 1}, Range{1, Range::maxval},
-                                   Range{-1, -1},      Range{3, 17 + 1},   Range{3, 17 + 1},  Range{3, 17 + 1},
-                                   Range{3, 11 + 1},   Range{3, 11 + 1},   Range{0, 1},       Range{-20, 0},
-                                   Range{-1, -1},      Range{-1, -1},      Range{-1, -1}};
+  std::vector const exps = {
+    Range{0,   1023 + 1     },
+    Range{1,   1024 + 1     },
+    Range{11,  11 + 1       },
+    Range{1,   Range::maxval},
+    Range{-1,  -1           },
+    Range{3,   17 + 1       },
+    Range{3,   17 + 1       },
+    Range{3,   17 + 1       },
+    Range{3,   11 + 1       },
+    Range{3,   11 + 1       },
+    Range{0,   1            },
+    Range{-20, 0            },
+    Range{-1,  -1           },
+    Range{-1,  -1           },
+    Range{-1,  -1           }
+  };
 
   std::vector const expsres = {true, true, true, true, false, true, true, true, true, true, true, true, false, false, false};
 
diff --git a/plugins/experimental/slice/unit-tests/test_config.cc b/plugins/experimental/slice/unit-tests/test_config.cc
index 8f015bec45e..753ab8936d8 100644
--- a/plugins/experimental/slice/unit-tests/test_config.cc
+++ b/plugins/experimental/slice/unit-tests/test_config.cc
@@ -37,23 +37,18 @@ TEST_CASE("config default", "[AWS][slice][utility]")
 
 TEST_CASE("config bytesfrom valid parsing", "[AWS][slice][utility]")
 {
-  static std::array const teststrings = {{
-    "1000",
-    "1m",
-    "5g",
-    "2k",
-    "3kb",
-    "1z",
-  }};
-
-  constexpr std::array const expvals = {{
-    1000,
-    1024 * 1024,
-    int64_t(1024) * 1024 * 1024 * 5,
-    1024 * 2,
-    1024 * 3,
-    1,
-  }};
+  static std::array const teststrings = {
+    "1000", "1m", "5g", "2k", "3kb", "1z",
+  };
+
+  constexpr std::array const expvals = {
+    {
+     1000, 1024 * 1024,
+     int64_t(1024) * 1024 * 1024 * 5,
+     1024 * 2,
+     1024 * 3,
+     1, }
+  };
 
   for (size_t index = 0; index < teststrings.size(); ++index) {
     std::string const &teststr = teststrings[index];
@@ -69,13 +64,13 @@ TEST_CASE("config bytesfrom valid parsing", "[AWS][slice][utility]")
 
 TEST_CASE("config bytesfrom invalid parsing", "[AWS][slice][utility]")
 {
-  static std::array const badstrings = {{
+  static std::array const badstrings = {
     "abc",  // alpha
     "g00",  // giga
     "M00",  // mega
     "k00",  // kilo
     "-500", // negative
-  }};
+  };
 
   for (std::string const &badstr : badstrings) {
     int64_t const val = Config::bytesFrom(badstr.c_str());
@@ -95,19 +90,21 @@ TEST_CASE("config fromargs validate sizes", "[AWS][slice][utility]")
   CHECK(blockBytesMin == Config::blockbytesmin);
 
   std::vector const argkws                 = {"-b ", "--blockbytes=", "blockbytes:"};
-  std::vector> const tests = {{"4m", true},
-                                                           {"1", false},
-                                                           {"32m", true},
-                                                           {"64m", true},
-                                                           {"256k", true},
-                                                           {"128m", true},
-                                                           {"10m", true},
-                                                           {std::to_string(blockBytesMax), true},
-                                                           {std::to_string(blockBytesMax + 1), false},
-                                                           {std::to_string(blockBytesMax - 1), true},
-                                                           {std::to_string(blockBytesMin), true},
-                                                           {std::to_string(blockBytesMin + 1), true},
-                                                           {std::to_string(blockBytesMin - 1), false}};
+  std::vector> const tests = {
+    {"4m",                              true },
+    {"1",                               false},
+    {"32m",                             true },
+    {"64m",                             true },
+    {"256k",                            true },
+    {"128m",                            true },
+    {"10m",                             true },
+    {std::to_string(blockBytesMax),     true },
+    {std::to_string(blockBytesMax + 1), false},
+    {std::to_string(blockBytesMax - 1), true },
+    {std::to_string(blockBytesMin),     true },
+    {std::to_string(blockBytesMin + 1), true },
+    {std::to_string(blockBytesMin - 1), false}
+  };
 
   for (std::string const &kw : argkws) { // test each argument keyword with each test pair
     for (std::pair const &test : tests) {
diff --git a/plugins/experimental/slice/unit-tests/test_range.cc b/plugins/experimental/slice/unit-tests/test_range.cc
index d2b1813fe3f..c43f2956fdc 100644
--- a/plugins/experimental/slice/unit-tests/test_range.cc
+++ b/plugins/experimental/slice/unit-tests/test_range.cc
@@ -49,17 +49,17 @@ TEST_CASE("range to/from string - valid", "[AWS][slice][utility]")
   };
 
   std::vector const exps = {
-    Range{0, 1023 + 1},      //
-    Range{1, 1024 + 1},      //
-    Range{11, 11 + 1},       //
-    Range{1, Range::maxval}, //
-    Range{3, 17 + 1},        //
-    Range{3, 17 + 1},        //
-    Range{3, 17 + 1},        //
-    Range{3, 11 + 1},        //
-    Range{3, 11 + 1},        //
-    Range{0, 1},             //
-    Range{-20, 0}            //
+    Range{0,   1023 + 1     }, //
+    Range{1,   1024 + 1     }, //
+    Range{11,  11 + 1       }, //
+    Range{1,   Range::maxval}, //
+    Range{3,   17 + 1       }, //
+    Range{3,   17 + 1       }, //
+    Range{3,   17 + 1       }, //
+    Range{3,   11 + 1       }, //
+    Range{3,   11 + 1       }, //
+    Range{0,   1            }, //
+    Range{-20, 0            }  //
   };
 
   for (size_t index = 0; index < teststrings.size(); ++index) {
diff --git a/plugins/experimental/ssl_session_reuse/src/session_process.cc b/plugins/experimental/ssl_session_reuse/src/session_process.cc
index 47660f65ec1..7cdeb4cd7ef 100644
--- a/plugins/experimental/ssl_session_reuse/src/session_process.cc
+++ b/plugins/experimental/ssl_session_reuse/src/session_process.cc
@@ -112,7 +112,7 @@ decrypt_session(const std::string &encrypted_data, const unsigned char *key, int
     ssl_sess_ptr += sizeof(int64_t);
 
     // Length
-    ret = *reinterpret_cast(ssl_sess_ptr);
+    ret          = *reinterpret_cast(ssl_sess_ptr);
     ssl_sess_ptr += sizeof(int32_t);
 
     len_all = ret + sizeof(int64_t) + sizeof(int32_t);
diff --git a/plugins/experimental/ssl_session_reuse/src/ssl_key_utils.cc b/plugins/experimental/ssl_session_reuse/src/ssl_key_utils.cc
index 282bc339211..f413a27eecb 100644
--- a/plugins/experimental/ssl_session_reuse/src/ssl_key_utils.cc
+++ b/plugins/experimental/ssl_session_reuse/src/ssl_key_utils.cc
@@ -35,7 +35,7 @@
 #include "stek.h"
 #include "common.h"
 
-#define SSL_AES_KEY_SUFFIX "_aes_key"
+#define SSL_AES_KEY_SUFFIX  "_aes_key"
 #define SSL_HMAC_KEY_SUFFIX "_hmac_key"
 
 #define STEK_MAX_ENC_SIZE 512
diff --git a/plugins/experimental/ssl_session_reuse/src/stek.h b/plugins/experimental/ssl_session_reuse/src/stek.h
index f1f9725bb1b..d7a6c07282e 100644
--- a/plugins/experimental/ssl_session_reuse/src/stek.h
+++ b/plugins/experimental/ssl_session_reuse/src/stek.h
@@ -25,8 +25,8 @@
 
 /* STEK - Session Ticket Encryption Key stuff */
 
-#define STEK_ID_NAME "@stek@" // ACTUALLY it is redis channel minus cluster_name prefix, aka mdbm keyname
-#define STEK_ID_RESEND "@resendstek@"
+#define STEK_ID_NAME      "@stek@" // ACTUALLY it is redis channel minus cluster_name prefix, aka mdbm keyname
+#define STEK_ID_RESEND    "@resendstek@"
 #define STEK_MAX_LIFETIME 86400 // 24 hours max - should rotate STEK
 
 #define STEK_NOT_CHANGED_WARNING_INTERVAL (2 * STEK_MAX_LIFETIME) // warn on non-stek rotate every X secs.
diff --git a/plugins/experimental/sslheaders/expand.cc b/plugins/experimental/sslheaders/expand.cc
index 174d3709ef0..146540f28b2 100644
--- a/plugins/experimental/sslheaders/expand.cc
+++ b/plugins/experimental/sslheaders/expand.cc
@@ -41,7 +41,7 @@ x509_expand_certificate(X509 *x509, BIO *bio)
   // The PEM format has newlines in it. mod_ssl replaces those with spaces.
   remain = BIO_get_mem_data(bio, &ptr);
   for (char *nl; (nl = static_cast(memchr(ptr, '\n', remain))); ptr = nl) {
-    *nl = ' ';
+    *nl    = ' ';
     remain -= nl - ptr;
   }
 }
@@ -105,7 +105,7 @@ x509_expand_notafter(X509 *x509, BIO *bio)
   ASN1_TIME_print(bio, time);
 }
 
-static const std::array expansions = {{
+static const std::array expansions = {
   x509_expand_none,        // SSL_HEADERS_FIELD_NONE
   x509_expand_certificate, // SSL_HEADERS_FIELD_CERTIFICATE
   x509_expand_subject,     // SSL_HEADERS_FIELD_SUBJECT
@@ -114,7 +114,7 @@ static const std::array expansions = {{
   x509_expand_signature,   // SSL_HEADERS_FIELD_SIGNATURE
   x509_expand_notbefore,   // SSL_HEADERS_FIELD_NOTBEFORE
   x509_expand_notafter,    // SSL_HEADERS_FIELD_NOTAFTER
-}};
+};
 
 bool
 SslHdrExpandX509Field(BIO *bio, X509 *x509, ExpansionField field)
diff --git a/plugins/experimental/sslheaders/sslheaders.cc b/plugins/experimental/sslheaders/sslheaders.cc
index 933131b0ac2..f5b493d0fc7 100644
--- a/plugins/experimental/sslheaders/sslheaders.cc
+++ b/plugins/experimental/sslheaders/sslheaders.cc
@@ -212,7 +212,7 @@ SslHdrParseOptions(int argc, const char **argv)
 {
   static const struct option longopt[] = {
     {const_cast("attach"), required_argument, nullptr, 'a'},
-    {nullptr, 0, nullptr, 0},
+    {nullptr,                      0,                 nullptr, 0  },
   };
 
   std::unique_ptr hdr(new SslHdrInstance());
diff --git a/plugins/experimental/sslheaders/sslheaders.h b/plugins/experimental/sslheaders/sslheaders.h
index c3134aae9cf..a1f1ad377ec 100644
--- a/plugins/experimental/sslheaders/sslheaders.h
+++ b/plugins/experimental/sslheaders/sslheaders.h
@@ -70,10 +70,10 @@ struct SslHdrExpansion {
   ExpansionField field = SSL_HEADERS_FIELD_NONE;
 
   // noncopyable but movable
-  SslHdrExpansion(const SslHdrExpansion &) = delete;
+  SslHdrExpansion(const SslHdrExpansion &)            = delete;
   SslHdrExpansion &operator=(const SslHdrExpansion &) = delete;
   SslHdrExpansion(SslHdrExpansion &&)                 = default;
-  SslHdrExpansion &operator=(SslHdrExpansion &&) = default;
+  SslHdrExpansion &operator=(SslHdrExpansion &&)      = default;
 };
 
 struct SslHdrInstance {
@@ -87,7 +87,7 @@ struct SslHdrInstance {
   TSCont cont;
 
   // noncopyable
-  SslHdrInstance(const SslHdrInstance &) = delete;
+  SslHdrInstance(const SslHdrInstance &)            = delete;
   SslHdrInstance &operator=(const SslHdrInstance &) = delete;
 };
 
diff --git a/plugins/experimental/sslheaders/unit_tests/test_sslheaders.cc b/plugins/experimental/sslheaders/unit_tests/test_sslheaders.cc
index 221adf843af..c6330def0b8 100644
--- a/plugins/experimental/sslheaders/unit_tests/test_sslheaders.cc
+++ b/plugins/experimental/sslheaders/unit_tests/test_sslheaders.cc
@@ -79,7 +79,7 @@ make_pem_header(const char *pem)
   remain    = strlen(hdr);
 
   for (char *nl; (nl = static_cast(memchr(ptr, '\n', remain))); ptr = nl) {
-    *nl = ' ';
+    *nl    = ' ';
     remain -= nl - ptr;
   }
 
diff --git a/plugins/experimental/sslheaders/util.cc b/plugins/experimental/sslheaders/util.cc
index 14e215ffb1c..66f29aaee7e 100644
--- a/plugins/experimental/sslheaders/util.cc
+++ b/plugins/experimental/sslheaders/util.cc
@@ -29,15 +29,17 @@ struct _f {
   const char *name;
   ExpansionField field;
 };
-const std::array<_f, SSL_HEADERS_FIELD_MAX - 1> fields = {{
-  {"certificate", SSL_HEADERS_FIELD_CERTIFICATE},
-  {"subject", SSL_HEADERS_FIELD_SUBJECT},
-  {"issuer", SSL_HEADERS_FIELD_ISSUER},
-  {"serial", SSL_HEADERS_FIELD_SERIAL},
-  {"signature", SSL_HEADERS_FIELD_SIGNATURE},
-  {"notbefore", SSL_HEADERS_FIELD_NOTBEFORE},
-  {"notafter", SSL_HEADERS_FIELD_NOTAFTER},
-}};
+const std::array<_f, SSL_HEADERS_FIELD_MAX - 1> fields = {
+  {
+   {"certificate", SSL_HEADERS_FIELD_CERTIFICATE},
+   {"subject", SSL_HEADERS_FIELD_SUBJECT},
+   {"issuer", SSL_HEADERS_FIELD_ISSUER},
+   {"serial", SSL_HEADERS_FIELD_SERIAL},
+   {"signature", SSL_HEADERS_FIELD_SIGNATURE},
+   {"notbefore", SSL_HEADERS_FIELD_NOTBEFORE},
+   {"notafter", SSL_HEADERS_FIELD_NOTAFTER},
+   }
+};
 } // namespace
 
 bool
diff --git a/plugins/experimental/statichit/statichit.cc b/plugins/experimental/statichit/statichit.cc
index 7b2824f5547..ddb2f8aa158 100644
--- a/plugins/experimental/statichit/statichit.cc
+++ b/plugins/experimental/statichit/statichit.cc
@@ -660,13 +660,15 @@ TSRemapDoRemap(void *ih, TSHttpTxn rh, TSRemapRequestInfo *rri)
 TSReturnCode
 TSRemapNewInstance(int argc, char *argv[], void **ih, char * /* errbuf ATS_UNUSED */, int /* errbuf_size ATS_UNUSED */)
 {
-  static const struct option longopt[] = {{"file-path", required_argument, nullptr, 'f'},
-                                          {"mime-type", required_argument, nullptr, 'm'},
-                                          {"max-age", required_argument, nullptr, 'a'},
-                                          {"failure-code", required_argument, nullptr, 'c'},
-                                          {"success-code", required_argument, nullptr, 's'},
-                                          {"disable-exact", no_argument, nullptr, 'd'},
-                                          {nullptr, no_argument, nullptr, '\0'}};
+  static const struct option longopt[] = {
+    {"file-path",     required_argument, nullptr, 'f' },
+    {"mime-type",     required_argument, nullptr, 'm' },
+    {"max-age",       required_argument, nullptr, 'a' },
+    {"failure-code",  required_argument, nullptr, 'c' },
+    {"success-code",  required_argument, nullptr, 's' },
+    {"disable-exact", no_argument,       nullptr, 'd' },
+    {nullptr,         no_argument,       nullptr, '\0'}
+  };
 
   std::string filePath;
   std::string mimeType = "text/plain";
diff --git a/plugins/experimental/stek_share/log_store.cc b/plugins/experimental/stek_share/log_store.cc
index 0bd31673a1f..135930d1a91 100644
--- a/plugins/experimental/stek_share/log_store.cc
+++ b/plugins/experimental/stek_share/log_store.cc
@@ -190,7 +190,7 @@ STEKShareLogStore::pack(uint64_t index, int32_t cnt)
     }
     assert(le.get());
     nuraft::ptr buf = le->serialize();
-    size_total += buf->size();
+    size_total                      += buf->size();
     logs.push_back(buf);
   }
 
diff --git a/plugins/experimental/stek_share/stek_share.cc b/plugins/experimental/stek_share/stek_share.cc
index 810c4f75ba9..669b54d4583 100644
--- a/plugins/experimental/stek_share/stek_share.cc
+++ b/plugins/experimental/stek_share/stek_share.cc
@@ -198,7 +198,7 @@ set_server_info(int argc, const char *argv[])
     }
 
     std::string cluster_list_str = "";
-    cluster_list_str += "\nSTEK Share Cluster Server List:";
+    cluster_list_str             += "\nSTEK Share Cluster Server List:";
     for (auto it = server_list.begin(); it != server_list.end(); ++it) {
       YAML::Node server_info = it->as();
       if (server_info["server_id"] && server_info["address"] && server_info["port"]) {
@@ -207,7 +207,7 @@ set_server_info(int argc, const char *argv[])
         int port                                  = server_info["port"].as();
         std::string endpoint                      = address + ":" + std::to_string(port);
         stek_share_server.server_list_[server_id] = endpoint;
-        cluster_list_str += "\n  " + std::to_string(server_id) + ", " + endpoint;
+        cluster_list_str                          += "\n  " + std::to_string(server_id) + ", " + endpoint;
       } else {
         TSDebug(PLUGIN, "Wrong server list format.");
         return -1;
@@ -302,8 +302,8 @@ print_status()
   // For debugging
   nuraft::ptr ls = stek_share_server.smgr_->load_log_store();
   std::string status_str            = "";
-  status_str += "\n  Server ID: " + std::to_string(stek_share_server.server_id_);
-  status_str += "\n  Leader ID: " + std::to_string(stek_share_server.raft_instance_->get_leader());
+  status_str                        += "\n  Server ID: " + std::to_string(stek_share_server.server_id_);
+  status_str                        += "\n  Leader ID: " + std::to_string(stek_share_server.raft_instance_->get_leader());
   status_str += "\n  Raft log range: " + std::to_string(ls->start_index()) + " - " + std::to_string((ls->next_slot() - 1));
   status_str += "\n  Last committed index: " + std::to_string(stek_share_server.raft_instance_->get_committed_log_idx());
   TSDebug(PLUGIN, "%s", status_str.c_str());
diff --git a/plugins/experimental/stek_share/stek_utils.h b/plugins/experimental/stek_share/stek_utils.h
index c51a73bbbd8..96cb05364d7 100644
--- a/plugins/experimental/stek_share/stek_utils.h
+++ b/plugins/experimental/stek_share/stek_utils.h
@@ -25,9 +25,9 @@
 #pragma once
 
 /* STEK - Session Ticket Encryption Key stuff */
-#define STEK_MAX_LIFETIME 86400                                   // 24 hours max - should rotate STEK
+#define STEK_MAX_LIFETIME                 86400                   // 24 hours max - should rotate STEK
 #define STEK_NOT_CHANGED_WARNING_INTERVAL (2 * STEK_MAX_LIFETIME) // warn on non-stek rotate every X secs.
-#define STEK_MAX_ENC_SIZE 512
+#define STEK_MAX_ENC_SIZE                 512
 
 #define SSL_KEY_LEN 16
 
diff --git a/plugins/experimental/stream_editor/stream_editor.cc b/plugins/experimental/stream_editor/stream_editor.cc
index e6e524e95cc..2436bf6a424 100644
--- a/plugins/experimental/stream_editor/stream_editor.cc
+++ b/plugins/experimental/stream_editor/stream_editor.cc
@@ -85,8 +85,8 @@
  *   The double-colons delimit flags, of which none are used in this example.
  */
 #define MAX_CONFIG_LINE 1024
-#define MAX_RX_MATCH 10
-#define WHITESPACE " \t\r\n"
+#define MAX_RX_MATCH    10
+#define WHITESPACE      " \t\r\n"
 
 #include 
 
@@ -408,7 +408,7 @@ class rule_t
 
     if (len_spec) {
       match_len = 0;
-      len_spec += 4;
+      len_spec  += 4;
       while (isdigit(*len_spec)) {
         match_len = 10 * match_len + (*len_spec++ - '0');
       }
@@ -479,7 +479,7 @@ class rule_t
     }
 
     to_spec += 3;
-    delim = *to_spec;
+    delim   = *to_spec;
     if (isalnum(delim)) {
       len = strcspn(to_spec, WHITESPACE);
     } else {
@@ -635,9 +635,9 @@ process_block(contdata_t *contdata, TSIOBufferReader reader)
       //        so we could use TSIOBufferCopy ?
       n = TSIOBufferWrite(contdata->out_buf, buf + bytes_read, start);
       assert(n > 0); // FIXME - handle error
-      bytes_read += n;
+      bytes_read          += n;
       contdata->bytes_out += n;
-      start -= n;
+      start               -= n;
     }
 
     /* omit deleted bytes */
@@ -654,10 +654,10 @@ process_block(contdata_t *contdata, TSIOBufferReader reader)
 
   /* data after the last edit */
   if (bytes_read < buflen - keep) {
-    n = TSIOBufferWrite(contdata->out_buf, buf + bytes_read, buflen - bytes_read - keep);
-    contdata->bytes_in += n;
+    n                   = TSIOBufferWrite(contdata->out_buf, buf + bytes_read, buflen - bytes_read - keep);
+    contdata->bytes_in  += n;
     contdata->bytes_out += n;
-    bytes_read += n;
+    bytes_read          += n;
   }
   /* reset buf to what we've not processed */
   contdata->contbuf = buf + bytes_read;
diff --git a/plugins/experimental/system_stats/system_stats.c b/plugins/experimental/system_stats/system_stats.c
index f15cc8751a1..347e75e866f 100644
--- a/plugins/experimental/system_stats/system_stats.c
+++ b/plugins/experimental/system_stats/system_stats.c
@@ -41,14 +41,14 @@
 #include 
 
 #define PLUGIN_NAME "system_stats"
-#define DEBUG_TAG PLUGIN_NAME
+#define DEBUG_TAG   PLUGIN_NAME
 
 // Time in MS to grab the system stats
 #define SYSTEM_STATS_TIMEOUT 5000
 
 // Load Average Strings
-#define LOAD_AVG_ONE_MIN "plugin." PLUGIN_NAME ".loadavg.one"
-#define LOAD_AVG_FIVE_MIN "plugin." PLUGIN_NAME ".loadavg.five"
+#define LOAD_AVG_ONE_MIN     "plugin." PLUGIN_NAME ".loadavg.one"
+#define LOAD_AVG_FIVE_MIN    "plugin." PLUGIN_NAME ".loadavg.five"
 #define LOAD_AVG_FIFTEEN_MIN "plugin." PLUGIN_NAME ".loadavg.fifteen"
 
 // Process Strings
@@ -58,7 +58,7 @@
 // with NET_STATS.infname.RX/TX.standard_net_stats field
 #define NET_STATS "plugin." PLUGIN_NAME ".net."
 
-#define NET_STATS_DIR "/sys/class/net"
+#define NET_STATS_DIR  "/sys/class/net"
 #define STATISTICS_DIR "statistics"
 
 // Used for matching to slave (old name) and lower (new name) symlinks
diff --git a/plugins/experimental/traffic_dump/session_data.cc b/plugins/experimental/traffic_dump/session_data.cc
index eceb9d4ccc9..3cbac0f619c 100644
--- a/plugins/experimental/traffic_dump/session_data.cc
+++ b/plugins/experimental/traffic_dump/session_data.cc
@@ -47,31 +47,35 @@ char const constexpr *const json_closing = "]}]}";
  * A mapping from IP_PROTO_TAG to the string describing the JSON protocol node.
  */
 std::unordered_map tag_to_node = {
-  {IP_PROTO_TAG_IPV4, R"("name":"ip","version":"4")"},
-  {IP_PROTO_TAG_IPV6, R"("name":"ip","version":"6")"},
+  {IP_PROTO_TAG_IPV4,      R"("name":"ip","version":"4")"    },
+  {IP_PROTO_TAG_IPV6,      R"("name":"ip","version":"6")"    },
 
-  {IP_PROTO_TAG_TCP, R"("name":"tcp")"},
-  {IP_PROTO_TAG_UDP, R"("name":"udp")"},
+  {IP_PROTO_TAG_TCP,       R"("name":"tcp")"                 },
+  {IP_PROTO_TAG_UDP,       R"("name":"udp")"                 },
 
-  {IP_PROTO_TAG_QUIC, R"("name:":"quic")"},
+  {IP_PROTO_TAG_QUIC,      R"("name:":"quic")"               },
 
-  {IP_PROTO_TAG_TLS_1_0, R"("name":"tls","version":"1.0")"},
-  {IP_PROTO_TAG_TLS_1_1, R"("name":"tls","version":"1.1")"},
-  {IP_PROTO_TAG_TLS_1_2, R"("name":"tls","version":"1.2")"},
-  {IP_PROTO_TAG_TLS_1_3, R"("name":"tls","version":"1.3")"},
+  {IP_PROTO_TAG_TLS_1_0,   R"("name":"tls","version":"1.0")" },
+  {IP_PROTO_TAG_TLS_1_1,   R"("name":"tls","version":"1.1")" },
+  {IP_PROTO_TAG_TLS_1_2,   R"("name":"tls","version":"1.2")" },
+  {IP_PROTO_TAG_TLS_1_3,   R"("name":"tls","version":"1.3")" },
 
-  {IP_PROTO_TAG_HTTP_0_9, R"("name":"http","version":"0.9")"},
-  {IP_PROTO_TAG_HTTP_1_0, R"("name":"http","version":"1.0")"},
-  {IP_PROTO_TAG_HTTP_1_1, R"("name":"http","version":"1.1")"},
-  {IP_PROTO_TAG_HTTP_2_0, R"("name":"http","version":"2")"},
+  {IP_PROTO_TAG_HTTP_0_9,  R"("name":"http","version":"0.9")"},
+  {IP_PROTO_TAG_HTTP_1_0,  R"("name":"http","version":"1.0")"},
+  {IP_PROTO_TAG_HTTP_1_1,  R"("name":"http","version":"1.1")"},
+  {IP_PROTO_TAG_HTTP_2_0,  R"("name":"http","version":"2")"  },
 
   {IP_PROTO_TAG_HTTP_QUIC, R"("name":"http","version":"0.9")"},
-  {IP_PROTO_TAG_HTTP_3, R"("name":"http","version":"3")"},
+  {IP_PROTO_TAG_HTTP_3,    R"("name":"http","version":"3")"  },
 };
 
 std::unordered_map http_tag_to_version = {
-  {IP_PROTO_TAG_HTTP_0_9, "0.9"}, {IP_PROTO_TAG_HTTP_1_0, "1.0"},  {IP_PROTO_TAG_HTTP_1_1, "1.1"},
-  {IP_PROTO_TAG_HTTP_2_0, "2"},   {IP_PROTO_TAG_HTTP_QUIC, "0.9"}, {IP_PROTO_TAG_HTTP_3, "3"},
+  {IP_PROTO_TAG_HTTP_0_9,  "0.9"},
+  {IP_PROTO_TAG_HTTP_1_0,  "1.0"},
+  {IP_PROTO_TAG_HTTP_1_1,  "1.1"},
+  {IP_PROTO_TAG_HTTP_2_0,  "2"  },
+  {IP_PROTO_TAG_HTTP_QUIC, "0.9"},
+  {IP_PROTO_TAG_HTTP_3,    "3"  },
 };
 
 /** Create a TLS characteristics node.
@@ -334,7 +338,7 @@ SessionData::write_to_disk_no_lock(std::string_view content)
     if (TS_SUCCESS == TSAIOWrite(log_fd, write_offset, pBuf, content.size(), aio_cont)) {
       // Update offset within file and aio events count
       write_offset += content.size();
-      aio_count += 1;
+      aio_count    += 1;
 
       return TS_SUCCESS;
     }
diff --git a/plugins/experimental/traffic_dump/traffic_dump.cc b/plugins/experimental/traffic_dump/traffic_dump.cc
index 3a392f65b4c..11d01929682 100644
--- a/plugins/experimental/traffic_dump/traffic_dump.cc
+++ b/plugins/experimental/traffic_dump/traffic_dump.cc
@@ -95,16 +95,18 @@ TSPluginInit(int argc, char const *argv[])
   std::string client_ip_filter;
 
   /// Commandline options
-  static const struct option longopts[] = {{"dump_body", no_argument, nullptr, 'b'},
-                                           {"logdir", required_argument, nullptr, 'l'},
-                                           {"sample", required_argument, nullptr, 's'},
-                                           {"limit", required_argument, nullptr, 'm'},
-                                           {"sensitive-fields", required_argument, nullptr, 'f'},
-                                           {"sni-filter", required_argument, nullptr, 'n'},
-                                           {"client_ipv4", required_argument, nullptr, '4'},
-                                           {"client_ipv6", required_argument, nullptr, '6'},
-                                           {nullptr, no_argument, nullptr, 0}};
-  int opt                               = 0;
+  static const struct option longopts[] = {
+    {"dump_body",        no_argument,       nullptr, 'b'},
+    {"logdir",           required_argument, nullptr, 'l'},
+    {"sample",           required_argument, nullptr, 's'},
+    {"limit",            required_argument, nullptr, 'm'},
+    {"sensitive-fields", required_argument, nullptr, 'f'},
+    {"sni-filter",       required_argument, nullptr, 'n'},
+    {"client_ipv4",      required_argument, nullptr, '4'},
+    {"client_ipv6",      required_argument, nullptr, '6'},
+    {nullptr,            no_argument,       nullptr, 0  }
+  };
+  int opt = 0;
   while (opt >= 0) {
     opt = getopt_long(argc, const_cast(argv), "bf:l:s:m:n:4:6", longopts, nullptr);
     switch (opt) {
diff --git a/plugins/experimental/traffic_dump/transaction_data.cc b/plugins/experimental/traffic_dump/transaction_data.cc
index 5c4cbf5e453..a0f0d89149f 100644
--- a/plugins/experimental/traffic_dump/transaction_data.cc
+++ b/plugins/experimental/traffic_dump/transaction_data.cc
@@ -129,7 +129,7 @@ TransactionData::get_sensitive_field_description()
     if (!is_first) {
       sensitive_fields_string += ", ";
     }
-    is_first = false;
+    is_first                = false;
     sensitive_fields_string += field;
   }
   return sensitive_fields_string;
@@ -201,7 +201,7 @@ TransactionData::write_message_node_no_content(TSMBuffer &buffer, TSMLoc &hdr_lo
   result += R"("version":")";
   if (http_version.empty()) {
     int version = TSHttpHdrVersionGet(buffer, hdr_loc);
-    result += std::to_string(TS_HTTP_MAJOR(version)) + "." + std::to_string(TS_HTTP_MINOR(version));
+    result      += std::to_string(TS_HTTP_MAJOR(version)) + "." + std::to_string(TS_HTTP_MINOR(version));
   } else {
     result += http_version;
   }
@@ -244,12 +244,12 @@ TransactionData::write_message_node_no_content(TSMBuffer &buffer, TSMLoc &hdr_lo
     // 2. "status":(string)
     result += R"("status":)" + std::to_string(TSHttpHdrStatusGet(buffer, hdr_loc));
     // 3. "reason":(string)
-    cp = TSHttpHdrReasonGet(buffer, hdr_loc, &len);
+    cp     = TSHttpHdrReasonGet(buffer, hdr_loc, &len);
     result += ',' + traffic_dump::json_entry("reason", cp, len);
   }
 
   // "headers": [[name(string), value(string)]]
-  result += R"(,"headers":{"encoding":"esc_json", "fields": [)";
+  result           += R"(,"headers":{"encoding":"esc_json", "fields": [)";
   TSMLoc field_loc = TSMimeHdrFieldGet(buffer, hdr_loc, 0);
   while (field_loc) {
     TSMLoc next_field_loc;
@@ -262,7 +262,7 @@ TransactionData::write_message_node_no_content(TSMBuffer &buffer, TSMLoc &hdr_lo
       value = TSMimeHdrFieldValueStringGet(buffer, hdr_loc, field_loc, -1, &value_len);
       std::string_view value_view{value, static_cast(value_len)};
       std::string_view new_value = replace_sensitive_fields(name_view, value_view);
-      result += traffic_dump::json_entry_array(name_view, new_value);
+      result                     += traffic_dump::json_entry_array(name_view, new_value);
     }
 
     next_field_loc = TSMimeHdrFieldNext(buffer, hdr_loc, field_loc);
@@ -278,7 +278,7 @@ std::string
 TransactionData::write_message_node(TSMBuffer &buffer, TSMLoc &hdr_loc, int64_t num_body_bytes, std::string_view http_version)
 {
   std::string result = write_message_node_no_content(buffer, hdr_loc, http_version);
-  result += write_content_node(num_body_bytes);
+  result             += write_content_node(num_body_bytes);
   return result + "}";
 }
 
@@ -286,7 +286,7 @@ std::string
 TransactionData::write_message_node(TSMBuffer &buffer, TSMLoc &hdr_loc, std::string_view body, std::string_view http_version)
 {
   std::string result = write_message_node_no_content(buffer, hdr_loc, http_version);
-  result += write_content_node(body);
+  result             += write_content_node(body);
   return result + "}";
 }
 
@@ -437,8 +437,8 @@ TransactionData::global_transaction_handler(TSCont contp, TSEvent event, void *e
     // The uuid is a header field for each message in the transaction. Use the
     // "all" node to apply to each message.
     std::string_view name = "uuid";
-    txnData->_txn_json += R"(,"all":{"headers":{"fields":[)" + json_entry_array(name, uuid_view);
-    txnData->_txn_json += "]}}";
+    txnData->_txn_json    += R"(,"all":{"headers":{"fields":[)" + json_entry_array(name, uuid_view);
+    txnData->_txn_json    += "]}}";
     break;
   }
 
diff --git a/plugins/experimental/uri_signing/common.h b/plugins/experimental/uri_signing/common.h
index 9a51bb61b97..abc87f7fbde 100644
--- a/plugins/experimental/uri_signing/common.h
+++ b/plugins/experimental/uri_signing/common.h
@@ -26,14 +26,14 @@
 
 #define PluginDebug(fmt, ...) PrintToStdErr("(%s) %s:%d:%s() " fmt "\n", PLUGIN_NAME, __FILE__, __LINE__, __func__, ##__VA_ARGS__)
 #define PluginError(fmt, ...) PrintToStdErr("(%s) %s:%d:%s() " fmt "\n", PLUGIN_NAME, __FILE__, __LINE__, __func__, ##__VA_ARGS__)
-#define TSmalloc(x) malloc(x)
-#define TSfree(p) free(p)
+#define TSmalloc(x)           malloc(x)
+#define TSfree(p)             free(p)
 void PrintToStdErr(const char *fmt, ...);
 
 #else
 
 #include "ts/ts.h"
-#define __FILENAME__ (strrchr(__FILE__, '/') ? strrchr(__FILE__, '/') + 1 : __FILE__)
+#define __FILENAME__          (strrchr(__FILE__, '/') ? strrchr(__FILE__, '/') + 1 : __FILE__)
 #define PluginDebug(fmt, ...) TSDebug(PLUGIN_NAME, "[%s:% 4d] %s(): " fmt, __FILENAME__, __LINE__, __func__, ##__VA_ARGS__);
 #define PluginError(fmt, ...)      \
   PluginDebug(fmt, ##__VA_ARGS__); \
diff --git a/plugins/experimental/uri_signing/config.c b/plugins/experimental/uri_signing/config.c
index 31891b20af9..64deda64c92 100644
--- a/plugins/experimental/uri_signing/config.c
+++ b/plugins/experimental/uri_signing/config.c
@@ -30,7 +30,7 @@
 
 #define JSONError(err) PluginError("json-err: %s:%d:%d: %s", (err).source, (err).line, (err).column, (err).text)
 
-#define AUTH_DENY 0
+#define AUTH_DENY  0
 #define AUTH_ALLOW 1
 struct auth_directive {
   char auth;
diff --git a/plugins/experimental/uri_signing/unit_tests/uri_signing_test.cc b/plugins/experimental/uri_signing/unit_tests/uri_signing_test.cc
index 9c78ed6426e..d57136f4cb5 100644
--- a/plugins/experimental/uri_signing/unit_tests/uri_signing_test.cc
+++ b/plugins/experimental/uri_signing/unit_tests/uri_signing_test.cc
@@ -362,7 +362,10 @@ TEST_CASE("2", "[JWSFromURLTest]")
                                 "URISigningPackage", NULL));
   }
 
-  SECTION("Empty string as URL") { REQUIRE(!jws_parsing_helper("", "URISigningPackage", NULL)); }
+  SECTION("Empty string as URL")
+  {
+    REQUIRE(!jws_parsing_helper("", "URISigningPackage", NULL));
+  }
 
   SECTION("Empty package name to parser")
   {
@@ -432,41 +435,95 @@ TEST_CASE("3", "[RemoveDotSegmentsTest]")
 {
   INFO("TEST 3, Test Removal of Dot Segments From Paths");
 
-  SECTION("../bar test") { REQUIRE(remove_dot_helper("../bar", "bar")); }
+  SECTION("../bar test")
+  {
+    REQUIRE(remove_dot_helper("../bar", "bar"));
+  }
 
-  SECTION("./bar test") { REQUIRE(remove_dot_helper("./bar", "bar")); }
+  SECTION("./bar test")
+  {
+    REQUIRE(remove_dot_helper("./bar", "bar"));
+  }
 
-  SECTION(".././bar test") { REQUIRE(remove_dot_helper(".././bar", "bar")); }
+  SECTION(".././bar test")
+  {
+    REQUIRE(remove_dot_helper(".././bar", "bar"));
+  }
 
-  SECTION("./../bar test") { REQUIRE(remove_dot_helper("./../bar", "bar")); }
+  SECTION("./../bar test")
+  {
+    REQUIRE(remove_dot_helper("./../bar", "bar"));
+  }
 
-  SECTION("/foo/./bar test") { REQUIRE(remove_dot_helper("/foo/./bar", "/foo/bar")); }
+  SECTION("/foo/./bar test")
+  {
+    REQUIRE(remove_dot_helper("/foo/./bar", "/foo/bar"));
+  }
 
-  SECTION("/bar/./ test") { REQUIRE(remove_dot_helper("/bar/./", "/bar/")); }
+  SECTION("/bar/./ test")
+  {
+    REQUIRE(remove_dot_helper("/bar/./", "/bar/"));
+  }
 
-  SECTION("/. test") { REQUIRE(remove_dot_helper("/.", "/")); }
+  SECTION("/. test")
+  {
+    REQUIRE(remove_dot_helper("/.", "/"));
+  }
 
-  SECTION("/bar/. test") { REQUIRE(remove_dot_helper("/bar/.", "/bar/")); }
+  SECTION("/bar/. test")
+  {
+    REQUIRE(remove_dot_helper("/bar/.", "/bar/"));
+  }
 
-  SECTION("/foo/../bar test") { REQUIRE(remove_dot_helper("/foo/../bar", "/bar")); }
+  SECTION("/foo/../bar test")
+  {
+    REQUIRE(remove_dot_helper("/foo/../bar", "/bar"));
+  }
 
-  SECTION("/bar/../ test") { REQUIRE(remove_dot_helper("/bar/../", "/")); }
+  SECTION("/bar/../ test")
+  {
+    REQUIRE(remove_dot_helper("/bar/../", "/"));
+  }
 
-  SECTION("/.. test") { REQUIRE(remove_dot_helper("/..", "/")); }
+  SECTION("/.. test")
+  {
+    REQUIRE(remove_dot_helper("/..", "/"));
+  }
 
-  SECTION("/bar/.. test") { REQUIRE(remove_dot_helper("/bar/..", "/")); }
+  SECTION("/bar/.. test")
+  {
+    REQUIRE(remove_dot_helper("/bar/..", "/"));
+  }
 
-  SECTION("/foo/bar/.. test") { REQUIRE(remove_dot_helper("/foo/bar/..", "/foo/")); }
+  SECTION("/foo/bar/.. test")
+  {
+    REQUIRE(remove_dot_helper("/foo/bar/..", "/foo/"));
+  }
 
-  SECTION("Single . test") { REQUIRE(remove_dot_helper(".", "")); }
+  SECTION("Single . test")
+  {
+    REQUIRE(remove_dot_helper(".", ""));
+  }
 
-  SECTION("Single .. test") { REQUIRE(remove_dot_helper("..", "")); }
+  SECTION("Single .. test")
+  {
+    REQUIRE(remove_dot_helper("..", ""));
+  }
 
-  SECTION("Test foo/bar/.. test") { REQUIRE(remove_dot_helper("foo/bar/..", "foo/")); }
+  SECTION("Test foo/bar/.. test")
+  {
+    REQUIRE(remove_dot_helper("foo/bar/..", "foo/"));
+  }
 
-  SECTION("Test Empty Path Segment") { REQUIRE(remove_dot_helper("", "")); }
+  SECTION("Test Empty Path Segment")
+  {
+    REQUIRE(remove_dot_helper("", ""));
+  }
 
-  SECTION("Test mixed operations") { REQUIRE(remove_dot_helper("/foo/bar/././something/../foobar", "/foo/bar/foobar")); }
+  SECTION("Test mixed operations")
+  {
+    REQUIRE(remove_dot_helper("/foo/bar/././something/../foobar", "/foo/bar/foobar"));
+  }
   fprintf(stderr, "\n");
 }
 
@@ -474,11 +531,20 @@ TEST_CASE("4", "[NormalizeTest]")
 {
   INFO("TEST 4, Test Normalization of URIs");
 
-  SECTION("Testing passing too small of a URI to normalize") { REQUIRE(!normalize_uri_helper("ht", NULL)); }
+  SECTION("Testing passing too small of a URI to normalize")
+  {
+    REQUIRE(!normalize_uri_helper("ht", NULL));
+  }
 
-  SECTION("Testing passing non http/https protocol") { REQUIRE(!normalize_uri_helper("ht:", NULL)); }
+  SECTION("Testing passing non http/https protocol")
+  {
+    REQUIRE(!normalize_uri_helper("ht:", NULL));
+  }
 
-  SECTION("Passing a uri with half encoded value at end") { REQUIRE(!normalize_uri_helper("http://www.foobar.co%4", NULL)); }
+  SECTION("Passing a uri with half encoded value at end")
+  {
+    REQUIRE(!normalize_uri_helper("http://www.foobar.co%4", NULL));
+  }
 
   SECTION("Passing a uri with half encoded value in the middle")
   {
@@ -555,13 +621,25 @@ TEST_CASE("4", "[NormalizeTest]")
                                  "https://foo:something@kellogstester.com/here"));
   }
 
-  SECTION("Testing empty hostname with userinfon") { REQUIRE(!normalize_uri_helper("https://foo:something@", NULL)); }
+  SECTION("Testing empty hostname with userinfon")
+  {
+    REQUIRE(!normalize_uri_helper("https://foo:something@", NULL));
+  }
 
-  SECTION("Testing empty uri after http://") { REQUIRE(!normalize_uri_helper("http://", NULL)); }
+  SECTION("Testing empty uri after http://")
+  {
+    REQUIRE(!normalize_uri_helper("http://", NULL));
+  }
 
-  SECTION("Testing http:///////") { REQUIRE(!normalize_uri_helper("http:///////", NULL)); }
+  SECTION("Testing http:///////")
+  {
+    REQUIRE(!normalize_uri_helper("http:///////", NULL));
+  }
 
-  SECTION("Testing empty uri after http://?/") { REQUIRE(!normalize_uri_helper("http://?/", NULL)); }
+  SECTION("Testing empty uri after http://?/")
+  {
+    REQUIRE(!normalize_uri_helper("http://?/", NULL));
+  }
   fprintf(stderr, "\n");
 }
 
@@ -575,9 +653,15 @@ TEST_CASE("5", "[RegexTests]")
                         "http://kelloggsTester.souza.local/KellogsDir/some_manifest.m3u8"));
   }
 
-  SECTION("Back references are not supported") { REQUIRE(!match_regex("(b*a)\\1$", "bbbbba")); }
+  SECTION("Back references are not supported")
+  {
+    REQUIRE(!match_regex("(b*a)\\1$", "bbbbba"));
+  }
 
-  SECTION("Escape a special character") { REQUIRE(match_regex("money\\$", "money$bags")); }
+  SECTION("Escape a special character")
+  {
+    REQUIRE(match_regex("money\\$", "money$bags"));
+  }
 
   SECTION("Dollar sign")
   {
@@ -591,7 +675,10 @@ TEST_CASE("5", "[RegexTests]")
     REQUIRE(!match_regex("(abab){2}", "abab"));
   }
 
-  SECTION("Alternation") { REQUIRE(match_regex("cat|dog", "dog")); }
+  SECTION("Alternation")
+  {
+    REQUIRE(match_regex("cat|dog", "dog"));
+  }
   fprintf(stderr, "\n");
 }
 
diff --git a/plugins/experimental/url_sig/url_sig.c b/plugins/experimental/url_sig/url_sig.c
index 892c95ffcae..a8262fbe248 100644
--- a/plugins/experimental/url_sig/url_sig.c
+++ b/plugins/experimental/url_sig/url_sig.c
@@ -642,7 +642,7 @@ TSRemapDoRemap(void *ih, TSHttpTxn txnp, TSRemapRequestInfo *rri)
   const char *cp = strstr(query, CIP_QSTRING "=");
   const char *pp = NULL;
   if (cp != NULL) {
-    cp += (strlen(CIP_QSTRING) + 1);
+    cp                        += (strlen(CIP_QSTRING) + 1);
     struct sockaddr const *ip = TSHttpTxnClientAddrGet(txnp);
     if (ip == NULL) {
       TSError("Can't get client ip address.");
@@ -709,7 +709,7 @@ TSRemapDoRemap(void *ih, TSHttpTxn txnp, TSRemapRequestInfo *rri)
   // Algorithm
   cp = strstr(query, ALG_QSTRING "=");
   if (cp != NULL) {
-    cp += strlen(ALG_QSTRING) + 1;
+    cp        += strlen(ALG_QSTRING) + 1;
     algorithm = atoi(cp);
     // The check for a valid algorithm is later.
     TSDebug(PLUGIN_NAME, "Algorithm: %d", algorithm);
@@ -720,7 +720,7 @@ TSRemapDoRemap(void *ih, TSHttpTxn txnp, TSRemapRequestInfo *rri)
   // Key index
   cp = strstr(query, KIN_QSTRING "=");
   if (cp != NULL) {
-    cp += strlen(KIN_QSTRING) + 1;
+    cp       += strlen(KIN_QSTRING) + 1;
     keyindex = atoi(cp);
     if (keyindex < 0 || keyindex >= MAX_KEY_NUM || 0 == cfg->keys[keyindex][0]) {
       err_log(url, "Invalid key index");
@@ -735,7 +735,7 @@ TSRemapDoRemap(void *ih, TSHttpTxn txnp, TSRemapRequestInfo *rri)
   const char *parts = NULL;
   cp                = strstr(query, PAR_QSTRING "=");
   if (cp != NULL) {
-    cp += strlen(PAR_QSTRING) + 1;
+    cp    += strlen(PAR_QSTRING) + 1;
     parts = cp; // NOTE parts is not NULL terminated it is terminated by "&" of next param
     has_path_params == false ? (cp = strstr(parts, "&")) : (cp = strstr(parts, ";"));
     if (cp) {
@@ -751,7 +751,7 @@ TSRemapDoRemap(void *ih, TSHttpTxn txnp, TSRemapRequestInfo *rri)
   const char *signature = NULL;
   cp                    = strstr(query, SIG_QSTRING "=");
   if (cp != NULL) {
-    cp += strlen(SIG_QSTRING) + 1;
+    cp        += strlen(SIG_QSTRING) + 1;
     signature = cp;
     if ((algorithm == USIG_HMAC_SHA1 && strlen(signature) < SHA1_SIG_SIZE) ||
         (algorithm == USIG_HMAC_MD5 && strlen(signature) < MD5_SIG_SIZE)) {
diff --git a/plugins/experimental/url_sig/url_sig.h b/plugins/experimental/url_sig/url_sig.h
index a5e99619737..d5b8630eb93 100644
--- a/plugins/experimental/url_sig/url_sig.h
+++ b/plugins/experimental/url_sig/url_sig.h
@@ -30,22 +30,22 @@
   "S" /* S=9e2828d570a4bee3c964f698b0985ee58b9f6b64 means 9e2828d570a4bee3c964f698b0985ee58b9f6b64 is the sig \
          This one has to be the last one of the string */
 
-#define CIP_STRLEN 20
-#define EXP_STRLEN 16
-#define PAR_STRLEN 16
-#define MAX_PARTS 32
+#define CIP_STRLEN   20
+#define EXP_STRLEN   16
+#define PAR_STRLEN   16
+#define MAX_PARTS    32
 #define MAX_SEGMENTS 64
 
 #define MAX_HTTP_REQUEST_SIZE 8192 //
 
-#define MAX_SIG_SIZE 20
+#define MAX_SIG_SIZE  20
 #define SHA1_SIG_SIZE 20
-#define MD5_SIG_SIZE 16
+#define MD5_SIG_SIZE  16
 
-#define MAX_REQ_LEN 8192
-#define MAX_KEY_LEN 256
-#define MAX_KEY_NUM 16
+#define MAX_REQ_LEN   8192
+#define MAX_KEY_LEN   256
+#define MAX_KEY_NUM   16
 #define MAX_QUERY_LEN 4096
 
 #define USIG_HMAC_SHA1 1
-#define USIG_HMAC_MD5 2
+#define USIG_HMAC_MD5  2
diff --git a/plugins/experimental/wasm/examples/cpp/myproject.cc b/plugins/experimental/wasm/examples/cpp/myproject.cc
index ab2e6d08d96..b6ba42c32f7 100644
--- a/plugins/experimental/wasm/examples/cpp/myproject.cc
+++ b/plugins/experimental/wasm/examples/cpp/myproject.cc
@@ -40,7 +40,8 @@ class ExampleContext : public Context
 static RegisterContextFactory register_ExampleContext(CONTEXT_FACTORY(ExampleContext), ROOT_FACTORY(ExampleRootContext),
                                                       "myproject");
 
-bool ExampleRootContext::onStart(size_t)
+bool
+ExampleRootContext::onStart(size_t)
 {
   logInfo(std::string("onStart"));
 
diff --git a/plugins/header_rewrite/condition.h b/plugins/header_rewrite/condition.h
index 88f9917dc7a..1e06b2c8e44 100644
--- a/plugins/header_rewrite/condition.h
+++ b/plugins/header_rewrite/condition.h
@@ -56,7 +56,7 @@ class Condition : public Statement
   }
 
   // noncopyable
-  Condition(const Condition &) = delete;
+  Condition(const Condition &)      = delete;
   void operator=(const Condition &) = delete;
 
   // Inline this, it's critical for speed (and only used twice)
diff --git a/plugins/header_rewrite/conditions.h b/plugins/header_rewrite/conditions.h
index aedac2168d3..01c9bd92882 100644
--- a/plugins/header_rewrite/conditions.h
+++ b/plugins/header_rewrite/conditions.h
@@ -31,7 +31,7 @@
 #include "matcher.h"
 #include "value.h"
 #include "lulu.h"
-//#include 
+// #include 
 
 ///////////////////////////////////////////////////////////////////////////////
 // Condition declarations.
@@ -44,7 +44,7 @@ class ConditionTrue : public Condition
   ConditionTrue() { TSDebug(PLUGIN_NAME_DBG, "Calling CTOR for ConditionTrue"); }
 
   // noncopyable
-  ConditionTrue(const ConditionTrue &) = delete;
+  ConditionTrue(const ConditionTrue &)  = delete;
   void operator=(const ConditionTrue &) = delete;
 
   void
@@ -97,7 +97,7 @@ class ConditionStatus : public Condition
 
   // noncopyable
   ConditionStatus(const ConditionStatus &) = delete;
-  void operator=(const ConditionStatus &) = delete;
+  void operator=(const ConditionStatus &)  = delete;
 
   void initialize(Parser &p) override;
   void append_value(std::string &s, const Resources &res) override;
@@ -117,7 +117,7 @@ class ConditionMethod : public Condition
 
   // noncopyable
   ConditionMethod(const ConditionMethod &) = delete;
-  void operator=(const ConditionMethod &) = delete;
+  void operator=(const ConditionMethod &)  = delete;
 
   void initialize(Parser &p) override;
   void append_value(std::string &s, const Resources &res) override;
@@ -136,7 +136,7 @@ class ConditionRandom : public Condition
 
   // noncopyable
   ConditionRandom(const ConditionRandom &) = delete;
-  void operator=(const ConditionRandom &) = delete;
+  void operator=(const ConditionRandom &)  = delete;
 
   void initialize(Parser &p) override;
   void append_value(std::string &s, const Resources &res) override;
@@ -157,7 +157,7 @@ class ConditionAccess : public Condition
 
   // noncopyable
   ConditionAccess(const ConditionAccess &) = delete;
-  void operator=(const ConditionAccess &) = delete;
+  void operator=(const ConditionAccess &)  = delete;
 
   void initialize(Parser &p) override;
   void append_value(std::string &s, const Resources &res) override;
@@ -180,7 +180,7 @@ class ConditionCookie : public Condition
 
   // noncopyable
   ConditionCookie(const ConditionCookie &) = delete;
-  void operator=(const ConditionCookie &) = delete;
+  void operator=(const ConditionCookie &)  = delete;
 
   void initialize(Parser &p) override;
   void append_value(std::string &s, const Resources &res) override;
@@ -254,7 +254,7 @@ class ConditionHeader : public Condition
 
   // noncopyable
   ConditionHeader(const ConditionHeader &) = delete;
-  void operator=(const ConditionHeader &) = delete;
+  void operator=(const ConditionHeader &)  = delete;
 
   void initialize(Parser &p) override;
   void append_value(std::string &s, const Resources &res) override;
@@ -277,7 +277,7 @@ class ConditionUrl : public Condition
   explicit ConditionUrl(const UrlType type) : _type(type) { TSDebug(PLUGIN_NAME_DBG, "Calling CTOR for ConditionUrl"); }
 
   // noncopyable
-  ConditionUrl(const ConditionUrl &) = delete;
+  ConditionUrl(const ConditionUrl &)   = delete;
   void operator=(const ConditionUrl &) = delete;
 
   void initialize(Parser &p) override;
@@ -315,7 +315,7 @@ class ConditionDBM : public Condition
   }
 
   // noncopyable
-  ConditionDBM(const ConditionDBM &) = delete;
+  ConditionDBM(const ConditionDBM &)   = delete;
   void operator=(const ConditionDBM &) = delete;
 
   void initialize(Parser &p) override;
@@ -354,7 +354,7 @@ class ConditionIp : public Condition
   explicit ConditionIp() { TSDebug(PLUGIN_NAME_DBG, "Calling CTOR for ConditionIp"); };
 
   // noncopyable
-  ConditionIp(const ConditionIp &) = delete;
+  ConditionIp(const ConditionIp &)    = delete;
   void operator=(const ConditionIp &) = delete;
 
   void initialize(Parser &p) override;
@@ -378,7 +378,7 @@ class ConditionTransactCount : public Condition
 
   // noncopyable
   ConditionTransactCount(const ConditionTransactCount &) = delete;
-  void operator=(const ConditionTransactCount &) = delete;
+  void operator=(const ConditionTransactCount &)         = delete;
 
   void initialize(Parser &p) override;
   void append_value(std::string &s, const Resources &res) override;
@@ -396,7 +396,7 @@ class ConditionNow : public Condition
   explicit ConditionNow() { TSDebug(PLUGIN_NAME_DBG, "Calling CTOR for ConditionNow"); }
 
   // noncopyable
-  ConditionNow(const ConditionNow &) = delete;
+  ConditionNow(const ConditionNow &)   = delete;
   void operator=(const ConditionNow &) = delete;
 
   void initialize(Parser &p) override;
@@ -418,7 +418,7 @@ class ConditionGeo : public Condition
   explicit ConditionGeo() { TSDebug(PLUGIN_NAME_DBG, "Calling CTOR for ConditionGeo"); }
 
   // noncopyable
-  ConditionGeo(const ConditionGeo &) = delete;
+  ConditionGeo(const ConditionGeo &)   = delete;
   void operator=(const ConditionGeo &) = delete;
 
   void initialize(Parser &p) override;
@@ -455,7 +455,7 @@ class ConditionId : public Condition
   explicit ConditionId() { TSDebug(PLUGIN_NAME_DBG, "Calling CTOR for ConditionId"); };
 
   // noncopyable
-  ConditionId(const ConditionId &) = delete;
+  ConditionId(const ConditionId &)    = delete;
   void operator=(const ConditionId &) = delete;
 
   void initialize(Parser &p) override;
@@ -482,7 +482,7 @@ class ConditionCidr : public Condition
     TSDebug(PLUGIN_NAME_DBG, "Calling CTOR for ConditionCidr");
   };
 
-  ConditionCidr(self &) = delete;
+  ConditionCidr(self &)   = delete;
   self &operator=(self &) = delete;
 
   void initialize(Parser &p) override;
@@ -511,7 +511,7 @@ class ConditionInbound : public Condition
 public:
   explicit ConditionInbound() { TSDebug(PLUGIN_NAME_DBG, "Calling CTOR for ConditionInbound"); };
   ConditionInbound(self &) = delete;
-  self &operator=(self &) = delete;
+  self &operator=(self &)  = delete;
 
   void initialize(Parser &p) override;
   void set_qualifier(const std::string &q) override;
@@ -536,7 +536,7 @@ class ConditionStringLiteral : public Condition
 
   // noncopyable
   ConditionStringLiteral(const ConditionStringLiteral &) = delete;
-  void operator=(const ConditionStringLiteral &) = delete;
+  void operator=(const ConditionStringLiteral &)         = delete;
 
   void append_value(std::string &s, const Resources & /* res ATS_UNUSED */) override;
 
@@ -557,7 +557,7 @@ class ConditionSessionTransactCount : public Condition
 
   // noncopyable
   ConditionSessionTransactCount(const ConditionSessionTransactCount &) = delete;
-  void operator=(const ConditionSessionTransactCount &) = delete;
+  void operator=(const ConditionSessionTransactCount &)                = delete;
 
   void initialize(Parser &p) override;
   void append_value(std::string &s, const Resources &res) override;
@@ -576,7 +576,7 @@ class ConditionTcpInfo : public Condition
 
   // noncopyable
   ConditionTcpInfo(const ConditionTcpInfo &) = delete;
-  void operator=(const ConditionTcpInfo &) = delete;
+  void operator=(const ConditionTcpInfo &)   = delete;
 
   void initialize(Parser &p) override;
   void append_value(std::string &s, const Resources &res) override;
diff --git a/plugins/header_rewrite/header_rewrite.cc b/plugins/header_rewrite/header_rewrite.cc
index e9924c55ba1..589bac70402 100644
--- a/plugins/header_rewrite/header_rewrite.cc
+++ b/plugins/header_rewrite/header_rewrite.cc
@@ -302,7 +302,10 @@ cont_rewrite_headers(TSCont contp, TSEvent event, void *edata)
   return 0;
 }
 
-static const struct option longopt[] = {{"geo-db-path", required_argument, nullptr, 'm'}, {nullptr, no_argument, nullptr, '\0'}};
+static const struct option longopt[] = {
+  {"geo-db-path", required_argument, nullptr, 'm' },
+  {nullptr,       no_argument,       nullptr, '\0'}
+};
 
 ///////////////////////////////////////////////////////////////////////////////
 // Initialize the InkAPI plugin for the global hooks we support.
diff --git a/plugins/header_rewrite/matcher.h b/plugins/header_rewrite/matcher.h
index 45787b18ad7..61ac3479973 100644
--- a/plugins/header_rewrite/matcher.h
+++ b/plugins/header_rewrite/matcher.h
@@ -50,7 +50,7 @@ class Matcher
   virtual ~Matcher() { TSDebug(PLUGIN_NAME_DBG, "Calling DTOR for Matcher"); }
 
   // noncopyable
-  Matcher(const Matcher &) = delete;
+  Matcher(const Matcher &)        = delete;
   void operator=(const Matcher &) = delete;
 
   MatcherOps
diff --git a/plugins/header_rewrite/operator.h b/plugins/header_rewrite/operator.h
index 04821fcd330..e014914f99c 100644
--- a/plugins/header_rewrite/operator.h
+++ b/plugins/header_rewrite/operator.h
@@ -46,7 +46,7 @@ class Operator : public Statement
   Operator() { TSDebug(PLUGIN_NAME_DBG, "Calling CTOR for Operator"); }
 
   // noncopyable
-  Operator(const Operator &) = delete;
+  Operator(const Operator &)       = delete;
   void operator=(const Operator &) = delete;
 
   OperModifiers get_oper_modifiers() const;
@@ -79,7 +79,7 @@ class OperatorHeaders : public Operator
 
   // noncopyable
   OperatorHeaders(const OperatorHeaders &) = delete;
-  void operator=(const OperatorHeaders &) = delete;
+  void operator=(const OperatorHeaders &)  = delete;
 
   void initialize(Parser &p) override;
 
@@ -98,7 +98,7 @@ class OperatorCookies : public Operator
 
   // noncopyable
   OperatorCookies(const OperatorCookies &) = delete;
-  void operator=(const OperatorCookies &) = delete;
+  void operator=(const OperatorCookies &)  = delete;
 
   void initialize(Parser &p) override;
 
diff --git a/plugins/header_rewrite/operators.h b/plugins/header_rewrite/operators.h
index 5d0ae09b359..ba9256e91e4 100644
--- a/plugins/header_rewrite/operators.h
+++ b/plugins/header_rewrite/operators.h
@@ -39,7 +39,7 @@ class OperatorSetConfig : public Operator
 
   // noncopyable
   OperatorSetConfig(const OperatorSetConfig &) = delete;
-  void operator=(const OperatorSetConfig &) = delete;
+  void operator=(const OperatorSetConfig &)    = delete;
 
   void initialize(Parser &p) override;
 
@@ -61,7 +61,7 @@ class OperatorSetStatus : public Operator
 
   // noncopyable
   OperatorSetStatus(const OperatorSetStatus &) = delete;
-  void operator=(const OperatorSetStatus &) = delete;
+  void operator=(const OperatorSetStatus &)    = delete;
 
   void initialize(Parser &p) override;
 
@@ -82,7 +82,7 @@ class OperatorSetStatusReason : public Operator
 
   // noncopyable
   OperatorSetStatusReason(const OperatorSetStatusReason &) = delete;
-  void operator=(const OperatorSetStatusReason &) = delete;
+  void operator=(const OperatorSetStatusReason &)          = delete;
 
   void initialize(Parser &p) override;
 
@@ -101,7 +101,7 @@ class OperatorSetDestination : public Operator
 
   // noncopyable
   OperatorSetDestination(const OperatorSetDestination &) = delete;
-  void operator=(const OperatorSetDestination &) = delete;
+  void operator=(const OperatorSetDestination &)         = delete;
 
   void initialize(Parser &p) override;
 
@@ -121,7 +121,7 @@ class OperatorRMDestination : public Operator
 
   // noncopyable
   OperatorRMDestination(const OperatorRMDestination &) = delete;
-  void operator=(const OperatorRMDestination &) = delete;
+  void operator=(const OperatorRMDestination &)        = delete;
 
   void initialize(Parser &p) override;
 
@@ -139,7 +139,7 @@ class OperatorSetRedirect : public Operator
 
   // noncopyable
   OperatorSetRedirect(const OperatorSetRedirect &) = delete;
-  void operator=(const OperatorSetRedirect &) = delete;
+  void operator=(const OperatorSetRedirect &)      = delete;
 
   void initialize(Parser &p) override;
 
@@ -169,7 +169,7 @@ class OperatorNoOp : public Operator
   OperatorNoOp() { TSDebug(PLUGIN_NAME_DBG, "Calling CTOR for OperatorNoOp"); }
 
   // noncopyable
-  OperatorNoOp(const OperatorNoOp &) = delete;
+  OperatorNoOp(const OperatorNoOp &)   = delete;
   void operator=(const OperatorNoOp &) = delete;
 
 protected:
@@ -183,7 +183,7 @@ class OperatorSetTimeoutOut : public Operator
 
   // noncopyable
   OperatorSetTimeoutOut(const OperatorSetTimeoutOut &) = delete;
-  void operator=(const OperatorSetTimeoutOut &) = delete;
+  void operator=(const OperatorSetTimeoutOut &)        = delete;
 
   void initialize(Parser &p) override;
 
@@ -210,7 +210,7 @@ class OperatorSkipRemap : public Operator
 
   // noncopyable
   OperatorSkipRemap(const OperatorSkipRemap &) = delete;
-  void operator=(const OperatorSkipRemap &) = delete;
+  void operator=(const OperatorSkipRemap &)    = delete;
 
   void initialize(Parser &p) override;
 
@@ -229,7 +229,7 @@ class OperatorRMHeader : public OperatorHeaders
 
   // noncopyable
   OperatorRMHeader(const OperatorRMHeader &) = delete;
-  void operator=(const OperatorRMHeader &) = delete;
+  void operator=(const OperatorRMHeader &)   = delete;
 
 protected:
   void exec(const Resources &res) const override;
@@ -242,7 +242,7 @@ class OperatorAddHeader : public OperatorHeaders
 
   // noncopyable
   OperatorAddHeader(const OperatorAddHeader &) = delete;
-  void operator=(const OperatorAddHeader &) = delete;
+  void operator=(const OperatorAddHeader &)    = delete;
 
   void initialize(Parser &p) override;
 
@@ -260,7 +260,7 @@ class OperatorSetHeader : public OperatorHeaders
 
   // noncopyable
   OperatorSetHeader(const OperatorSetHeader &) = delete;
-  void operator=(const OperatorSetHeader &) = delete;
+  void operator=(const OperatorSetHeader &)    = delete;
 
   void initialize(Parser &p) override;
 
@@ -278,7 +278,7 @@ class OperatorCounter : public Operator
 
   // noncopyable
   OperatorCounter(const OperatorCounter &) = delete;
-  void operator=(const OperatorCounter &) = delete;
+  void operator=(const OperatorCounter &)  = delete;
 
   void initialize(Parser &p) override;
 
@@ -297,7 +297,7 @@ class OperatorRMCookie : public OperatorCookies
 
   // noncopyable
   OperatorRMCookie(const OperatorRMCookie &) = delete;
-  void operator=(const OperatorRMCookie &) = delete;
+  void operator=(const OperatorRMCookie &)   = delete;
 
 protected:
   void exec(const Resources &res) const override;
@@ -310,7 +310,7 @@ class OperatorAddCookie : public OperatorCookies
 
   // noncopyable
   OperatorAddCookie(const OperatorAddCookie &) = delete;
-  void operator=(const OperatorAddCookie &) = delete;
+  void operator=(const OperatorAddCookie &)    = delete;
 
   void initialize(Parser &p) override;
 
@@ -328,7 +328,7 @@ class OperatorSetCookie : public OperatorCookies
 
   // noncopyable
   OperatorSetCookie(const OperatorSetCookie &) = delete;
-  void operator=(const OperatorSetCookie &) = delete;
+  void operator=(const OperatorSetCookie &)    = delete;
 
   void initialize(Parser &p) override;
 
@@ -358,7 +358,7 @@ class OperatorSetConnDSCP : public Operator
 
   // noncopyable
   OperatorSetConnDSCP(const OperatorSetConnDSCP &) = delete;
-  void operator=(const OperatorSetConnDSCP &) = delete;
+  void operator=(const OperatorSetConnDSCP &)      = delete;
 
   void initialize(Parser &p) override;
 
@@ -377,7 +377,7 @@ class OperatorSetConnMark : public Operator
 
   // noncopyable
   OperatorSetConnMark(const OperatorSetConnMark &) = delete;
-  void operator=(const OperatorSetConnMark &) = delete;
+  void operator=(const OperatorSetConnMark &)      = delete;
 
   void initialize(Parser &p) override;
 
@@ -396,7 +396,7 @@ class OperatorSetDebug : public Operator
 
   // noncopyable
   OperatorSetDebug(const OperatorSetDebug &) = delete;
-  void operator=(const OperatorSetDebug &) = delete;
+  void operator=(const OperatorSetDebug &)   = delete;
 
   void initialize(Parser &p) override;
 
@@ -412,7 +412,7 @@ class OperatorSetBody : public Operator
 
   // noncopyable
   OperatorSetBody(const OperatorSetBody &) = delete;
-  void operator=(const OperatorSetBody &) = delete;
+  void operator=(const OperatorSetBody &)  = delete;
 
   void initialize(Parser &p) override;
 
@@ -431,7 +431,7 @@ class OperatorSetHttpCntl : public Operator
 
   // noncopyable
   OperatorSetHttpCntl(const OperatorSetHttpCntl &) = delete;
-  void operator=(const OperatorSetHttpCntl &) = delete;
+  void operator=(const OperatorSetHttpCntl &)      = delete;
 
   void initialize(Parser &p) override;
 
diff --git a/plugins/header_rewrite/parser.h b/plugins/header_rewrite/parser.h
index feeb1c3d7a7..be632163285 100644
--- a/plugins/header_rewrite/parser.h
+++ b/plugins/header_rewrite/parser.h
@@ -36,7 +36,7 @@ class Parser
   Parser(){};
 
   // noncopyable
-  Parser(const Parser &) = delete;
+  Parser(const Parser &)         = delete;
   void operator=(const Parser &) = delete;
 
   bool
@@ -113,7 +113,7 @@ class HRWSimpleTokenizer
 
   // noncopyable
   HRWSimpleTokenizer(const HRWSimpleTokenizer &) = delete;
-  void operator=(const HRWSimpleTokenizer &) = delete;
+  void operator=(const HRWSimpleTokenizer &)     = delete;
 
   const std::vector &
   get_tokens() const
diff --git a/plugins/header_rewrite/resources.h b/plugins/header_rewrite/resources.h
index c3ddfa0a675..3ef49d96df2 100644
--- a/plugins/header_rewrite/resources.h
+++ b/plugins/header_rewrite/resources.h
@@ -56,7 +56,7 @@ class Resources
   ~Resources() { destroy(); }
 
   // noncopyable
-  Resources(const Resources &) = delete;
+  Resources(const Resources &)      = delete;
   void operator=(const Resources &) = delete;
 
   void gather(const ResourceIDs ids, TSHttpHookID hook);
diff --git a/plugins/header_rewrite/ruleset.cc b/plugins/header_rewrite/ruleset.cc
index c172051024c..797d03f951a 100644
--- a/plugins/header_rewrite/ruleset.cc
+++ b/plugins/header_rewrite/ruleset.cc
@@ -62,7 +62,7 @@ RuleSet::add_condition(Parser &p, const char *filename, int lineno)
 
     // Update some ruleset state based on this new condition
     _last |= c->last();
-    _ids = static_cast(_ids | _cond->get_resource_ids());
+    _ids  = static_cast(_ids | _cond->get_resource_ids());
 
     return true;
   }
diff --git a/plugins/header_rewrite/ruleset.h b/plugins/header_rewrite/ruleset.h
index b7d2bd2b96c..278d958eaf3 100644
--- a/plugins/header_rewrite/ruleset.h
+++ b/plugins/header_rewrite/ruleset.h
@@ -46,7 +46,7 @@ class RuleSet
   }
 
   // noncopyable
-  RuleSet(const RuleSet &) = delete;
+  RuleSet(const RuleSet &)        = delete;
   void operator=(const RuleSet &) = delete;
 
   // No reason to inline these
diff --git a/plugins/header_rewrite/statement.h b/plugins/header_rewrite/statement.h
index 7a006ba9455..f8368f07da1 100644
--- a/plugins/header_rewrite/statement.h
+++ b/plugins/header_rewrite/statement.h
@@ -105,7 +105,7 @@ class Statement
   }
 
   // noncopyable
-  Statement(const Statement &) = delete;
+  Statement(const Statement &)      = delete;
   void operator=(const Statement &) = delete;
 
   // Which hook are we adding this statement to?
diff --git a/plugins/header_rewrite/value.h b/plugins/header_rewrite/value.h
index c237abba4ff..ac90d30f79c 100644
--- a/plugins/header_rewrite/value.h
+++ b/plugins/header_rewrite/value.h
@@ -44,7 +44,7 @@ class Value : Statement
   ~Value() override;
 
   // noncopyable
-  Value(const Value &) = delete;
+  Value(const Value &)          = delete;
   void operator=(const Value &) = delete;
 
   void set_value(const std::string &val);
diff --git a/plugins/healthchecks/healthchecks.c b/plugins/healthchecks/healthchecks.c
index 6f73b0df9b9..d3e86ef3ae0 100644
--- a/plugins/healthchecks/healthchecks.c
+++ b/plugins/healthchecks/healthchecks.c
@@ -39,8 +39,8 @@ limitations under the License.
 static const char PLUGIN_NAME[] = "healthchecks";
 static const char SEPARATORS[]  = " \t\n";
 
-#define MAX_PATH_LEN 4096
-#define MAX_BODY_LEN 16384
+#define MAX_PATH_LEN     4096
+#define MAX_BODY_LEN     16384
 #define FREELIST_TIMEOUT 300
 
 static inline void *
@@ -272,10 +272,10 @@ gen_header(char *status_str, char *mime, int *header_len)
     int len = sizeof(HEADER_TEMPLATE) + 3 + 1;
 
     status_reason = TSHttpHdrReasonLookup(status);
-    len += strlen(status_reason);
-    len += strlen(mime);
-    buf         = TSmalloc(len);
-    *header_len = snprintf(buf, len, HEADER_TEMPLATE, status, status_reason, mime);
+    len           += strlen(status_reason);
+    len           += strlen(mime);
+    buf           = TSmalloc(len);
+    *header_len   = snprintf(buf, len, HEADER_TEMPLATE, status, status_reason, mime);
   } else {
     *header_len = 0;
   }
@@ -438,7 +438,7 @@ hc_process_write(TSCont contp, TSEvent event, HCState *my_state)
     char buf[48];
     int len;
 
-    len = snprintf(buf, sizeof(buf), "Content-Length: %d\r\n\r\n", my_state->data->b_len);
+    len                    = snprintf(buf, sizeof(buf), "Content-Length: %d\r\n\r\n", my_state->data->b_len);
     my_state->output_bytes += add_data_to_resp(buf, len, my_state);
     if (my_state->data->b_len > 0) {
       my_state->output_bytes += add_data_to_resp(my_state->data->body, my_state->data->b_len, my_state);
diff --git a/plugins/lua/ts_lua.c b/plugins/lua/ts_lua.c
index 52d7c2b8afb..400b8bfef4d 100644
--- a/plugins/lua/ts_lua.c
+++ b/plugins/lua/ts_lua.c
@@ -28,13 +28,13 @@
 
 #define TS_LUA_MAX_STATE_COUNT 256
 
-#define TS_LUA_STATS_TIMEOUT 5000   // 5s -- convert to configurable
-#define TS_LUA_STATS_BUFFER_SIZE 10 // stats buffer
+#define TS_LUA_STATS_TIMEOUT     5000 // 5s -- convert to configurable
+#define TS_LUA_STATS_BUFFER_SIZE 10   // stats buffer
 
-#define TS_LUA_IND_STATE 0
+#define TS_LUA_IND_STATE    0
 #define TS_LUA_IND_GC_BYTES 1
-#define TS_LUA_IND_THREADS 2
-#define TS_LUA_IND_SIZE 3
+#define TS_LUA_IND_THREADS  2
+#define TS_LUA_IND_SIZE     3
 
 static uint64_t ts_lua_http_next_id   = 0;
 static uint64_t ts_lua_g_http_next_id = 0;
@@ -184,7 +184,7 @@ collectStats(ts_lua_plugin_stats *const plugin_stats)
       ts_lua_ctx_stats *const stats = main_ctx->stats;
 
       TSMutexLock(stats->mutexp);
-      gc_kb_total += stats->gc_kb;
+      gc_kb_total   += stats->gc_kb;
       threads_total += stats->threads;
       TSMutexUnlock(stats->mutexp);
     }
@@ -347,8 +347,8 @@ TSRemapNewInstance(int argc, char *argv[], void **ih, char *errbuf, int errbuf_s
   static const struct option longopt[] = {
     {"states", required_argument, 0, 's'},
     {"inline", required_argument, 0, 'i'},
-    {"ljgc", required_argument, 0, 'g'},
-    {0, 0, 0, 0},
+    {"ljgc",   required_argument, 0, 'g'},
+    {0,        0,                 0, 0  },
   };
 
   argc--;
@@ -779,10 +779,10 @@ TSPluginInit(int argc, const char *argv[])
   int jit                              = 1;
   int reload                           = 0;
   static const struct option longopt[] = {
-    {"states", required_argument, 0, 's'},
-    {"jit", required_argument, 0, 'j'},
-    {"enable-reload", no_argument, 0, 'r'},
-    {0, 0, 0, 0},
+    {"states",        required_argument, 0, 's'},
+    {"jit",           required_argument, 0, 'j'},
+    {"enable-reload", no_argument,       0, 'r'},
+    {0,               0,                 0, 0  },
   };
 
   for (;;) {
diff --git a/plugins/lua/ts_lua_common.h b/plugins/lua/ts_lua_common.h
index a499b79f75a..0a16d1157b4 100644
--- a/plugins/lua/ts_lua_common.h
+++ b/plugins/lua/ts_lua_common.h
@@ -32,47 +32,47 @@
 #include 
 #include "ts_lua_coroutine.h"
 
-#define TS_LUA_FUNCTION_REMAP "do_remap"
-#define TS_LUA_FUNCTION_OS_RESPONSE "do_os_response"
+#define TS_LUA_FUNCTION_REMAP                 "do_remap"
+#define TS_LUA_FUNCTION_OS_RESPONSE           "do_os_response"
 #define TS_LUA_FUNCTION_CACHE_LOOKUP_COMPLETE "do_cache_lookup_complete"
-#define TS_LUA_FUNCTION_SEND_REQUEST "do_send_request"
-#define TS_LUA_FUNCTION_READ_RESPONSE "do_read_response"
-#define TS_LUA_FUNCTION_SEND_RESPONSE "do_send_response"
-#define TS_LUA_FUNCTION_READ_REQUEST "do_read_request"
-#define TS_LUA_FUNCTION_TXN_START "do_txn_start"
-#define TS_LUA_FUNCTION_PRE_REMAP "do_pre_remap"
-#define TS_LUA_FUNCTION_POST_REMAP "do_post_remap"
-#define TS_LUA_FUNCTION_OS_DNS "do_os_dns"
-#define TS_LUA_FUNCTION_READ_CACHE "do_read_cache"
-#define TS_LUA_FUNCTION_TXN_CLOSE "do_txn_close"
-
-#define TS_LUA_FUNCTION_G_SEND_REQUEST "do_global_send_request"
-#define TS_LUA_FUNCTION_G_READ_REQUEST "do_global_read_request"
-#define TS_LUA_FUNCTION_G_SEND_RESPONSE "do_global_send_response"
-#define TS_LUA_FUNCTION_G_READ_RESPONSE "do_global_read_response"
+#define TS_LUA_FUNCTION_SEND_REQUEST          "do_send_request"
+#define TS_LUA_FUNCTION_READ_RESPONSE         "do_read_response"
+#define TS_LUA_FUNCTION_SEND_RESPONSE         "do_send_response"
+#define TS_LUA_FUNCTION_READ_REQUEST          "do_read_request"
+#define TS_LUA_FUNCTION_TXN_START             "do_txn_start"
+#define TS_LUA_FUNCTION_PRE_REMAP             "do_pre_remap"
+#define TS_LUA_FUNCTION_POST_REMAP            "do_post_remap"
+#define TS_LUA_FUNCTION_OS_DNS                "do_os_dns"
+#define TS_LUA_FUNCTION_READ_CACHE            "do_read_cache"
+#define TS_LUA_FUNCTION_TXN_CLOSE             "do_txn_close"
+
+#define TS_LUA_FUNCTION_G_SEND_REQUEST          "do_global_send_request"
+#define TS_LUA_FUNCTION_G_READ_REQUEST          "do_global_read_request"
+#define TS_LUA_FUNCTION_G_SEND_RESPONSE         "do_global_send_response"
+#define TS_LUA_FUNCTION_G_READ_RESPONSE         "do_global_read_response"
 #define TS_LUA_FUNCTION_G_CACHE_LOOKUP_COMPLETE "do_global_cache_lookup_complete"
-#define TS_LUA_FUNCTION_G_TXN_START "do_global_txn_start"
-#define TS_LUA_FUNCTION_G_PRE_REMAP "do_global_pre_remap"
-#define TS_LUA_FUNCTION_G_POST_REMAP "do_global_post_remap"
-#define TS_LUA_FUNCTION_G_OS_DNS "do_global_os_dns"
-#define TS_LUA_FUNCTION_G_READ_CACHE "do_global_read_cache"
-#define TS_LUA_FUNCTION_G_TXN_CLOSE "do_global_txn_close"
+#define TS_LUA_FUNCTION_G_TXN_START             "do_global_txn_start"
+#define TS_LUA_FUNCTION_G_PRE_REMAP             "do_global_pre_remap"
+#define TS_LUA_FUNCTION_G_POST_REMAP            "do_global_post_remap"
+#define TS_LUA_FUNCTION_G_OS_DNS                "do_global_os_dns"
+#define TS_LUA_FUNCTION_G_READ_CACHE            "do_global_read_cache"
+#define TS_LUA_FUNCTION_G_TXN_CLOSE             "do_global_txn_close"
 
 #define TS_LUA_DEBUG_TAG "ts_lua"
 
 #define TS_LUA_EVENT_COROUTINE_CONT 20000
 
-#define TS_LUA_MAX_SCRIPT_FNAME_LENGTH 1024
-#define TS_LUA_MAX_CONFIG_VARS_COUNT 256
+#define TS_LUA_MAX_SCRIPT_FNAME_LENGTH     1024
+#define TS_LUA_MAX_CONFIG_VARS_COUNT       256
 #define TS_LUA_MAX_SHARED_DICT_NAME_LENGTH 128
-#define TS_LUA_MAX_SHARED_DICT_COUNT 32
-#define TS_LUA_MAX_URL_LENGTH 32768
-#define TS_LUA_MAX_OVEC_SIZE (3 * 32)
-#define TS_LUA_MAX_RESIDENT_PCRE 64
-#define TS_LUA_MAX_STR_LENGTH 32768
-
-#define TS_LUA_MIN_ALIGN sizeof(void *)
-#define TS_LUA_MEM_ALIGN(size) (((size) + ((TS_LUA_MIN_ALIGN)-1)) & ~((TS_LUA_MIN_ALIGN)-1))
+#define TS_LUA_MAX_SHARED_DICT_COUNT       32
+#define TS_LUA_MAX_URL_LENGTH              32768
+#define TS_LUA_MAX_OVEC_SIZE               (3 * 32)
+#define TS_LUA_MAX_RESIDENT_PCRE           64
+#define TS_LUA_MAX_STR_LENGTH              32768
+
+#define TS_LUA_MIN_ALIGN         sizeof(void *)
+#define TS_LUA_MEM_ALIGN(size)   (((size) + ((TS_LUA_MIN_ALIGN)-1)) & ~((TS_LUA_MIN_ALIGN)-1))
 #define TS_LUA_ALIGN_COUNT(size) (size / TS_LUA_MIN_ALIGN)
 
 #define TS_LUA_MAKE_VAR_ITEM(X) \
@@ -92,7 +92,7 @@ typedef struct {
   void *conf_vars[TS_LUA_MAX_CONFIG_VARS_COUNT];
 
   unsigned int _first : 1; // create current instance for 1st ts_lua_main_ctx
-  unsigned int _last : 1;  // create current instance for the last ts_lua_main_ctx
+  unsigned int _last  : 1; // create current instance for the last ts_lua_main_ctx
 
   int remap;
   int states;
@@ -162,10 +162,10 @@ typedef struct {
   ts_lua_http_ctx *hctx;
 
   int64_t to_flush;
-  unsigned int reuse : 1;
+  unsigned int reuse         : 1;
   unsigned int recv_complete : 1;
   unsigned int send_complete : 1;
-  unsigned int all_ready : 1;
+  unsigned int all_ready     : 1;
 } ts_lua_http_intercept_ctx;
 
 #define TS_LUA_RELEASE_IO_HANDLE(ih)    \
diff --git a/plugins/lua/ts_lua_crypto.c b/plugins/lua/ts_lua_crypto.c
index b1e02d7ac3f..279c57f8e08 100644
--- a/plugins/lua/ts_lua_crypto.c
+++ b/plugins/lua/ts_lua_crypto.c
@@ -22,8 +22,8 @@
 #include "ts_lua_string.h"
 #include "ts_lua_util.h"
 
-#define TS_LUA_MD5_DIGEST_LENGTH 16
-#define TS_LUA_SHA1_DIGEST_LENGTH 20
+#define TS_LUA_MD5_DIGEST_LENGTH    16
+#define TS_LUA_SHA1_DIGEST_LENGTH   20
 #define TS_LUA_SHA256_DIGEST_LENGTH 32
 
 static int ts_lua_md5(lua_State *L);
diff --git a/plugins/lua/ts_lua_fetch.c b/plugins/lua/ts_lua_fetch.c
index 1e49f0f3bde..494aeae4cb1 100644
--- a/plugins/lua/ts_lua_fetch.c
+++ b/plugins/lua/ts_lua_fetch.c
@@ -20,10 +20,10 @@
 #include "ts_lua_io.h"
 #include "ts_lua_fetch.h"
 
-#define TS_LUA_EVENT_FETCH_OVER 20010
-#define TS_LUA_FETCH_CLIENT_ADDRPORT "127.0.0.1:33333"
+#define TS_LUA_EVENT_FETCH_OVER          20010
+#define TS_LUA_FETCH_CLIENT_ADDRPORT     "127.0.0.1:33333"
 #define TS_LUA_FETCH_CLIENT_ADDRPORT_LEN 15
-#define TS_LUA_FETCH_USER_AGENT "TS Fetcher/1.0"
+#define TS_LUA_FETCH_USER_AGENT          "TS Fetcher/1.0"
 
 static int ts_lua_fetch(lua_State *L);
 static int ts_lua_fetch_multi(lua_State *L);
diff --git a/plugins/lua/ts_lua_fetch.h b/plugins/lua/ts_lua_fetch.h
index c4b600cc4d8..3843be5d6c6 100644
--- a/plugins/lua/ts_lua_fetch.h
+++ b/plugins/lua/ts_lua_fetch.h
@@ -30,7 +30,7 @@ typedef struct {
   TSIOBufferReader reader;
   TSFetchSM fch;
 
-  unsigned int over : 1;
+  unsigned int over   : 1;
   unsigned int failed : 1;
 } ts_lua_fetch_info;
 
diff --git a/plugins/lua/ts_lua_io.c b/plugins/lua/ts_lua_io.c
index 2b4748d5329..bff81b91592 100644
--- a/plugins/lua/ts_lua_io.c
+++ b/plugins/lua/ts_lua_io.c
@@ -35,7 +35,7 @@ IOBufferReaderCopy(TSIOBufferReader readerp, void *buf, int64_t length)
     if (need > 0) {
       memcpy((char *)buf + n, start, need);
       length -= need;
-      n += need;
+      n      += need;
     }
 
     if (length == 0) {
diff --git a/plugins/lua/ts_lua_package.c b/plugins/lua/ts_lua_package.c
index 33ff3f1eea2..1ea6a874c78 100644
--- a/plugins/lua/ts_lua_package.c
+++ b/plugins/lua/ts_lua_package.c
@@ -19,7 +19,7 @@
 #include "ts_lua_util.h"
 
 #define TS_LUA_MAX_PACKAGE_PATH_LEN 256
-#define TS_LUA_MAX_PACKAGE_NUM 64
+#define TS_LUA_MAX_PACKAGE_NUM      64
 
 typedef struct {
   size_t len;
diff --git a/plugins/lua/ts_lua_transform.c b/plugins/lua/ts_lua_transform.c
index 5e8d75bcf32..e529fdf01a5 100644
--- a/plugins/lua/ts_lua_transform.c
+++ b/plugins/lua/ts_lua_transform.c
@@ -244,7 +244,7 @@ ts_lua_transform_handler(TSCont contp, ts_lua_http_transform_ctx *transform_ctx,
 
       TSIOBufferWrite(transform_ctx->output.buffer, res, res_len);
       transform_ctx->total += res_len;
-      write_down = 1;
+      write_down           = 1;
     }
 
     lua_pop(L, top);
diff --git a/plugins/multiplexer/chunk-decoder.cc b/plugins/multiplexer/chunk-decoder.cc
index e976ac4857f..3d9e4248aab 100644
--- a/plugins/multiplexer/chunk-decoder.cc
+++ b/plugins/multiplexer/chunk-decoder.cc
@@ -124,7 +124,7 @@ ChunkDecoder::decode(const TSIOBufferReader &r)
       const char *p = TSIOBufferBlockReadStart(block, r, &size);
       assert(p != nullptr);
       const int i = parseSize(p, size);
-      size -= i;
+      size        -= i;
       TSIOBufferReaderConsume(r, i);
       if (state_ == State::kEnd) {
         assert(size_ == 0);
@@ -150,7 +150,7 @@ ChunkDecoder::decode(const TSIOBufferReader &r)
         break;
       } else {
         length += size;
-        size_ -= size;
+        size_  -= size;
       }
     }
     block = TSIOBufferBlockNext(block);
diff --git a/plugins/multiplexer/dispatch.cc b/plugins/multiplexer/dispatch.cc
index 849204b8b8b..9f3308a09cf 100644
--- a/plugins/multiplexer/dispatch.cc
+++ b/plugins/multiplexer/dispatch.cc
@@ -120,7 +120,7 @@ read(const TSIOBufferReader &r, std::string &o, int64_t l = 0)
       size = std::min(size, l);
       o.append(pointer, size);
       length += size;
-      l -= size;
+      l      -= size;
     }
   }
 
@@ -186,7 +186,7 @@ class Handler
     if (TSIsDebugTagSet(PLUGIN_TAG) > 0) {
       std::string buffer;
       const uint64_t length = read(r, buffer, l);
-      response += buffer;
+      response              += buffer;
       TSDebug(PLUGIN_TAG, "Receiving response chunk \"%s\" of %" PRIu64 " bytes", buffer.c_str(), length);
     }
   }
diff --git a/plugins/prefetch/configs.cc b/plugins/prefetch/configs.cc
index cb91e4d5880..21c2ffa811d 100644
--- a/plugins/prefetch/configs.cc
+++ b/plugins/prefetch/configs.cc
@@ -54,20 +54,22 @@ isTrue(const char *arg)
 bool
 PrefetchConfig::init(int argc, char *argv[])
 {
-  static const struct option longopt[] = {{const_cast("front"), optional_argument, nullptr, 'f'},
-                                          {const_cast("api-header"), optional_argument, nullptr, 'h'},
-                                          {const_cast("next-header"), optional_argument, nullptr, 'n'},
-                                          {const_cast("fetch-policy"), optional_argument, nullptr, 'p'},
-                                          {const_cast("fetch-count"), optional_argument, nullptr, 'c'},
-                                          {const_cast("fetch-path-pattern"), optional_argument, nullptr, 'e'},
-                                          {const_cast("fetch-query"), optional_argument, nullptr, 'q'},
-                                          {const_cast("fetch-max"), optional_argument, nullptr, 'x'},
-                                          {const_cast("replace-host"), optional_argument, nullptr, 'r'},
-                                          {const_cast("name-space"), optional_argument, nullptr, 's'},
-                                          {const_cast("metrics-prefix"), optional_argument, nullptr, 'm'},
-                                          {const_cast("exact-match"), optional_argument, nullptr, 'y'},
-                                          {const_cast("log-name"), optional_argument, nullptr, 'l'},
-                                          {nullptr, 0, nullptr, 0}};
+  static const struct option longopt[] = {
+    {const_cast("front"),              optional_argument, nullptr, 'f'},
+    {const_cast("api-header"),         optional_argument, nullptr, 'h'},
+    {const_cast("next-header"),        optional_argument, nullptr, 'n'},
+    {const_cast("fetch-policy"),       optional_argument, nullptr, 'p'},
+    {const_cast("fetch-count"),        optional_argument, nullptr, 'c'},
+    {const_cast("fetch-path-pattern"), optional_argument, nullptr, 'e'},
+    {const_cast("fetch-query"),        optional_argument, nullptr, 'q'},
+    {const_cast("fetch-max"),          optional_argument, nullptr, 'x'},
+    {const_cast("replace-host"),       optional_argument, nullptr, 'r'},
+    {const_cast("name-space"),         optional_argument, nullptr, 's'},
+    {const_cast("metrics-prefix"),     optional_argument, nullptr, 'm'},
+    {const_cast("exact-match"),        optional_argument, nullptr, 'y'},
+    {const_cast("log-name"),           optional_argument, nullptr, 'l'},
+    {nullptr,                                  0,                 nullptr, 0  }
+  };
 
   bool status = true;
   optind      = 0;
diff --git a/plugins/prefetch/fetch.h b/plugins/prefetch/fetch.h
index 7c2a1dd7563..0471e1e718f 100644
--- a/plugins/prefetch/fetch.h
+++ b/plugins/prefetch/fetch.h
@@ -98,14 +98,22 @@ class BgFetchState
   size_t _concurrentFetches                        = 0;
   size_t _concurrentFetchesMax                     = 0;
   PrefetchMetricInfo _metrics[FETCHES_MAX_METRICS] = {
-    {FETCH_ACTIVE, TS_RECORDDATATYPE_INT, -1},        {FETCH_COMPLETED, TS_RECORDDATATYPE_COUNTER, -1},
-    {FETCH_ERRORS, TS_RECORDDATATYPE_COUNTER, -1},    {FETCH_TIMEOOUTS, TS_RECORDDATATYPE_COUNTER, -1},
-    {FETCH_THROTTLED, TS_RECORDDATATYPE_COUNTER, -1}, {FETCH_ALREADY_CACHED, TS_RECORDDATATYPE_COUNTER, -1},
-    {FETCH_TOTAL, TS_RECORDDATATYPE_COUNTER, -1},     {FETCH_UNIQUE_YES, TS_RECORDDATATYPE_COUNTER, -1},
-    {FETCH_UNIQUE_NO, TS_RECORDDATATYPE_COUNTER, -1}, {FETCH_MATCH_YES, TS_RECORDDATATYPE_COUNTER, -1},
-    {FETCH_MATCH_NO, TS_RECORDDATATYPE_COUNTER, -1},  {FETCH_POLICY_YES, TS_RECORDDATATYPE_COUNTER, -1},
-    {FETCH_POLICY_NO, TS_RECORDDATATYPE_COUNTER, -1}, {FETCH_POLICY_SIZE, TS_RECORDDATATYPE_INT, -1},
-    {FETCH_POLICY_MAXSIZE, TS_RECORDDATATYPE_INT, -1}};
+    {FETCH_ACTIVE,         TS_RECORDDATATYPE_INT,     -1},
+    {FETCH_COMPLETED,      TS_RECORDDATATYPE_COUNTER, -1},
+    {FETCH_ERRORS,         TS_RECORDDATATYPE_COUNTER, -1},
+    {FETCH_TIMEOOUTS,      TS_RECORDDATATYPE_COUNTER, -1},
+    {FETCH_THROTTLED,      TS_RECORDDATATYPE_COUNTER, -1},
+    {FETCH_ALREADY_CACHED, TS_RECORDDATATYPE_COUNTER, -1},
+    {FETCH_TOTAL,          TS_RECORDDATATYPE_COUNTER, -1},
+    {FETCH_UNIQUE_YES,     TS_RECORDDATATYPE_COUNTER, -1},
+    {FETCH_UNIQUE_NO,      TS_RECORDDATATYPE_COUNTER, -1},
+    {FETCH_MATCH_YES,      TS_RECORDDATATYPE_COUNTER, -1},
+    {FETCH_MATCH_NO,       TS_RECORDDATATYPE_COUNTER, -1},
+    {FETCH_POLICY_YES,     TS_RECORDDATATYPE_COUNTER, -1},
+    {FETCH_POLICY_NO,      TS_RECORDDATATYPE_COUNTER, -1},
+    {FETCH_POLICY_SIZE,    TS_RECORDDATATYPE_INT,     -1},
+    {FETCH_POLICY_MAXSIZE, TS_RECORDDATATYPE_INT,     -1}
+  };
 
   /* plugin specific fetch logging */
   TSTextLogObject _log = nullptr;
diff --git a/plugins/regex_remap/regex_remap.cc b/plugins/regex_remap/regex_remap.cc
index aa488127b7f..bc9930987b8 100644
--- a/plugins/regex_remap/regex_remap.cc
+++ b/plugins/regex_remap/regex_remap.cc
@@ -396,7 +396,7 @@ RemapRegex::compile(const char *&error, int &erroffset)
 
   // POOMA - also dependent on actual stack size. Crashes with previous value of 2047,
   _extra->match_limit_recursion = 1750;
-  _extra->flags |= PCRE_EXTRA_MATCH_LIMIT_RECURSION;
+  _extra->flags                 |= PCRE_EXTRA_MATCH_LIMIT_RECURSION;
 
   if (pcre_fullinfo(_rex, _extra, PCRE_INFO_CAPTURECOUNT, &ccount) != 0) {
     error = "call to pcre_fullinfo() failed";
@@ -458,7 +458,7 @@ RemapRegex::compile(const char *&error, int &erroffset)
 
         _sub_ix[_num_subs]  = ix;
         _sub_pos[_num_subs] = (str - _subst);
-        str += 2;
+        str                 += 2;
         ++_num_subs;
       } else { // Not a valid substitution character, so just ignore it
         ++str;
@@ -483,7 +483,7 @@ RemapRegex::get_lengths(const int ovector[], int lengths[], TSRemapRequestInfo *
 
     if (ix < 10) {
       lengths[ix] = ovector[2 * ix + 1] - ovector[2 * ix]; // -1 - -1 == 0
-      len += lengths[ix];
+      len         += lengths[ix];
     } else {
       int tmp_len;
 
@@ -597,7 +597,7 @@ RemapRegex::substitute(char dest[], const char *src, const int ovector[], const
           p1 += len;
         }
       }
-      p2 += (_sub_pos[i] - prev + 2);
+      p2   += (_sub_pos[i] - prev + 2);
       prev = _sub_pos[i] + 2;
 
       if (lowercase_substitutions == true || ix == SUB_LOWER_PATH) {
@@ -609,7 +609,7 @@ RemapRegex::substitute(char dest[], const char *src, const int ovector[], const
     }
 
     memcpy(p1, p2, _subst_len - (p2 - _subst));
-    p1 += _subst_len - (p2 - _subst);
+    p1  += _subst_len - (p2 - _subst);
     *p1 = 0; // Make sure it's NULL terminated (for safety).
     return p1 - dest;
   } else {
diff --git a/plugins/regex_revalidate/regex_revalidate.c b/plugins/regex_revalidate/regex_revalidate.c
index 7710ad0d4db..a3e92d886c4 100644
--- a/plugins/regex_revalidate/regex_revalidate.c
+++ b/plugins/regex_revalidate/regex_revalidate.c
@@ -38,11 +38,11 @@
 #include 
 #endif
 
-#define CONFIG_TMOUT 60000
-#define FREE_TMOUT 300000
-#define OVECTOR_SIZE 30
+#define CONFIG_TMOUT      60000
+#define FREE_TMOUT        300000
+#define OVECTOR_SIZE      30
 #define LOG_ROLL_INTERVAL 86400
-#define LOG_ROLL_OFFSET 0
+#define LOG_ROLL_OFFSET   0
 
 static const char *const PLUGIN_NAME = "regex_revalidate";
 static const char *const DEFAULT_DIR = "var/trafficserver"; /* Not perfect, but no better API) */
@@ -682,11 +682,13 @@ TSPluginInit(int argc, const char *argv[])
   init_plugin_state_t(pstate);
 
   int c;
-  static const struct option longopts[] = {{"config", required_argument, NULL, 'c'},
-                                           {"log", required_argument, NULL, 'l'},
-                                           {"disable-timed-reload", no_argument, NULL, 'd'},
-                                           {"state-file", required_argument, NULL, 'f'},
-                                           {NULL, 0, NULL, 0}};
+  static const struct option longopts[] = {
+    {"config",               required_argument, NULL, 'c'},
+    {"log",                  required_argument, NULL, 'l'},
+    {"disable-timed-reload", no_argument,       NULL, 'd'},
+    {"state-file",           required_argument, NULL, 'f'},
+    {NULL,                   0,                 NULL, 0  }
+  };
 
   while ((c = getopt_long(argc, (char *const *)argv, "c:l:f:", longopts, NULL)) != -1) {
     switch (c) {
diff --git a/plugins/remap_purge/remap_purge.c b/plugins/remap_purge/remap_purge.c
index 3027543563e..46fa41a3b86 100644
--- a/plugins/remap_purge/remap_purge.c
+++ b/plugins/remap_purge/remap_purge.c
@@ -257,9 +257,12 @@ TSRemapNewInstance(int argc, char *argv[], void **ih, char *errbuf, int errbuf_s
   char *id                             = argv[0]; /* The ID is default to the "from" URL, so save it */
   PurgeInstance *purge                 = TSmalloc(sizeof(PurgeInstance));
   static const struct option longopt[] = {
-    {(char *)"id", required_argument, NULL, 'i'},     {(char *)"secret", required_argument, NULL, 's'},
-    {(char *)"header", required_argument, NULL, 'h'}, {(char *)"state-file", required_argument, NULL, 'f'},
-    {(char *)"allow-get", no_argument, NULL, 'a'},    {NULL, no_argument, NULL, '\0'},
+    {(char *)"id",         required_argument, NULL, 'i' },
+    {(char *)"secret",     required_argument, NULL, 's' },
+    {(char *)"header",     required_argument, NULL, 'h' },
+    {(char *)"state-file", required_argument, NULL, 'f' },
+    {(char *)"allow-get",  no_argument,       NULL, 'a' },
+    {NULL,                 no_argument,       NULL, '\0'},
   };
 
   memset(purge, 0, sizeof(PurgeInstance));
diff --git a/plugins/s3_auth/s3_auth.cc b/plugins/s3_auth/s3_auth.cc
index b67c8cad110..746a2cfdb13 100644
--- a/plugins/s3_auth/s3_auth.cc
+++ b/plugins/s3_auth/s3_auth.cc
@@ -1115,16 +1115,16 @@ TSReturnCode
 TSRemapNewInstance(int argc, char *argv[], void **ih, char * /* errbuf ATS_UNUSED */, int /* errbuf_size ATS_UNUSED */)
 {
   static const struct option longopt[] = {
-    {const_cast("access_key"), required_argument, nullptr, 'a'},
-    {const_cast("config"), required_argument, nullptr, 'c'},
-    {const_cast("secret_key"), required_argument, nullptr, 's'},
-    {const_cast("version"), required_argument, nullptr, 'v'},
-    {const_cast("virtual_host"), no_argument, nullptr, 'h'},
-    {const_cast("v4-include-headers"), required_argument, nullptr, 'i'},
-    {const_cast("v4-exclude-headers"), required_argument, nullptr, 'e'},
-    {const_cast("v4-region-map"), required_argument, nullptr, 'm'},
-    {const_cast("session_token"), required_argument, nullptr, 't'},
-    {nullptr, no_argument, nullptr, '\0'},
+    {const_cast("access_key"),         required_argument, nullptr, 'a' },
+    {const_cast("config"),             required_argument, nullptr, 'c' },
+    {const_cast("secret_key"),         required_argument, nullptr, 's' },
+    {const_cast("version"),            required_argument, nullptr, 'v' },
+    {const_cast("virtual_host"),       no_argument,       nullptr, 'h' },
+    {const_cast("v4-include-headers"), required_argument, nullptr, 'i' },
+    {const_cast("v4-exclude-headers"), required_argument, nullptr, 'e' },
+    {const_cast("v4-region-map"),      required_argument, nullptr, 'm' },
+    {const_cast("session_token"),      required_argument, nullptr, 't' },
+    {nullptr,                                  no_argument,       nullptr, '\0'},
   };
 
   S3Config *s3          = new S3Config(true); // true == this config gets the continuation
diff --git a/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc b/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc
index b3866ba4699..a36365f5a2f 100644
--- a/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc
+++ b/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc
@@ -42,7 +42,7 @@ TEST_CASE("uriEncode(): encode unreserved chars", "[s3_auth]")
                     "abcdefghijklmnopqrstuvwxyz"
                     "0123456789"
                     "-._~";
-  String encoded = uriEncode(in, /* isObjectName */ false);
+  String encoded  = uriEncode(in, /* isObjectName */ false);
 
   CHECK(in.length() == encoded.length());
   CHECK_FALSE(encoded.compare("ABCDEFGHIJKLMNOPQRSTUVWXYZ"
diff --git a/plugins/server_push_preload/server_push_preload.cc b/plugins/server_push_preload/server_push_preload.cc
index 68c44101200..fcfa143f8af 100644
--- a/plugins/server_push_preload/server_push_preload.cc
+++ b/plugins/server_push_preload/server_push_preload.cc
@@ -30,7 +30,7 @@
 #include "tscpp/api/RemapPlugin.h"
 #include "tscpp/api/TransactionPlugin.h"
 
-#define PLUGIN_NAME "server_push_preload"
+#define PLUGIN_NAME   "server_push_preload"
 #define PRELOAD_PARAM "rel=preload"
 #define NOPUSH_OPTION "nopush"
 
diff --git a/plugins/stats_over_http/stats_over_http.cc b/plugins/stats_over_http/stats_over_http.cc
index 303d170c72a..255f8cf0161 100644
--- a/plugins/stats_over_http/stats_over_http.cc
+++ b/plugins/stats_over_http/stats_over_http.cc
@@ -49,11 +49,11 @@
 #include 
 #endif
 
-#define PLUGIN_NAME "stats_over_http"
-#define FREE_TMOUT 300000
+#define PLUGIN_NAME     "stats_over_http"
+#define FREE_TMOUT      300000
 #define STR_BUFFER_SIZE 1024
 
-#define SYSTEM_RECORD_TYPE (0x100)
+#define SYSTEM_RECORD_TYPE   (0x100)
 #define DEFAULT_RECORD_TYPES (SYSTEM_RECORD_TYPE | TS_RECORDTYPE_PROCESS | TS_RECORDTYPE_PLUGIN)
 
 static const swoc::IP4Range DEFAULT_IP{swoc::IP4Addr::MIN, swoc::IP4Addr::MAX};
@@ -77,7 +77,7 @@ static const int ZLIB_MEMLEVEL = 9; // min=1 (optimize for memory),max=9 (optimi
 static const int WINDOW_BITS_DEFLATE = 15;
 static const int WINDOW_BITS_GZIP    = 16;
 #define DEFLATE_MODE WINDOW_BITS_DEFLATE
-#define GZIP_MODE (WINDOW_BITS_DEFLATE | WINDOW_BITS_GZIP)
+#define GZIP_MODE    (WINDOW_BITS_DEFLATE | WINDOW_BITS_GZIP)
 
 // brotli compression quality 1-11. Testing proved level '6'
 #if HAVE_BROTLI_ENCODE_H
@@ -466,7 +466,7 @@ gzip_out_stats(stats_state *my_state)
   int64_t toconsume = TSIOBufferReaderAvail(my_state->resp_reader);
   TSIOBufferReaderConsume(my_state->resp_reader, toconsume);
 
-  my_state->output_bytes -= toconsume;
+  my_state->output_bytes    -= toconsume;
   my_state->zstrm.avail_in  = inputbytes;
   my_state->zstrm.avail_out = sizeof(outputbuf);
   my_state->zstrm.next_in   = (Bytef *)inputbuf;
@@ -665,9 +665,11 @@ TSPluginInit(int argc, const char *argv[])
   TSPluginRegistrationInfo info;
 
   static const char usage[]             = PLUGIN_NAME ".so [--integer-counters] [PATH]";
-  static const struct option longopts[] = {{(char *)("integer-counters"), no_argument, nullptr, 'i'},
-                                           {(char *)("wrap-counters"), no_argument, nullptr, 'w'},
-                                           {nullptr, 0, nullptr, 0}};
+  static const struct option longopts[] = {
+    {(char *)("integer-counters"), no_argument, nullptr, 'i'},
+    {(char *)("wrap-counters"),    no_argument, nullptr, 'w'},
+    {nullptr,                      0,           nullptr, 0  }
+  };
   TSCont main_cont, config_cont;
   config_holder_t *config_holder;
 
diff --git a/plugins/tcpinfo/tcpinfo.cc b/plugins/tcpinfo/tcpinfo.cc
index ca73cb07a00..b73515ca2bf 100644
--- a/plugins/tcpinfo/tcpinfo.cc
+++ b/plugins/tcpinfo/tcpinfo.cc
@@ -51,10 +51,10 @@
 #define TCPI_PLUGIN_SUPPORTED 1
 #endif
 
-#define TCPI_HOOK_SSN_START 0x01u
-#define TCPI_HOOK_TXN_START 0x02u
+#define TCPI_HOOK_SSN_START     0x01u
+#define TCPI_HOOK_TXN_START     0x02u
 #define TCPI_HOOK_SEND_RESPONSE 0x04u
-#define TCPI_HOOK_TXN_CLOSE 0x10u
+#define TCPI_HOOK_TXN_CLOSE     0x10u
 
 // Log format headers. These are emitted once at the start of a log file. Note that we
 // carefully order the fields so the field ordering is compatible. This lets you change
@@ -286,11 +286,13 @@ parse_hook_list(const char *hook_list)
   const struct hookmask {
     const char *name;
     unsigned mask;
-  } hooks[] = {{"ssn_start", TCPI_HOOK_SSN_START},
-               {"txn_start", TCPI_HOOK_TXN_START},
-               {"send_resp_hdr", TCPI_HOOK_SEND_RESPONSE},
-               {"txn_close", TCPI_HOOK_TXN_CLOSE},
-               {nullptr, 0u}};
+  } hooks[] = {
+    {"ssn_start",     TCPI_HOOK_SSN_START    },
+    {"txn_start",     TCPI_HOOK_TXN_START    },
+    {"send_resp_hdr", TCPI_HOOK_SEND_RESPONSE},
+    {"txn_close",     TCPI_HOOK_TXN_CLOSE    },
+    {nullptr,         0u                     }
+  };
 
   str = TSstrdup(hook_list);
 
@@ -299,7 +301,7 @@ parse_hook_list(const char *hook_list)
 
     for (const struct hookmask *m = hooks; m->name != nullptr; ++m) {
       if (strcmp(m->name, tok) == 0) {
-        mask |= m->mask;
+        mask  |= m->mask;
         match = true;
         break;
       }
@@ -317,19 +319,19 @@ parse_hook_list(const char *hook_list)
 void
 TSPluginInit(int argc, const char *argv[])
 {
-  static const char usage[] = "tcpinfo.so [--log-file=PATH] [--log-level=LEVEL] [--hooks=LIST] [--sample-rate=COUNT] "
-                              "[--rolling-enabled=VALUE] [--rolling-offset-hr=HOUR] [--rolling-interval-sec=SECONDS] "
-                              "[--rolling-size=MB]";
+  static const char usage[]             = "tcpinfo.so [--log-file=PATH] [--log-level=LEVEL] [--hooks=LIST] [--sample-rate=COUNT] "
+                                          "[--rolling-enabled=VALUE] [--rolling-offset-hr=HOUR] [--rolling-interval-sec=SECONDS] "
+                                          "[--rolling-size=MB]";
   static const struct option longopts[] = {
-    {const_cast("sample-rate"), required_argument, nullptr, 'r'},
-    {const_cast("log-file"), required_argument, nullptr, 'f'},
-    {const_cast("log-level"), required_argument, nullptr, 'l'},
-    {const_cast("hooks"), required_argument, nullptr, 'h'},
-    {const_cast("rolling-enabled"), required_argument, nullptr, 'e'},
-    {const_cast("rolling-offset-hr"), required_argument, nullptr, 'H'},
+    {const_cast("sample-rate"),          required_argument, nullptr, 'r'},
+    {const_cast("log-file"),             required_argument, nullptr, 'f'},
+    {const_cast("log-level"),            required_argument, nullptr, 'l'},
+    {const_cast("hooks"),                required_argument, nullptr, 'h'},
+    {const_cast("rolling-enabled"),      required_argument, nullptr, 'e'},
+    {const_cast("rolling-offset-hr"),    required_argument, nullptr, 'H'},
     {const_cast("rolling-interval-sec"), required_argument, nullptr, 'S'},
-    {const_cast("rolling-size"), required_argument, nullptr, 'M'},
-    {nullptr, 0, nullptr, 0},
+    {const_cast("rolling-size"),         required_argument, nullptr, 'M'},
+    {nullptr,                                    0,                 nullptr, 0  },
   };
 
   TSPluginRegistrationInfo info;
diff --git a/plugins/xdebug/xdebug.cc b/plugins/xdebug/xdebug.cc
index afb4065523a..a2420ceafc8 100644
--- a/plugins/xdebug/xdebug.cc
+++ b/plugins/xdebug/xdebug.cc
@@ -111,20 +111,20 @@ constexpr struct XHeader {
   std::string_view name;
   unsigned int flag;
 } header_flags[] = {
-  {HEADER_NAME_X_CACHE_KEY, XHEADER_X_CACHE_KEY},
-  {HEADER_NAME_X_MILESTONES, XHEADER_X_MILESTONES},
-  {HEADER_NAME_X_CACHE, XHEADER_X_CACHE},
-  {HEADER_NAME_X_GENERATION, XHEADER_X_GENERATION},
+  {HEADER_NAME_X_CACHE_KEY,      XHEADER_X_CACHE_KEY     },
+  {HEADER_NAME_X_MILESTONES,     XHEADER_X_MILESTONES    },
+  {HEADER_NAME_X_CACHE,          XHEADER_X_CACHE         },
+  {HEADER_NAME_X_GENERATION,     XHEADER_X_GENERATION    },
   {HEADER_NAME_X_TRANSACTION_ID, XHEADER_X_TRANSACTION_ID},
-  {HEADER_NAME_X_DUMP_HEADERS, XHEADER_X_DUMP_HEADERS},
-  {HEADER_NAME_X_REMAP, XHEADER_X_REMAP},
-  {HEADER_NAME_X_PROBE_HEADERS, XHEADER_X_PROBE_HEADERS},
-  {HEADER_NAME_X_PSELECT_KEY, XHEADER_X_PSELECT_KEY},
-  {HEADER_NAME_X_CACHE_INFO, XHEADER_X_CACHE_INFO},
-  {HEADER_NAME_X_EFFECTIVE_URL, XHEADER_X_EFFECTIVE_URL},
-  {HEADER_NAME_VIA, XHEADER_VIA},
-  {HEADER_NAME_DIAGS, XHEADER_DIAGS},
-  {HEADER_NAME_ALL, XHEADER_ALL},
+  {HEADER_NAME_X_DUMP_HEADERS,   XHEADER_X_DUMP_HEADERS  },
+  {HEADER_NAME_X_REMAP,          XHEADER_X_REMAP         },
+  {HEADER_NAME_X_PROBE_HEADERS,  XHEADER_X_PROBE_HEADERS },
+  {HEADER_NAME_X_PSELECT_KEY,    XHEADER_X_PSELECT_KEY   },
+  {HEADER_NAME_X_CACHE_INFO,     XHEADER_X_CACHE_INFO    },
+  {HEADER_NAME_X_EFFECTIVE_URL,  XHEADER_X_EFFECTIVE_URL },
+  {HEADER_NAME_VIA,              XHEADER_VIA             },
+  {HEADER_NAME_DIAGS,            XHEADER_DIAGS           },
+  {HEADER_NAME_ALL,              XHEADER_ALL             },
 };
 
 static TSCont XInjectHeadersCont  = nullptr;
@@ -300,29 +300,29 @@ InjectMilestonesHeader(TSHttpTxn txn, TSMBuffer buffer, TSMLoc hdr)
   // The set of milestones we can publish. Some milestones happen after
   // this hook, so we skip those ...
   static const milestone milestones[] = {
-    {TS_MILESTONE_UA_BEGIN, "UA-BEGIN"},
-    {TS_MILESTONE_UA_FIRST_READ, "UA-FIRST-READ"},
-    {TS_MILESTONE_UA_READ_HEADER_DONE, "UA-READ-HEADER-DONE"},
-    {TS_MILESTONE_UA_BEGIN_WRITE, "UA-BEGIN-WRITE"},
-    {TS_MILESTONE_UA_CLOSE, "UA-CLOSE"},
-    {TS_MILESTONE_SERVER_FIRST_CONNECT, "SERVER-FIRST-CONNECT"},
-    {TS_MILESTONE_SERVER_CONNECT, "SERVER-CONNECT"},
-    {TS_MILESTONE_SERVER_CONNECT_END, "SERVER-CONNECT-END"},
-    {TS_MILESTONE_SERVER_BEGIN_WRITE, "SERVER-BEGIN-WRITE"},
-    {TS_MILESTONE_SERVER_FIRST_READ, "SERVER-FIRST-READ"},
+    {TS_MILESTONE_UA_BEGIN,                "UA-BEGIN"               },
+    {TS_MILESTONE_UA_FIRST_READ,           "UA-FIRST-READ"          },
+    {TS_MILESTONE_UA_READ_HEADER_DONE,     "UA-READ-HEADER-DONE"    },
+    {TS_MILESTONE_UA_BEGIN_WRITE,          "UA-BEGIN-WRITE"         },
+    {TS_MILESTONE_UA_CLOSE,                "UA-CLOSE"               },
+    {TS_MILESTONE_SERVER_FIRST_CONNECT,    "SERVER-FIRST-CONNECT"   },
+    {TS_MILESTONE_SERVER_CONNECT,          "SERVER-CONNECT"         },
+    {TS_MILESTONE_SERVER_CONNECT_END,      "SERVER-CONNECT-END"     },
+    {TS_MILESTONE_SERVER_BEGIN_WRITE,      "SERVER-BEGIN-WRITE"     },
+    {TS_MILESTONE_SERVER_FIRST_READ,       "SERVER-FIRST-READ"      },
     {TS_MILESTONE_SERVER_READ_HEADER_DONE, "SERVER-READ-HEADER-DONE"},
-    {TS_MILESTONE_SERVER_CLOSE, "SERVER-CLOSE"},
-    {TS_MILESTONE_CACHE_OPEN_READ_BEGIN, "CACHE-OPEN-READ-BEGIN"},
-    {TS_MILESTONE_CACHE_OPEN_READ_END, "CACHE-OPEN-READ-END"},
-    {TS_MILESTONE_CACHE_OPEN_WRITE_BEGIN, "CACHE-OPEN-WRITE-BEGIN"},
-    {TS_MILESTONE_CACHE_OPEN_WRITE_END, "CACHE-OPEN-WRITE-END"},
-    {TS_MILESTONE_DNS_LOOKUP_BEGIN, "DNS-LOOKUP-BEGIN"},
-    {TS_MILESTONE_DNS_LOOKUP_END, "DNS-LOOKUP-END"},
-    // SM_START is deliberately excluded because as all the times are printed relative to it
-    // it would always be zero.
-    {TS_MILESTONE_SM_FINISH, "SM-FINISH"},
-    {TS_MILESTONE_PLUGIN_ACTIVE, "PLUGIN-ACTIVE"},
-    {TS_MILESTONE_PLUGIN_TOTAL, "PLUGIN-TOTAL"},
+    {TS_MILESTONE_SERVER_CLOSE,            "SERVER-CLOSE"           },
+    {TS_MILESTONE_CACHE_OPEN_READ_BEGIN,   "CACHE-OPEN-READ-BEGIN"  },
+    {TS_MILESTONE_CACHE_OPEN_READ_END,     "CACHE-OPEN-READ-END"    },
+    {TS_MILESTONE_CACHE_OPEN_WRITE_BEGIN,  "CACHE-OPEN-WRITE-BEGIN" },
+    {TS_MILESTONE_CACHE_OPEN_WRITE_END,    "CACHE-OPEN-WRITE-END"   },
+    {TS_MILESTONE_DNS_LOOKUP_BEGIN,        "DNS-LOOKUP-BEGIN"       },
+    {TS_MILESTONE_DNS_LOOKUP_END,          "DNS-LOOKUP-END"         },
+ // SM_START is deliberately excluded because as all the times are printed relative to it
+  // it would always be zero.
+    {TS_MILESTONE_SM_FINISH,               "SM-FINISH"              },
+    {TS_MILESTONE_PLUGIN_ACTIVE,           "PLUGIN-ACTIVE"          },
+    {TS_MILESTONE_PLUGIN_TOTAL,            "PLUGIN-TOTAL"           },
   };
 
   TSMLoc dst = TS_NULL_MLOC;
@@ -833,9 +833,11 @@ updateAllowedHeaders(const char *optarg)
 void
 TSPluginInit(int argc, const char *argv[])
 {
-  static const struct option longopt[] = {{const_cast("header"), required_argument, nullptr, 'h'},
-                                          {const_cast("enable"), required_argument, nullptr, 'e'},
-                                          {nullptr, no_argument, nullptr, '\0'}};
+  static const struct option longopt[] = {
+    {const_cast("header"), required_argument, nullptr, 'h' },
+    {const_cast("enable"), required_argument, nullptr, 'e' },
+    {nullptr,                      no_argument,       nullptr, '\0'}
+  };
   TSPluginRegistrationInfo info;
 
   info.plugin_name   = (char *)"xdebug";
diff --git a/plugins/xdebug/xdebug_transforms.cc b/plugins/xdebug/xdebug_transforms.cc
index e1019e726ec..84a9fea806a 100644
--- a/plugins/xdebug/xdebug_transforms.cc
+++ b/plugins/xdebug/xdebug_transforms.cc
@@ -103,7 +103,7 @@ body_transform(TSCont contp, TSEvent event, void *edata)
       std::string prebody = getPreBody(txn);
       TSIOBufferWrite(data->output_buffer.get(), prebody.data(), prebody.length()); // write prebody
       data->wrote_prebody = true;
-      data->nbytes += prebody.length();
+      data->nbytes        += prebody.length();
     }
 
     TSIOBuffer src_buf = TSVIOBufferGet(src_vio);
@@ -133,7 +133,7 @@ body_transform(TSCont contp, TSEvent event, void *edata)
       // End of src vio
       // Write post body content and update output VIO
       data->wrote_body = true;
-      data->nbytes += TSVIONDoneGet(src_vio);
+      data->nbytes     += TSVIONDoneGet(src_vio);
       writePostBody(txn, data);
       TSContCall(TSVIOContGet(src_vio), TS_EVENT_VCONN_WRITE_COMPLETE, src_vio);
     }
diff --git a/proxy/CacheControl.h b/proxy/CacheControl.h
index 963ff9c5713..0d1f88ee5a1 100644
--- a/proxy/CacheControl.h
+++ b/proxy/CacheControl.h
@@ -42,7 +42,7 @@ const int CC_UNSET_TIME = -1;
 
 //   Use 10 second time for purify testing under low
 //     load to verify memory allocation
-//#define CACHE_CONTROL_TIMEOUT            (HRTIME_SECOND*10)
+// #define CACHE_CONTROL_TIMEOUT            (HRTIME_SECOND*10)
 
 enum CacheControlType {
   CC_INVALID = 0,
diff --git a/proxy/ControlMatcher.h b/proxy/ControlMatcher.h
index 394841fdd5c..4d577c0954d 100644
--- a/proxy/ControlMatcher.h
+++ b/proxy/ControlMatcher.h
@@ -289,12 +289,12 @@ template  class IpMatcher : protected BaseMatcher
   IpMap ip_map; // Data structure to do lookups
 };
 
-#define ALLOW_HOST_TABLE 1 << 0
-#define ALLOW_IP_TABLE 1 << 1
-#define ALLOW_REGEX_TABLE 1 << 2
+#define ALLOW_HOST_TABLE       1 << 0
+#define ALLOW_IP_TABLE         1 << 1
+#define ALLOW_REGEX_TABLE      1 << 2
 #define ALLOW_HOST_REGEX_TABLE 1 << 3
-#define ALLOW_URL_TABLE 1 << 4
-#define DONT_BUILD_TABLE 1 << 5 // for testing
+#define ALLOW_URL_TABLE        1 << 4
+#define DONT_BUILD_TABLE       1 << 5 // for testing
 
 template  class ControlMatcher
 {
diff --git a/proxy/HostStatus.h b/proxy/HostStatus.h
index e09155c1abb..f811bb5cdea 100644
--- a/proxy/HostStatus.h
+++ b/proxy/HostStatus.h
@@ -229,7 +229,7 @@ struct HostStatus {
 
 private:
   HostStatus();
-  HostStatus(const HostStatus &obj) = delete;
+  HostStatus(const HostStatus &obj)         = delete;
   HostStatus &operator=(HostStatus const &) = delete;
 
   // next hop status, key is hostname or ip string, data is HostStatRec
diff --git a/proxy/IPAllow.h b/proxy/IPAllow.h
index 4dd9053fa92..6c584153ee3 100644
--- a/proxy/IPAllow.h
+++ b/proxy/IPAllow.h
@@ -132,7 +132,7 @@ class IpAllow : public ConfigInfo
     ~ACL();
 
     self_type &operator=(const self_type &) = delete;
-    self_type &operator                     =(self_type &&that) noexcept;
+    self_type &operator=(self_type &&that) noexcept;
 
     void clear(); ///< Drop data and config reference.
 
diff --git a/proxy/InkAPIInternal.h b/proxy/InkAPIInternal.h
index 5368c0784f1..0500add37dd 100644
--- a/proxy/InkAPIInternal.h
+++ b/proxy/InkAPIInternal.h
@@ -117,6 +117,12 @@ class APIHook
   APIHook *next() const;
   APIHook *prev() const;
   LINK(APIHook, m_link);
+
+  // This is like invoke(), but allows for blocking on continuation mutexes.  It is a hack, calling it can block
+  // the calling thread.  Hooks that require this should be reimplemented, modeled on the hook handling in HttpSM.cc .
+  // That is, try to lock the mutex, and reschedule the contination if the mutex cannot be locked.
+  //
+  int blocking_invoke(int event, void *edata) const;
 };
 
 /// A collection of API hooks.
diff --git a/proxy/ParentSelection.cc b/proxy/ParentSelection.cc
index cc0e4b2c7d7..868a7c5e3e2 100644
--- a/proxy/ParentSelection.cc
+++ b/proxy/ParentSelection.cc
@@ -32,7 +32,7 @@
 #include "I_Machine.h"
 #include "tscore/Filenames.h"
 
-#define MAX_SIMPLE_RETRIES 5
+#define MAX_SIMPLE_RETRIES             5
 #define MAX_UNAVAILABLE_SERVER_RETRIES 5
 
 using P_table = ControlMatcher;
@@ -418,8 +418,8 @@ ParentRecord::PreProcessParents(const char *val, const int line_num, char *buf,
       }
     }
 
-    str += token;
-    str += ";";
+    str   += token;
+    str   += ";";
     token = strtok_r(nullptr, PARENT_DELIMITERS, &savePtr);
   }
   strncpy(buf, str.c_str(), len);
@@ -1132,7 +1132,7 @@ EXCLUSIVE_REGRESSION_TEST(PARENTSELECTION)(RegressionTest * /* t ATS_UNUSED */,
     REINIT;
     br(request, "fruit_basket.net");
     FP;
-    red += verify(result, PARENT_SPECIFIED, "red", 37412);
+    red    += verify(result, PARENT_SPECIFIED, "red", 37412);
     orange += verify(result, PARENT_SPECIFIED, "orange", 37412);
     yellow += verify(result, PARENT_SPECIFIED, "yellow", 37412);
   }
diff --git a/proxy/ParentSelection.h b/proxy/ParentSelection.h
index 3085668c74c..e2eac6a3c29 100644
--- a/proxy/ParentSelection.h
+++ b/proxy/ParentSelection.h
@@ -42,7 +42,7 @@
 #include 
 #include 
 
-#define MAX_PARENTS 64
+#define MAX_PARENTS           64
 #define DEFAULT_PARENT_WEIGHT 1.0
 
 struct RequestData;
diff --git a/proxy/PluginVC.cc b/proxy/PluginVC.cc
index d491d4d5a0d..fda776b538d 100644
--- a/proxy/PluginVC.cc
+++ b/proxy/PluginVC.cc
@@ -76,7 +76,7 @@
 #include "P_Net.h"
 #include "tscore/Regression.h"
 
-#define PVC_LOCK_RETRY_TIME HRTIME_MSECONDS(10)
+#define PVC_LOCK_RETRY_TIME      HRTIME_MSECONDS(10)
 #define MIN_BLOCK_TRANSFER_BYTES 128
 
 #define PVC_TYPE ((vc_type == PLUGIN_VC_ACTIVE) ? "Active" : "Passive")
@@ -549,7 +549,7 @@ PluginVC::process_write_side()
     return;
   }
 
-  write_state.vio.ndone += added;
+  write_state.vio.ndone            += added;
   other_side->read_state.vio.ndone += added;
 
   Debug("pvc", "[%u] %s: process_write_side and process_read_side from other side; added %" PRId64 "", core_obj->id, PVC_TYPE,
diff --git a/proxy/PoolableSession.h b/proxy/PoolableSession.h
index d98f93c2540..114479fb373 100644
--- a/proxy/PoolableSession.h
+++ b/proxy/PoolableSession.h
@@ -85,6 +85,7 @@ class PoolableSession : public ProxySession
   bool is_private() const;
 
   virtual void set_netvc(NetVConnection *newvc);
+  virtual bool is_multiplexing() const;
 
   // Used to determine whether the session is for parent proxy
   // it is session to origin server
@@ -237,3 +238,9 @@ PoolableSession::attach_hostname(const char *hostname)
     CryptoContext().hash_immediate(hostname_hash, (unsigned char *)hostname, strlen(hostname));
   }
 }
+
+inline bool
+PoolableSession::is_multiplexing() const
+{
+  return false;
+}
diff --git a/proxy/ProtocolProbeSessionAccept.h b/proxy/ProtocolProbeSessionAccept.h
index c58dbe31bd2..2dfd99df5a9 100644
--- a/proxy/ProtocolProbeSessionAccept.h
+++ b/proxy/ProtocolProbeSessionAccept.h
@@ -50,7 +50,7 @@ class ProtocolProbeSessionAccept : public SessionAccept, public ProtocolProbeSes
   bool accept(NetVConnection *, MIOBuffer *, IOBufferReader *) override;
 
   // noncopyable
-  ProtocolProbeSessionAccept(const ProtocolProbeSessionAccept &) = delete;            // disabled
+  ProtocolProbeSessionAccept(const ProtocolProbeSessionAccept &)            = delete; // disabled
   ProtocolProbeSessionAccept &operator=(const ProtocolProbeSessionAccept &) = delete; // disabled
 
   IpMap *proxy_protocol_ipmap = nullptr;
diff --git a/proxy/ProxySession.h b/proxy/ProxySession.h
index 941cc055fd7..f2115069d57 100644
--- a/proxy/ProxySession.h
+++ b/proxy/ProxySession.h
@@ -81,7 +81,7 @@ class ProxySession : public VConnection, public PluginUserArgs
   virtual ~ProxySession();
 
   // noncopyable
-  ProxySession(ProxySession &) = delete;
+  ProxySession(ProxySession &)                  = delete;
   ProxySession &operator=(const ProxySession &) = delete;
 
   static int64_t next_connection_id();
diff --git a/proxy/ProxyTransaction.cc b/proxy/ProxyTransaction.cc
index cb80b3cc2cc..a4d5cb6d83a 100644
--- a/proxy/ProxyTransaction.cc
+++ b/proxy/ProxyTransaction.cc
@@ -235,6 +235,34 @@ ProxyTransaction::get_version(HTTPHdr &hdr) const
   return hdr.version_get();
 }
 
+bool
+ProxyTransaction::is_read_closed() const
+{
+  return false;
+}
+
+bool
+ProxyTransaction::expect_send_trailer() const
+{
+  return false;
+}
+
+void
+ProxyTransaction::set_expect_send_trailer()
+{
+}
+
+bool
+ProxyTransaction::expect_receive_trailer() const
+{
+  return false;
+}
+
+void
+ProxyTransaction::set_expect_receive_trailer()
+{
+}
+
 bool
 ProxyTransaction::allow_half_open() const
 {
diff --git a/proxy/ProxyTransaction.h b/proxy/ProxyTransaction.h
index c6d1ba79cf8..43fd760114d 100644
--- a/proxy/ProxyTransaction.h
+++ b/proxy/ProxyTransaction.h
@@ -50,6 +50,11 @@ class ProxyTransaction : public VConnection
   virtual void set_default_inactivity_timeout(ink_hrtime timeout_in);
   virtual void cancel_inactivity_timeout();
   virtual void cancel_active_timeout();
+  virtual bool is_read_closed() const;
+  virtual bool expect_send_trailer() const;
+  virtual void set_expect_send_trailer();
+  virtual bool expect_receive_trailer() const;
+  virtual void set_expect_receive_trailer();
 
   // Implement VConnection interface.
   VIO *do_io_read(Continuation *c, int64_t nbytes = INT64_MAX, MIOBuffer *buf = nullptr) override;
@@ -119,6 +124,7 @@ class ProxyTransaction : public VConnection
   const IpAllow::ACL &get_acl() const;
 
   ProxySession *get_proxy_ssn();
+  ProxySession const *get_proxy_ssn() const;
   PoolableSession *get_server_session() const;
   HttpSM *get_sm() const;
 
@@ -203,6 +209,12 @@ ProxyTransaction::get_proxy_ssn()
   return _proxy_ssn;
 }
 
+inline ProxySession const *
+ProxyTransaction::get_proxy_ssn() const
+{
+  return _proxy_ssn;
+}
+
 inline PoolableSession *
 ProxyTransaction::get_server_session() const
 {
diff --git a/proxy/ReverseProxy.cc b/proxy/ReverseProxy.cc
index 8c0dddd7bd5..2399f228dcb 100644
--- a/proxy/ReverseProxy.cc
+++ b/proxy/ReverseProxy.cc
@@ -48,11 +48,11 @@ UrlRewrite *rewrite_table                             = nullptr;
 thread_local PluginThreadContext *pluginThreadContext = nullptr;
 
 // Tokens for the Callback function
-#define FILE_CHANGED 0
-#define REVERSE_CHANGED 1
-#define TSNAME_CHANGED 2
-#define TRANS_CHANGED 4
-#define URL_REMAP_MODE_CHANGED 8
+#define FILE_CHANGED                  0
+#define REVERSE_CHANGED               1
+#define TSNAME_CHANGED                2
+#define TRANS_CHANGED                 4
+#define URL_REMAP_MODE_CHANGED        8
 #define HTTP_DEFAULT_REDIRECT_CHANGED 9
 
 //
diff --git a/proxy/Transform.cc b/proxy/Transform.cc
index 5013d3192ac..bdb5efbdf45 100644
--- a/proxy/Transform.cc
+++ b/proxy/Transform.cc
@@ -876,7 +876,7 @@ RangeTransform::transform_to_range()
       if (toskip > 0) {
         reader->consume(toskip);
         *done_byte += toskip;
-        avail = reader->read_avail();
+        avail      = reader->read_avail();
       }
     }
 
@@ -890,7 +890,7 @@ RangeTransform::transform_to_range()
       m_output_buf->write(reader, tosend);
       reader->consume(tosend);
 
-      m_done += tosend;
+      m_done     += tosend;
       *done_byte += tosend;
     }
 
diff --git a/proxy/hdrs/HTTP.cc b/proxy/hdrs/HTTP.cc
index c5354bf6b40..a22fdef1b9a 100644
--- a/proxy/hdrs/HTTP.cc
+++ b/proxy/hdrs/HTTP.cc
@@ -443,8 +443,8 @@ http_hdr_print(HdrHeap *heap, HTTPHdrImpl *hdr, char *buf, int bufsize, int *buf
 
       p = buf + *bufindex;
       memcpy(p, hdr->u.req.m_ptr_method, hdr->u.req.m_len_method);
-      p += hdr->u.req.m_len_method;
-      *p++ = ' ';
+      p         += hdr->u.req.m_len_method;
+      *p++      = ' ';
       *bufindex += hdr->u.req.m_len_method + 1;
 
       if (hdr->u.req.m_url_impl) {
@@ -453,8 +453,8 @@ http_hdr_print(HdrHeap *heap, HTTPHdrImpl *hdr, char *buf, int bufsize, int *buf
           if (hdr->u.req.m_method_wks_idx == HTTP_WKSIDX_CONNECT) {
             *bufindex -= 1; // remove trailing slash for CONNECT request
           }
-          p    = buf + *bufindex;
-          *p++ = ' ';
+          p         = buf + *bufindex;
+          *p++      = ' ';
           *bufindex += 1;
         } else {
           return 0;
@@ -469,9 +469,9 @@ http_hdr_print(HdrHeap *heap, HTTPHdrImpl *hdr, char *buf, int bufsize, int *buf
       }
 
       if (bufsize - *bufindex >= 2) {
-        p    = buf + *bufindex;
-        *p++ = '\r';
-        *p++ = '\n';
+        p         = buf + *bufindex;
+        *p++      = '\r';
+        *p++      = '\n';
         *bufindex += 2;
       } else {
         TRY(mime_mem_print("\r\n", 2, buf, bufsize, bufindex, dumpoffset));
@@ -502,8 +502,8 @@ http_hdr_print(HdrHeap *heap, HTTPHdrImpl *hdr, char *buf, int bufsize, int *buf
 
       p = buf + *bufindex;
       http_hdr_version_to_string(hdr->m_version, p);
-      p += 8; // overwrite '\0' with space
-      *p++ = ' ';
+      p         += 8; // overwrite '\0' with space
+      *p++      = ' ';
       *bufindex += 9;
 
       hdrstat = http_hdr_status_get(hdr);
@@ -517,7 +517,7 @@ http_hdr_print(HdrHeap *heap, HTTPHdrImpl *hdr, char *buf, int bufsize, int *buf
         ink_assert(tmplen <= 6);
         p += tmplen;
       }
-      *p++ = ' ';
+      *p++      = ' ';
       *bufindex += tmplen + 1;
 
       if (hdr->u.resp.m_ptr_reason) {
@@ -525,9 +525,9 @@ http_hdr_print(HdrHeap *heap, HTTPHdrImpl *hdr, char *buf, int bufsize, int *buf
       }
 
       if (bufsize - *bufindex >= 2) {
-        p    = buf + *bufindex;
-        *p++ = '\r';
-        *p++ = '\n';
+        p         = buf + *bufindex;
+        *p++      = '\r';
+        *p++      = '\n';
         *bufindex += 2;
       } else {
         TRY(mime_mem_print("\r\n", 2, buf, bufsize, bufindex, dumpoffset));
@@ -1540,7 +1540,7 @@ http_parse_version(const char *start, const char *end)
     min = 0;
 
     while ((start != end) && isdigit(*start)) {
-      maj = (maj * 10) + (*start - '0');
+      maj   = (maj * 10) + (*start - '0');
       start += 1;
     }
 
@@ -1549,7 +1549,7 @@ http_parse_version(const char *start, const char *end)
     }
 
     while ((start != end) && isdigit(*start)) {
-      min = (min * 10) + (*start - '0');
+      min   = (min * 10) + (*start - '0');
       start += 1;
     }
 
@@ -1619,7 +1619,7 @@ http_parse_qvalue(const char *&buf, int &len)
 
         n = 0.0;
         while (len > 0 && *buf && isdigit(*buf)) {
-          n = (n * 10) + (*buf++ - '0');
+          n   = (n * 10) + (*buf++ - '0');
           len -= 1;
         }
 
@@ -1629,8 +1629,8 @@ http_parse_qvalue(const char *&buf, int &len)
 
           f = 10;
           while (len > 0 && *buf && isdigit(*buf)) {
-            n += (*buf++ - '0') / static_cast(f);
-            f *= 10;
+            n   += (*buf++ - '0') / static_cast(f);
+            f   *= 10;
             len -= 1;
           }
         }
@@ -2137,13 +2137,13 @@ HTTPInfo::marshal(char *buf, int len)
   marshal_alt->m_writeable     = 0;
   marshal_alt->m_unmarshal_len = -1;
   marshal_alt->m_ext_buffer    = nullptr;
-  buf += HTTP_ALT_MARSHAL_SIZE;
-  used += HTTP_ALT_MARSHAL_SIZE;
+  buf                          += HTTP_ALT_MARSHAL_SIZE;
+  used                         += HTTP_ALT_MARSHAL_SIZE;
 
   if (m_alt->m_frag_offset_count > HTTPCacheAlt::N_INTEGRAL_FRAG_OFFSETS) {
     marshal_alt->m_frag_offsets = static_cast(reinterpret_cast(used));
     memcpy(buf, m_alt->m_frag_offsets, m_alt->m_frag_offset_count * sizeof(FragOffset));
-    buf += m_alt->m_frag_offset_count * sizeof(FragOffset);
+    buf  += m_alt->m_frag_offset_count * sizeof(FragOffset);
     used += m_alt->m_frag_offset_count * sizeof(FragOffset);
   } else {
     marshal_alt->m_frag_offsets = nullptr;
@@ -2156,7 +2156,7 @@ HTTPInfo::marshal(char *buf, int len)
     tmp                               = m_alt->m_request_hdr.m_heap->marshal(buf, len - used);
     marshal_alt->m_request_hdr.m_heap = (HdrHeap *)static_cast(used);
     ink_assert(((intptr_t)marshal_alt->m_request_hdr.m_heap) < len);
-    buf += tmp;
+    buf  += tmp;
     used += tmp;
   } else {
     marshal_alt->m_request_hdr.m_heap = nullptr;
@@ -2204,7 +2204,7 @@ HTTPInfo::unmarshal(char *buf, int len, RefCountObj *block_ref)
 
   if (alt->m_frag_offset_count > HTTPCacheAlt::N_INTEGRAL_FRAG_OFFSETS) {
     alt->m_frag_offsets = reinterpret_cast(buf + reinterpret_cast(alt->m_frag_offsets));
-    len -= sizeof(FragOffset) * alt->m_frag_offset_count;
+    len                 -= sizeof(FragOffset) * alt->m_frag_offset_count;
     ink_assert(len >= 0);
   } else if (alt->m_frag_offset_count > 0) {
     alt->m_frag_offsets = alt->m_integral_frag_offsets;
@@ -2221,7 +2221,7 @@ HTTPInfo::unmarshal(char *buf, int len, RefCountObj *block_ref)
       ink_assert(!"HTTPInfo::request unmarshal failed");
       return -1;
     }
-    len -= tmp;
+    len                                    -= tmp;
     alt->m_request_hdr.m_heap              = heap;
     alt->m_request_hdr.m_http              = hh;
     alt->m_request_hdr.m_mime              = hh->m_fields_impl;
@@ -2302,7 +2302,7 @@ HTTPInfo::unmarshal_v24_1(char *buf, int len, RefCountObj *block_ref)
       ink_assert(!"HTTPInfo::request unmarshal failed");
       return -1;
     }
-    len -= tmp;
+    len                                    -= tmp;
     alt->m_request_hdr.m_heap              = heap;
     alt->m_request_hdr.m_http              = hh;
     alt->m_request_hdr.m_mime              = hh->m_fields_impl;
diff --git a/proxy/hdrs/HTTP.h b/proxy/hdrs/HTTP.h
index 4ba3bdbfce2..53449ea8933 100644
--- a/proxy/hdrs/HTTP.h
+++ b/proxy/hdrs/HTTP.h
@@ -673,7 +673,7 @@ class HTTPHdr : public MIMEHdr
   static Arena *const USE_HDR_HEAP_MAGIC;
 
   // No gratuitous copies!
-  HTTPHdr(const HTTPHdr &m) = delete;
+  HTTPHdr(const HTTPHdr &m)            = delete;
   HTTPHdr &operator=(const HTTPHdr &m) = delete;
 
 private:
diff --git a/proxy/hdrs/HdrHeap.cc b/proxy/hdrs/HdrHeap.cc
index 59139c311a0..060aadf76af 100644
--- a/proxy/hdrs/HdrHeap.cc
+++ b/proxy/hdrs/HdrHeap.cc
@@ -195,9 +195,9 @@ HdrHeap::allocate_obj(int nbytes, int type)
 
   while (true) {
     if (static_cast(nbytes) <= (h->m_free_size)) {
-      new_space = h->m_free_start;
+      new_space       = h->m_free_start;
       h->m_free_start += nbytes;
-      h->m_free_size -= nbytes;
+      h->m_free_size  -= nbytes;
 
       obj = reinterpret_cast(new_space);
       obj_init_header(obj, type, nbytes, 0);
@@ -564,7 +564,7 @@ HdrHeap::marshal_length()
 
   while (h) {
     len += static_cast(h->m_free_start - h->m_data_start);
-    h = h->m_next;
+    h   = h->m_next;
   }
 
   // Since when we unmarshal, we won't have a writable string
@@ -592,8 +592,8 @@ compute_checksum(void *buf, int len)
 
   while (len > 4) {
     cksum += *((uint32_t *)buf);
-    buf = ((char *)buf) + 4;
-    len -= 4;
+    buf   = ((char *)buf) + 4;
+    len   -= 4;
   }
 
   if (len > 0) {
@@ -667,8 +667,8 @@ HdrHeap::marshal(char *buf, int len)
     ptr_xlation[ptr_heaps].offset = unmarshal_hdr->m_data_start - (b - buf);
 
     ptr_heap_size += copy_size;
-    b += copy_size;
-    len -= copy_size;
+    b             += copy_size;
+    len           -= copy_size;
     ptr_heaps++;
 
     unmarshal_hdr = unmarshal_hdr->m_next;
@@ -719,8 +719,8 @@ HdrHeap::marshal(char *buf, int len)
     str_xlation[str_heaps].end    = copy_start + nto_copy;
     str_xlation[str_heaps].offset = copy_start - (b - buf);
 
-    b += nto_copy;
-    len -= nto_copy;
+    b        += nto_copy;
+    len      -= nto_copy;
     str_size += nto_copy;
     str_heaps++;
   }
@@ -741,8 +741,8 @@ HdrHeap::marshal(char *buf, int len)
       ink_assert(str_xlation[str_heaps].start <= str_xlation[str_heaps].end);
 
       str_heaps++;
-      b += i.m_heap_len;
-      len -= i.m_heap_len;
+      b        += i.m_heap_len;
+      len      -= i.m_heap_len;
       str_size += i.m_heap_len;
     }
   }
@@ -1139,7 +1139,7 @@ HdrHeap::total_used_size() const
 
   while (h) {
     size += (h->m_free_start - h->m_data_start);
-    h = h->m_next;
+    h    = h->m_next;
   }
 
   return size;
@@ -1170,9 +1170,9 @@ HdrStrHeap::allocate(int nbytes)
   char *new_space;
 
   if (m_free_size >= static_cast(nbytes)) {
-    new_space = m_free_start;
+    new_space    = m_free_start;
     m_free_start += nbytes;
-    m_free_size -= nbytes;
+    m_free_size  -= nbytes;
     return new_space;
   } else {
     return nullptr;
@@ -1194,7 +1194,7 @@ HdrStrHeap::expand(char *ptr, int old_size, int new_size)
 
   if (ptr + old_size == m_free_start && expand_size <= m_free_size) {
     m_free_start += expand_size;
-    m_free_size -= expand_size;
+    m_free_size  -= expand_size;
     return ptr;
   } else {
     return nullptr;
diff --git a/proxy/hdrs/HdrHeap.h b/proxy/hdrs/HdrHeap.h
index 6422aa57a6e..8785265615d 100644
--- a/proxy/hdrs/HdrHeap.h
+++ b/proxy/hdrs/HdrHeap.h
@@ -66,8 +66,8 @@ enum {
 };
 
 struct HdrHeapObjImpl {
-  uint32_t m_type : 8;
-  uint32_t m_length : 20;
+  uint32_t m_type      : 8;
+  uint32_t m_length    : 20;
   uint32_t m_obj_flags : 4;
 };
 
@@ -472,7 +472,7 @@ struct HdrHeapSDKHandle {
 
   // In order to prevent gratitous refcounting,
   //  automatic C++ copies are disabled!
-  HdrHeapSDKHandle(const HdrHeapSDKHandle &r) = delete;
+  HdrHeapSDKHandle(const HdrHeapSDKHandle &r)            = delete;
   HdrHeapSDKHandle &operator=(const HdrHeapSDKHandle &r) = delete;
 };
 
diff --git a/proxy/hdrs/HdrToken.cc b/proxy/hdrs/HdrToken.cc
index fe6abf6ada7..1c8682a2552 100644
--- a/proxy/hdrs/HdrToken.cc
+++ b/proxy/hdrs/HdrToken.cc
@@ -119,133 +119,136 @@ static const char *_hdrtoken_strs[] = {
   "br"};
 
 static HdrTokenTypeBinding _hdrtoken_strs_type_initializers[] = {
-  {"file", HDRTOKEN_TYPE_SCHEME},
-  {"ftp", HDRTOKEN_TYPE_SCHEME},
-  {"gopher", HDRTOKEN_TYPE_SCHEME},
-  {"http", HDRTOKEN_TYPE_SCHEME},
-  {"https", HDRTOKEN_TYPE_SCHEME},
-  {"mailto", HDRTOKEN_TYPE_SCHEME},
-  {"news", HDRTOKEN_TYPE_SCHEME},
-  {"nntp", HDRTOKEN_TYPE_SCHEME},
-  {"prospero", HDRTOKEN_TYPE_SCHEME},
-  {"telnet", HDRTOKEN_TYPE_SCHEME},
-  {"tunnel", HDRTOKEN_TYPE_SCHEME},
-  {"wais", HDRTOKEN_TYPE_SCHEME},
-  {"pnm", HDRTOKEN_TYPE_SCHEME},
-  {"rtsp", HDRTOKEN_TYPE_SCHEME},
-  {"rtspu", HDRTOKEN_TYPE_SCHEME},
-  {"mms", HDRTOKEN_TYPE_SCHEME},
-  {"mmsu", HDRTOKEN_TYPE_SCHEME},
-  {"mmst", HDRTOKEN_TYPE_SCHEME},
-  {"wss", HDRTOKEN_TYPE_SCHEME},
-  {"ws", HDRTOKEN_TYPE_SCHEME},
-
-  {"CONNECT", HDRTOKEN_TYPE_METHOD},
-  {"DELETE", HDRTOKEN_TYPE_METHOD},
-  {"GET", HDRTOKEN_TYPE_METHOD},
-  {"HEAD", HDRTOKEN_TYPE_METHOD},
-  {"OPTIONS", HDRTOKEN_TYPE_METHOD},
-  {"POST", HDRTOKEN_TYPE_METHOD},
-  {"PURGE", HDRTOKEN_TYPE_METHOD},
-  {"PUT", HDRTOKEN_TYPE_METHOD},
-  {"TRACE", HDRTOKEN_TYPE_METHOD},
-  {"PUSH", HDRTOKEN_TYPE_METHOD},
-
-  {"max-age", HDRTOKEN_TYPE_CACHE_CONTROL},
-  {"max-stale", HDRTOKEN_TYPE_CACHE_CONTROL},
-  {"min-fresh", HDRTOKEN_TYPE_CACHE_CONTROL},
-  {"must-revalidate", HDRTOKEN_TYPE_CACHE_CONTROL},
-  {"no-cache", HDRTOKEN_TYPE_CACHE_CONTROL},
-  {"no-store", HDRTOKEN_TYPE_CACHE_CONTROL},
-  {"no-transform", HDRTOKEN_TYPE_CACHE_CONTROL},
-  {"only-if-cached", HDRTOKEN_TYPE_CACHE_CONTROL},
-  {"private", HDRTOKEN_TYPE_CACHE_CONTROL},
-  {"proxy-revalidate", HDRTOKEN_TYPE_CACHE_CONTROL},
-  {"public", HDRTOKEN_TYPE_CACHE_CONTROL},
-  {"s-maxage", HDRTOKEN_TYPE_CACHE_CONTROL},
-  {"need-revalidate-once", HDRTOKEN_TYPE_CACHE_CONTROL},
-
-  {(char *)nullptr, static_cast(0)},
+  {"file",                 HDRTOKEN_TYPE_SCHEME        },
+  {"ftp",                  HDRTOKEN_TYPE_SCHEME        },
+  {"gopher",               HDRTOKEN_TYPE_SCHEME        },
+  {"http",                 HDRTOKEN_TYPE_SCHEME        },
+  {"https",                HDRTOKEN_TYPE_SCHEME        },
+  {"mailto",               HDRTOKEN_TYPE_SCHEME        },
+  {"news",                 HDRTOKEN_TYPE_SCHEME        },
+  {"nntp",                 HDRTOKEN_TYPE_SCHEME        },
+  {"prospero",             HDRTOKEN_TYPE_SCHEME        },
+  {"telnet",               HDRTOKEN_TYPE_SCHEME        },
+  {"tunnel",               HDRTOKEN_TYPE_SCHEME        },
+  {"wais",                 HDRTOKEN_TYPE_SCHEME        },
+  {"pnm",                  HDRTOKEN_TYPE_SCHEME        },
+  {"rtsp",                 HDRTOKEN_TYPE_SCHEME        },
+  {"rtspu",                HDRTOKEN_TYPE_SCHEME        },
+  {"mms",                  HDRTOKEN_TYPE_SCHEME        },
+  {"mmsu",                 HDRTOKEN_TYPE_SCHEME        },
+  {"mmst",                 HDRTOKEN_TYPE_SCHEME        },
+  {"wss",                  HDRTOKEN_TYPE_SCHEME        },
+  {"ws",                   HDRTOKEN_TYPE_SCHEME        },
+
+  {"CONNECT",              HDRTOKEN_TYPE_METHOD        },
+  {"DELETE",               HDRTOKEN_TYPE_METHOD        },
+  {"GET",                  HDRTOKEN_TYPE_METHOD        },
+  {"HEAD",                 HDRTOKEN_TYPE_METHOD        },
+  {"OPTIONS",              HDRTOKEN_TYPE_METHOD        },
+  {"POST",                 HDRTOKEN_TYPE_METHOD        },
+  {"PURGE",                HDRTOKEN_TYPE_METHOD        },
+  {"PUT",                  HDRTOKEN_TYPE_METHOD        },
+  {"TRACE",                HDRTOKEN_TYPE_METHOD        },
+  {"PUSH",                 HDRTOKEN_TYPE_METHOD        },
+
+  {"max-age",              HDRTOKEN_TYPE_CACHE_CONTROL },
+  {"max-stale",            HDRTOKEN_TYPE_CACHE_CONTROL },
+  {"min-fresh",            HDRTOKEN_TYPE_CACHE_CONTROL },
+  {"must-revalidate",      HDRTOKEN_TYPE_CACHE_CONTROL },
+  {"no-cache",             HDRTOKEN_TYPE_CACHE_CONTROL },
+  {"no-store",             HDRTOKEN_TYPE_CACHE_CONTROL },
+  {"no-transform",         HDRTOKEN_TYPE_CACHE_CONTROL },
+  {"only-if-cached",       HDRTOKEN_TYPE_CACHE_CONTROL },
+  {"private",              HDRTOKEN_TYPE_CACHE_CONTROL },
+  {"proxy-revalidate",     HDRTOKEN_TYPE_CACHE_CONTROL },
+  {"public",               HDRTOKEN_TYPE_CACHE_CONTROL },
+  {"s-maxage",             HDRTOKEN_TYPE_CACHE_CONTROL },
+  {"need-revalidate-once", HDRTOKEN_TYPE_CACHE_CONTROL },
+
+  {(char *)nullptr,        static_cast(0)},
 };
 
 static HdrTokenFieldInfo _hdrtoken_strs_field_initializers[] = {
-  {"Accept", MIME_SLOTID_ACCEPT, MIME_PRESENCE_ACCEPT, (HTIF_COMMAS | HTIF_MULTVALS)},
-  {"Accept-Charset", MIME_SLOTID_ACCEPT_CHARSET, MIME_PRESENCE_ACCEPT_CHARSET, (HTIF_COMMAS | HTIF_MULTVALS)},
-  {"Accept-Encoding", MIME_SLOTID_ACCEPT_ENCODING, MIME_PRESENCE_ACCEPT_ENCODING, (HTIF_COMMAS | HTIF_MULTVALS)},
-  {"Accept-Language", MIME_SLOTID_ACCEPT_LANGUAGE, MIME_PRESENCE_ACCEPT_LANGUAGE, (HTIF_COMMAS | HTIF_MULTVALS)},
-  {"Accept-Ranges", MIME_SLOTID_NONE, MIME_PRESENCE_ACCEPT_RANGES, (HTIF_COMMAS | HTIF_MULTVALS)},
-  {"Age", MIME_SLOTID_AGE, MIME_PRESENCE_AGE, HTIF_NONE},
-  {"Allow", MIME_SLOTID_NONE, MIME_PRESENCE_ALLOW, (HTIF_COMMAS | HTIF_MULTVALS)},
-  {"Approved", MIME_SLOTID_NONE, MIME_PRESENCE_NONE, HTIF_NONE},
-  {"Authorization", MIME_SLOTID_AUTHORIZATION, MIME_PRESENCE_AUTHORIZATION, HTIF_NONE},
-  {"Bytes", MIME_SLOTID_NONE, MIME_PRESENCE_BYTES, HTIF_NONE},
-  {"Cache-Control", MIME_SLOTID_CACHE_CONTROL, MIME_PRESENCE_CACHE_CONTROL, (HTIF_COMMAS | HTIF_MULTVALS)},
-  {"Client-ip", MIME_SLOTID_CLIENT_IP, MIME_PRESENCE_CLIENT_IP, HTIF_NONE},
-  {"Connection", MIME_SLOTID_CONNECTION, MIME_PRESENCE_CONNECTION, (HTIF_COMMAS | HTIF_MULTVALS | HTIF_HOPBYHOP)},
-  {"Content-Base", MIME_SLOTID_NONE, MIME_PRESENCE_NONE, HTIF_NONE},
-  {"Content-Encoding", MIME_SLOTID_CONTENT_ENCODING, MIME_PRESENCE_CONTENT_ENCODING, (HTIF_COMMAS | HTIF_MULTVALS)},
-  {"Content-Language", MIME_SLOTID_CONTENT_LANGUAGE, MIME_PRESENCE_CONTENT_LANGUAGE, (HTIF_COMMAS | HTIF_MULTVALS)},
-  {"Content-Length", MIME_SLOTID_CONTENT_LENGTH, MIME_PRESENCE_CONTENT_LENGTH, HTIF_NONE},
-  {"Content-Location", MIME_SLOTID_NONE, MIME_PRESENCE_CONTENT_LOCATION, HTIF_NONE},
-  {"Content-MD5", MIME_SLOTID_NONE, MIME_PRESENCE_CONTENT_MD5, HTIF_NONE},
-  {"Content-Range", MIME_SLOTID_NONE, MIME_PRESENCE_CONTENT_RANGE, HTIF_NONE},
-  {"Content-Type", MIME_SLOTID_CONTENT_TYPE, MIME_PRESENCE_CONTENT_TYPE, HTIF_NONE},
-  {"Control", MIME_SLOTID_NONE, MIME_PRESENCE_NONE, HTIF_NONE},
-  {"Cookie", MIME_SLOTID_COOKIE, MIME_PRESENCE_COOKIE, (HTIF_MULTVALS)},
-  {"Date", MIME_SLOTID_DATE, MIME_PRESENCE_DATE, HTIF_NONE},
-  {"Distribution", MIME_SLOTID_NONE, MIME_PRESENCE_NONE, HTIF_NONE},
-  {"Etag", MIME_SLOTID_NONE, MIME_PRESENCE_ETAG, HTIF_NONE},
-  {"Expires", MIME_SLOTID_EXPIRES, MIME_PRESENCE_EXPIRES, HTIF_NONE},
-  {"Followup-To", MIME_SLOTID_NONE, MIME_PRESENCE_NONE, HTIF_NONE},
-  {"From", MIME_SLOTID_NONE, MIME_PRESENCE_FROM, HTIF_NONE},
-  {"Host", MIME_SLOTID_NONE, MIME_PRESENCE_HOST, HTIF_NONE},
-  {"If-Match", MIME_SLOTID_IF_MATCH, MIME_PRESENCE_IF_MATCH, (HTIF_COMMAS | HTIF_MULTVALS)},
-  {"If-Modified-Since", MIME_SLOTID_IF_MODIFIED_SINCE, MIME_PRESENCE_IF_MODIFIED_SINCE, HTIF_NONE},
-  {"If-None-Match", MIME_SLOTID_IF_NONE_MATCH, MIME_PRESENCE_IF_NONE_MATCH, (HTIF_COMMAS | HTIF_MULTVALS)},
-  {"If-Range", MIME_SLOTID_IF_RANGE, MIME_PRESENCE_IF_RANGE, HTIF_NONE},
-  {"If-Unmodified-Since", MIME_SLOTID_IF_UNMODIFIED_SINCE, MIME_PRESENCE_IF_UNMODIFIED_SINCE, HTIF_NONE},
-  {"Keep-Alive", MIME_SLOTID_NONE, MIME_PRESENCE_KEEP_ALIVE, (HTIF_HOPBYHOP)},
-  {"Keywords", MIME_SLOTID_NONE, MIME_PRESENCE_KEYWORDS, HTIF_NONE},
-  {"Last-Modified", MIME_SLOTID_LAST_MODIFIED, MIME_PRESENCE_LAST_MODIFIED, HTIF_NONE},
-  {"Lines", MIME_SLOTID_NONE, MIME_PRESENCE_LINES, HTIF_NONE},
-  {"Location", MIME_SLOTID_NONE, MIME_PRESENCE_LOCATION, (HTIF_MULTVALS)},
-  {"Max-Forwards", MIME_SLOTID_NONE, MIME_PRESENCE_MAX_FORWARDS, HTIF_NONE},
-  {"Message-ID", MIME_SLOTID_NONE, MIME_PRESENCE_NONE, HTIF_NONE},
-  {"Newsgroups", MIME_SLOTID_NONE, MIME_PRESENCE_NONE, HTIF_NONE},
-  {"Organization", MIME_SLOTID_NONE, MIME_PRESENCE_NONE, HTIF_NONE},
-  {"Path", MIME_SLOTID_NONE, MIME_PRESENCE_PATH, HTIF_NONE},
-  {"Pragma", MIME_SLOTID_PRAGMA, MIME_PRESENCE_PRAGMA, (HTIF_COMMAS | HTIF_MULTVALS)},
-  {"Proxy-Authenticate", MIME_SLOTID_NONE, MIME_PRESENCE_PROXY_AUTHENTICATE, (HTIF_HOPBYHOP | HTIF_PROXYAUTH)},
-  {"Proxy-Authorization", MIME_SLOTID_NONE, MIME_PRESENCE_PROXY_AUTHORIZATION, (HTIF_HOPBYHOP | HTIF_PROXYAUTH)},
-  {"Proxy-Connection", MIME_SLOTID_PROXY_CONNECTION, MIME_PRESENCE_PROXY_CONNECTION, (HTIF_COMMAS | HTIF_MULTVALS | HTIF_HOPBYHOP)},
-  {"Public", MIME_SLOTID_NONE, MIME_PRESENCE_PUBLIC, (HTIF_COMMAS | HTIF_MULTVALS)},
-  {"Range", MIME_SLOTID_RANGE, MIME_PRESENCE_RANGE, (HTIF_COMMAS | HTIF_MULTVALS)},
-  {"References", MIME_SLOTID_NONE, MIME_PRESENCE_NONE, HTIF_NONE},
-  {"Referer", MIME_SLOTID_NONE, MIME_PRESENCE_REFERER, HTIF_NONE},
-  {"Reply-To", MIME_SLOTID_NONE, MIME_PRESENCE_NONE, HTIF_NONE},
-  {"Retry-After", MIME_SLOTID_NONE, MIME_PRESENCE_NONE, HTIF_NONE},
-  {"Sender", MIME_SLOTID_NONE, MIME_PRESENCE_NONE, HTIF_NONE},
-  {"Server", MIME_SLOTID_NONE, MIME_PRESENCE_SERVER, HTIF_NONE},
-  {"Set-Cookie", MIME_SLOTID_SET_COOKIE, MIME_PRESENCE_SET_COOKIE, (HTIF_MULTVALS)},
-  {"Strict-Transport-Security", MIME_SLOTID_NONE, MIME_PRESENCE_NONE, (HTIF_MULTVALS)},
-  {"Subject", MIME_SLOTID_NONE, MIME_PRESENCE_SUBJECT, HTIF_NONE},
-  {"Summary", MIME_SLOTID_NONE, MIME_PRESENCE_SUMMARY, HTIF_NONE},
-  {"TE", MIME_SLOTID_TE, MIME_PRESENCE_TE, (HTIF_COMMAS | HTIF_MULTVALS | HTIF_HOPBYHOP)},
-  {"Transfer-Encoding", MIME_SLOTID_TRANSFER_ENCODING, MIME_PRESENCE_TRANSFER_ENCODING,
-   (HTIF_COMMAS | HTIF_MULTVALS | HTIF_HOPBYHOP)},
-  {"Upgrade", MIME_SLOTID_NONE, MIME_PRESENCE_UPGRADE, (HTIF_COMMAS | HTIF_MULTVALS | HTIF_HOPBYHOP)},
-  {"User-Agent", MIME_SLOTID_USER_AGENT, MIME_PRESENCE_USER_AGENT, HTIF_NONE},
-  {"Vary", MIME_SLOTID_VARY, MIME_PRESENCE_VARY, (HTIF_COMMAS | HTIF_MULTVALS)},
-  {"Via", MIME_SLOTID_VIA, MIME_PRESENCE_VIA, (HTIF_COMMAS | HTIF_MULTVALS)},
-  {"Warning", MIME_SLOTID_NONE, MIME_PRESENCE_WARNING, (HTIF_COMMAS | HTIF_MULTVALS)},
-  {"Www-Authenticate", MIME_SLOTID_WWW_AUTHENTICATE, MIME_PRESENCE_WWW_AUTHENTICATE, HTIF_NONE},
-  {"Xref", MIME_SLOTID_NONE, MIME_PRESENCE_XREF, HTIF_NONE},
-  {"X-ID", MIME_SLOTID_NONE, MIME_PRESENCE_NONE, (HTIF_COMMAS | HTIF_MULTVALS | HTIF_HOPBYHOP)},
-  {"X-Forwarded-For", MIME_SLOTID_NONE, MIME_PRESENCE_NONE, (HTIF_COMMAS | HTIF_MULTVALS)},
-  {"Forwarded", MIME_SLOTID_NONE, MIME_PRESENCE_NONE, (HTIF_COMMAS | HTIF_MULTVALS)},
-  {"Sec-WebSocket-Key", MIME_SLOTID_NONE, MIME_PRESENCE_NONE, HTIF_NONE},
-  {"Sec-WebSocket-Version", MIME_SLOTID_NONE, MIME_PRESENCE_NONE, HTIF_NONE},
-  {nullptr, 0, 0, 0},
+  {"Accept",                    MIME_SLOTID_ACCEPT,              MIME_PRESENCE_ACCEPT,              (HTIF_COMMAS | HTIF_MULTVALS)                },
+  {"Accept-Charset",            MIME_SLOTID_ACCEPT_CHARSET,      MIME_PRESENCE_ACCEPT_CHARSET,      (HTIF_COMMAS | HTIF_MULTVALS)                },
+  {"Accept-Encoding",           MIME_SLOTID_ACCEPT_ENCODING,     MIME_PRESENCE_ACCEPT_ENCODING,     (HTIF_COMMAS | HTIF_MULTVALS)                },
+  {"Accept-Language",           MIME_SLOTID_ACCEPT_LANGUAGE,     MIME_PRESENCE_ACCEPT_LANGUAGE,     (HTIF_COMMAS | HTIF_MULTVALS)                },
+  {"Accept-Ranges",             MIME_SLOTID_NONE,                MIME_PRESENCE_ACCEPT_RANGES,       (HTIF_COMMAS | HTIF_MULTVALS)                },
+  {"Age",                       MIME_SLOTID_AGE,                 MIME_PRESENCE_AGE,                 HTIF_NONE                                    },
+  {"Allow",                     MIME_SLOTID_NONE,                MIME_PRESENCE_ALLOW,               (HTIF_COMMAS | HTIF_MULTVALS)                },
+  {"Approved",                  MIME_SLOTID_NONE,                MIME_PRESENCE_NONE,                HTIF_NONE                                    },
+  {"Authorization",             MIME_SLOTID_AUTHORIZATION,       MIME_PRESENCE_AUTHORIZATION,       HTIF_NONE                                    },
+  {"Bytes",                     MIME_SLOTID_NONE,                MIME_PRESENCE_BYTES,               HTIF_NONE                                    },
+  {"Cache-Control",             MIME_SLOTID_CACHE_CONTROL,       MIME_PRESENCE_CACHE_CONTROL,       (HTIF_COMMAS | HTIF_MULTVALS)                },
+  {"Client-ip",                 MIME_SLOTID_CLIENT_IP,           MIME_PRESENCE_CLIENT_IP,           HTIF_NONE                                    },
+  {"Connection",                MIME_SLOTID_CONNECTION,          MIME_PRESENCE_CONNECTION,          (HTIF_COMMAS | HTIF_MULTVALS | HTIF_HOPBYHOP)},
+  {"Content-Base",              MIME_SLOTID_NONE,                MIME_PRESENCE_NONE,                HTIF_NONE                                    },
+  {"Content-Encoding",          MIME_SLOTID_CONTENT_ENCODING,    MIME_PRESENCE_CONTENT_ENCODING,    (HTIF_COMMAS | HTIF_MULTVALS)                },
+  {"Content-Language",          MIME_SLOTID_CONTENT_LANGUAGE,    MIME_PRESENCE_CONTENT_LANGUAGE,    (HTIF_COMMAS | HTIF_MULTVALS)                },
+  {"Content-Length",            MIME_SLOTID_CONTENT_LENGTH,      MIME_PRESENCE_CONTENT_LENGTH,      HTIF_NONE                                    },
+  {"Content-Location",          MIME_SLOTID_NONE,                MIME_PRESENCE_CONTENT_LOCATION,    HTIF_NONE                                    },
+  {"Content-MD5",               MIME_SLOTID_NONE,                MIME_PRESENCE_CONTENT_MD5,         HTIF_NONE                                    },
+  {"Content-Range",             MIME_SLOTID_NONE,                MIME_PRESENCE_CONTENT_RANGE,       HTIF_NONE                                    },
+  {"Content-Type",              MIME_SLOTID_CONTENT_TYPE,        MIME_PRESENCE_CONTENT_TYPE,        HTIF_NONE                                    },
+  {"Control",                   MIME_SLOTID_NONE,                MIME_PRESENCE_NONE,                HTIF_NONE                                    },
+  {"Cookie",                    MIME_SLOTID_COOKIE,              MIME_PRESENCE_COOKIE,              (HTIF_MULTVALS)                              },
+  {"Date",                      MIME_SLOTID_DATE,                MIME_PRESENCE_DATE,                HTIF_NONE                                    },
+  {"Distribution",              MIME_SLOTID_NONE,                MIME_PRESENCE_NONE,                HTIF_NONE                                    },
+  {"Etag",                      MIME_SLOTID_NONE,                MIME_PRESENCE_ETAG,                HTIF_NONE                                    },
+  {"Expires",                   MIME_SLOTID_EXPIRES,             MIME_PRESENCE_EXPIRES,             HTIF_NONE                                    },
+  {"Followup-To",               MIME_SLOTID_NONE,                MIME_PRESENCE_NONE,                HTIF_NONE                                    },
+  {"From",                      MIME_SLOTID_NONE,                MIME_PRESENCE_FROM,                HTIF_NONE                                    },
+  {"Host",                      MIME_SLOTID_NONE,                MIME_PRESENCE_HOST,                HTIF_NONE                                    },
+  {"If-Match",                  MIME_SLOTID_IF_MATCH,            MIME_PRESENCE_IF_MATCH,            (HTIF_COMMAS | HTIF_MULTVALS)                },
+  {"If-Modified-Since",         MIME_SLOTID_IF_MODIFIED_SINCE,   MIME_PRESENCE_IF_MODIFIED_SINCE,   HTIF_NONE                                    },
+  {"If-None-Match",             MIME_SLOTID_IF_NONE_MATCH,       MIME_PRESENCE_IF_NONE_MATCH,       (HTIF_COMMAS | HTIF_MULTVALS)                },
+  {"If-Range",                  MIME_SLOTID_IF_RANGE,            MIME_PRESENCE_IF_RANGE,            HTIF_NONE                                    },
+  {"If-Unmodified-Since",       MIME_SLOTID_IF_UNMODIFIED_SINCE, MIME_PRESENCE_IF_UNMODIFIED_SINCE, HTIF_NONE                                    },
+  {"Keep-Alive",                MIME_SLOTID_NONE,                MIME_PRESENCE_KEEP_ALIVE,          (HTIF_HOPBYHOP)                              },
+  {"Keywords",                  MIME_SLOTID_NONE,                MIME_PRESENCE_KEYWORDS,            HTIF_NONE                                    },
+  {"Last-Modified",             MIME_SLOTID_LAST_MODIFIED,       MIME_PRESENCE_LAST_MODIFIED,       HTIF_NONE                                    },
+  {"Lines",                     MIME_SLOTID_NONE,                MIME_PRESENCE_LINES,               HTIF_NONE                                    },
+  {"Location",                  MIME_SLOTID_NONE,                MIME_PRESENCE_LOCATION,            (HTIF_MULTVALS)                              },
+  {"Max-Forwards",              MIME_SLOTID_NONE,                MIME_PRESENCE_MAX_FORWARDS,        HTIF_NONE                                    },
+  {"Message-ID",                MIME_SLOTID_NONE,                MIME_PRESENCE_NONE,                HTIF_NONE                                    },
+  {"Newsgroups",                MIME_SLOTID_NONE,                MIME_PRESENCE_NONE,                HTIF_NONE                                    },
+  {"Organization",              MIME_SLOTID_NONE,                MIME_PRESENCE_NONE,                HTIF_NONE                                    },
+  {"Path",                      MIME_SLOTID_NONE,                MIME_PRESENCE_PATH,                HTIF_NONE                                    },
+  {"Pragma",                    MIME_SLOTID_PRAGMA,              MIME_PRESENCE_PRAGMA,              (HTIF_COMMAS | HTIF_MULTVALS)                },
+  {"Proxy-Authenticate",        MIME_SLOTID_NONE,                MIME_PRESENCE_PROXY_AUTHENTICATE,  (HTIF_HOPBYHOP | HTIF_PROXYAUTH)             },
+  {"Proxy-Authorization",       MIME_SLOTID_NONE,                MIME_PRESENCE_PROXY_AUTHORIZATION, (HTIF_HOPBYHOP | HTIF_PROXYAUTH)             },
+  {"Proxy-Connection",          MIME_SLOTID_PROXY_CONNECTION,    MIME_PRESENCE_PROXY_CONNECTION,    (HTIF_COMMAS | HTIF_MULTVALS | HTIF_HOPBYHOP)},
+  {"Public",                    MIME_SLOTID_NONE,                MIME_PRESENCE_PUBLIC,              (HTIF_COMMAS | HTIF_MULTVALS)                },
+  {"Range",                     MIME_SLOTID_RANGE,               MIME_PRESENCE_RANGE,               (HTIF_COMMAS | HTIF_MULTVALS)                },
+  {"References",                MIME_SLOTID_NONE,                MIME_PRESENCE_NONE,                HTIF_NONE                                    },
+  {"Referer",                   MIME_SLOTID_NONE,                MIME_PRESENCE_REFERER,             HTIF_NONE                                    },
+  {"Reply-To",                  MIME_SLOTID_NONE,                MIME_PRESENCE_NONE,                HTIF_NONE                                    },
+  {"Retry-After",               MIME_SLOTID_NONE,                MIME_PRESENCE_NONE,                HTIF_NONE                                    },
+  {"Sender",                    MIME_SLOTID_NONE,                MIME_PRESENCE_NONE,                HTIF_NONE                                    },
+  {"Server",                    MIME_SLOTID_NONE,                MIME_PRESENCE_SERVER,              HTIF_NONE                                    },
+  {"Set-Cookie",                MIME_SLOTID_SET_COOKIE,          MIME_PRESENCE_SET_COOKIE,          (HTIF_MULTVALS)                              },
+  {"Strict-Transport-Security", MIME_SLOTID_NONE,                MIME_PRESENCE_NONE,                (HTIF_MULTVALS)                              },
+  {"Subject",                   MIME_SLOTID_NONE,                MIME_PRESENCE_SUBJECT,             HTIF_NONE                                    },
+  {"Summary",                   MIME_SLOTID_NONE,                MIME_PRESENCE_SUMMARY,             HTIF_NONE                                    },
+ // TODO: In the past we have observed issues with having hop-by-hop in here
+  // for gRPC. We plan to work on gRPC in a future. We should experiment with
+  // this and verify that it works as expected.
+  {"TE",                        MIME_SLOTID_TE,                  MIME_PRESENCE_TE,                  (HTIF_COMMAS | HTIF_MULTVALS | HTIF_HOPBYHOP)},
+  {"Transfer-Encoding",         MIME_SLOTID_TRANSFER_ENCODING,   MIME_PRESENCE_TRANSFER_ENCODING,
+   (HTIF_COMMAS | HTIF_MULTVALS | HTIF_HOPBYHOP)                                                                                                 },
+  {"Upgrade",                   MIME_SLOTID_NONE,                MIME_PRESENCE_UPGRADE,             (HTIF_COMMAS | HTIF_MULTVALS | HTIF_HOPBYHOP)},
+  {"User-Agent",                MIME_SLOTID_USER_AGENT,          MIME_PRESENCE_USER_AGENT,          HTIF_NONE                                    },
+  {"Vary",                      MIME_SLOTID_VARY,                MIME_PRESENCE_VARY,                (HTIF_COMMAS | HTIF_MULTVALS)                },
+  {"Via",                       MIME_SLOTID_VIA,                 MIME_PRESENCE_VIA,                 (HTIF_COMMAS | HTIF_MULTVALS)                },
+  {"Warning",                   MIME_SLOTID_NONE,                MIME_PRESENCE_WARNING,             (HTIF_COMMAS | HTIF_MULTVALS)                },
+  {"Www-Authenticate",          MIME_SLOTID_WWW_AUTHENTICATE,    MIME_PRESENCE_WWW_AUTHENTICATE,    HTIF_NONE                                    },
+  {"Xref",                      MIME_SLOTID_NONE,                MIME_PRESENCE_XREF,                HTIF_NONE                                    },
+  {"X-ID",                      MIME_SLOTID_NONE,                MIME_PRESENCE_NONE,                (HTIF_COMMAS | HTIF_MULTVALS | HTIF_HOPBYHOP)},
+  {"X-Forwarded-For",           MIME_SLOTID_NONE,                MIME_PRESENCE_NONE,                (HTIF_COMMAS | HTIF_MULTVALS)                },
+  {"Forwarded",                 MIME_SLOTID_NONE,                MIME_PRESENCE_NONE,                (HTIF_COMMAS | HTIF_MULTVALS)                },
+  {"Sec-WebSocket-Key",         MIME_SLOTID_NONE,                MIME_PRESENCE_NONE,                HTIF_NONE                                    },
+  {"Sec-WebSocket-Version",     MIME_SLOTID_NONE,                MIME_PRESENCE_NONE,                HTIF_NONE                                    },
+  {nullptr,                     0,                               0,                                 0                                            },
 };
 
 const char *_hdrtoken_strs_heap_f = nullptr; // storage first byte
@@ -454,7 +457,7 @@ hdrtoken_init()
       hdrtoken_str_lengths[i]   = static_cast(strlen(_hdrtoken_strs[i]));
       int sstr_len              = snap_up_to_multiple(hdrtoken_str_lengths[i] + 1, sizeof(HdrTokenHeapPrefix));
       int packed_prefix_str_len = sizeof(HdrTokenHeapPrefix) + sstr_len;
-      heap_size += packed_prefix_str_len;
+      heap_size                 += packed_prefix_str_len;
     }
 
     _hdrtoken_strs_heap_f = static_cast(ats_malloc(heap_size));
@@ -477,13 +480,13 @@ hdrtoken_init()
 
       int sstr_len = snap_up_to_multiple(hdrtoken_str_lengths[i] + 1, sizeof(HdrTokenHeapPrefix));
 
-      *reinterpret_cast(heap_ptr) = prefix; // set string prefix
-      heap_ptr += sizeof(HdrTokenHeapPrefix);                     // advance heap ptr past index
-      hdrtoken_strs[i] = heap_ptr;                                // record string pointer
+      *reinterpret_cast(heap_ptr) = prefix;                      // set string prefix
+      heap_ptr                                          += sizeof(HdrTokenHeapPrefix); // advance heap ptr past index
+      hdrtoken_strs[i]                                  = heap_ptr;                    // record string pointer
       // coverity[secure_coding]
       ink_strlcpy(const_cast(hdrtoken_strs[i]), _hdrtoken_strs[i],
                   heap_size - sizeof(HdrTokenHeapPrefix)); // copy string into heap
-      heap_ptr += sstr_len;                                // advance heap ptr past string
+      heap_ptr  += sstr_len;                               // advance heap ptr past string
       heap_size -= sstr_len;
     }
 
diff --git a/proxy/hdrs/HdrToken.h b/proxy/hdrs/HdrToken.h
index 2532ce4d147..0c2ef0ee33a 100644
--- a/proxy/hdrs/HdrToken.h
+++ b/proxy/hdrs/HdrToken.h
@@ -250,38 +250,38 @@ hdrtoken_wks_to_flags(const char *wks)
 //
 ////////////////////////////////////////////////////////////////////////////
 
-#define MIME_SLOTID_ACCEPT 0
-#define MIME_SLOTID_ACCEPT_CHARSET 1
-#define MIME_SLOTID_ACCEPT_ENCODING 2
-#define MIME_SLOTID_ACCEPT_LANGUAGE 3
-#define MIME_SLOTID_AGE 4
-#define MIME_SLOTID_AUTHORIZATION 5
-#define MIME_SLOTID_CACHE_CONTROL 6
-#define MIME_SLOTID_CLIENT_IP 7
-#define MIME_SLOTID_CONNECTION 8
-#define MIME_SLOTID_CONTENT_ENCODING 9
-#define MIME_SLOTID_CONTENT_LANGUAGE 10
-#define MIME_SLOTID_CONTENT_LENGTH 11
-#define MIME_SLOTID_CONTENT_TYPE 12
-#define MIME_SLOTID_COOKIE 13
-#define MIME_SLOTID_DATE 14
-#define MIME_SLOTID_EXPIRES 15
-#define MIME_SLOTID_IF_MATCH 16
-#define MIME_SLOTID_IF_MODIFIED_SINCE 17
-#define MIME_SLOTID_IF_NONE_MATCH 18
-#define MIME_SLOTID_IF_RANGE 19
+#define MIME_SLOTID_ACCEPT              0
+#define MIME_SLOTID_ACCEPT_CHARSET      1
+#define MIME_SLOTID_ACCEPT_ENCODING     2
+#define MIME_SLOTID_ACCEPT_LANGUAGE     3
+#define MIME_SLOTID_AGE                 4
+#define MIME_SLOTID_AUTHORIZATION       5
+#define MIME_SLOTID_CACHE_CONTROL       6
+#define MIME_SLOTID_CLIENT_IP           7
+#define MIME_SLOTID_CONNECTION          8
+#define MIME_SLOTID_CONTENT_ENCODING    9
+#define MIME_SLOTID_CONTENT_LANGUAGE    10
+#define MIME_SLOTID_CONTENT_LENGTH      11
+#define MIME_SLOTID_CONTENT_TYPE        12
+#define MIME_SLOTID_COOKIE              13
+#define MIME_SLOTID_DATE                14
+#define MIME_SLOTID_EXPIRES             15
+#define MIME_SLOTID_IF_MATCH            16
+#define MIME_SLOTID_IF_MODIFIED_SINCE   17
+#define MIME_SLOTID_IF_NONE_MATCH       18
+#define MIME_SLOTID_IF_RANGE            19
 #define MIME_SLOTID_IF_UNMODIFIED_SINCE 20
-#define MIME_SLOTID_LAST_MODIFIED 21
-#define MIME_SLOTID_PRAGMA 22
-#define MIME_SLOTID_PROXY_CONNECTION 23
-#define MIME_SLOTID_RANGE 24
-#define MIME_SLOTID_SET_COOKIE 25
-#define MIME_SLOTID_TE 26
-#define MIME_SLOTID_TRANSFER_ENCODING 27
-#define MIME_SLOTID_USER_AGENT 28
-#define MIME_SLOTID_VARY 29
-#define MIME_SLOTID_VIA 30
-#define MIME_SLOTID_WWW_AUTHENTICATE 31
+#define MIME_SLOTID_LAST_MODIFIED       21
+#define MIME_SLOTID_PRAGMA              22
+#define MIME_SLOTID_PROXY_CONNECTION    23
+#define MIME_SLOTID_RANGE               24
+#define MIME_SLOTID_SET_COOKIE          25
+#define MIME_SLOTID_TE                  26
+#define MIME_SLOTID_TRANSFER_ENCODING   27
+#define MIME_SLOTID_USER_AGENT          28
+#define MIME_SLOTID_VARY                29
+#define MIME_SLOTID_VIA                 30
+#define MIME_SLOTID_WWW_AUTHENTICATE    31
 
 #define MIME_SLOTID_NONE -1
 
@@ -301,62 +301,62 @@ hdrtoken_wks_to_flags(const char *wks)
 //   life hard
 #define TOK_64_CONST(x) x##LL
 
-#define MIME_PRESENCE_ACCEPT (TOK_64_CONST(1) << 0)
-#define MIME_PRESENCE_ACCEPT_CHARSET (TOK_64_CONST(1) << 1)
-#define MIME_PRESENCE_ACCEPT_ENCODING (TOK_64_CONST(1) << 2)
-#define MIME_PRESENCE_ACCEPT_LANGUAGE (TOK_64_CONST(1) << 3)
-#define MIME_PRESENCE_ACCEPT_RANGES (TOK_64_CONST(1) << 4)
-#define MIME_PRESENCE_AGE (TOK_64_CONST(1) << 5)
-#define MIME_PRESENCE_ALLOW (TOK_64_CONST(1) << 6)
-#define MIME_PRESENCE_AUTHORIZATION (TOK_64_CONST(1) << 7)
-#define MIME_PRESENCE_BYTES (TOK_64_CONST(1) << 8)
-#define MIME_PRESENCE_CACHE_CONTROL (TOK_64_CONST(1) << 9)
-#define MIME_PRESENCE_CLIENT_IP (TOK_64_CONST(1) << 10)
-#define MIME_PRESENCE_CONNECTION (TOK_64_CONST(1) << 11)
-#define MIME_PRESENCE_CONTENT_ENCODING (TOK_64_CONST(1) << 12)
-#define MIME_PRESENCE_CONTENT_LANGUAGE (TOK_64_CONST(1) << 13)
-#define MIME_PRESENCE_CONTENT_LENGTH (TOK_64_CONST(1) << 14)
-#define MIME_PRESENCE_CONTENT_LOCATION (TOK_64_CONST(1) << 15)
-#define MIME_PRESENCE_CONTENT_MD5 (TOK_64_CONST(1) << 16)
-#define MIME_PRESENCE_CONTENT_RANGE (TOK_64_CONST(1) << 17)
-#define MIME_PRESENCE_CONTENT_TYPE (TOK_64_CONST(1) << 18)
-#define MIME_PRESENCE_COOKIE (TOK_64_CONST(1) << 19)
-#define MIME_PRESENCE_DATE (TOK_64_CONST(1) << 20)
-#define MIME_PRESENCE_ETAG (TOK_64_CONST(1) << 21)
-#define MIME_PRESENCE_EXPIRES (TOK_64_CONST(1) << 22)
-#define MIME_PRESENCE_FROM (TOK_64_CONST(1) << 23)
-#define MIME_PRESENCE_HOST (TOK_64_CONST(1) << 24)
-#define MIME_PRESENCE_IF_MATCH (TOK_64_CONST(1) << 25)
-#define MIME_PRESENCE_IF_MODIFIED_SINCE (TOK_64_CONST(1) << 26)
-#define MIME_PRESENCE_IF_NONE_MATCH (TOK_64_CONST(1) << 27)
-#define MIME_PRESENCE_IF_RANGE (TOK_64_CONST(1) << 28)
+#define MIME_PRESENCE_ACCEPT              (TOK_64_CONST(1) << 0)
+#define MIME_PRESENCE_ACCEPT_CHARSET      (TOK_64_CONST(1) << 1)
+#define MIME_PRESENCE_ACCEPT_ENCODING     (TOK_64_CONST(1) << 2)
+#define MIME_PRESENCE_ACCEPT_LANGUAGE     (TOK_64_CONST(1) << 3)
+#define MIME_PRESENCE_ACCEPT_RANGES       (TOK_64_CONST(1) << 4)
+#define MIME_PRESENCE_AGE                 (TOK_64_CONST(1) << 5)
+#define MIME_PRESENCE_ALLOW               (TOK_64_CONST(1) << 6)
+#define MIME_PRESENCE_AUTHORIZATION       (TOK_64_CONST(1) << 7)
+#define MIME_PRESENCE_BYTES               (TOK_64_CONST(1) << 8)
+#define MIME_PRESENCE_CACHE_CONTROL       (TOK_64_CONST(1) << 9)
+#define MIME_PRESENCE_CLIENT_IP           (TOK_64_CONST(1) << 10)
+#define MIME_PRESENCE_CONNECTION          (TOK_64_CONST(1) << 11)
+#define MIME_PRESENCE_CONTENT_ENCODING    (TOK_64_CONST(1) << 12)
+#define MIME_PRESENCE_CONTENT_LANGUAGE    (TOK_64_CONST(1) << 13)
+#define MIME_PRESENCE_CONTENT_LENGTH      (TOK_64_CONST(1) << 14)
+#define MIME_PRESENCE_CONTENT_LOCATION    (TOK_64_CONST(1) << 15)
+#define MIME_PRESENCE_CONTENT_MD5         (TOK_64_CONST(1) << 16)
+#define MIME_PRESENCE_CONTENT_RANGE       (TOK_64_CONST(1) << 17)
+#define MIME_PRESENCE_CONTENT_TYPE        (TOK_64_CONST(1) << 18)
+#define MIME_PRESENCE_COOKIE              (TOK_64_CONST(1) << 19)
+#define MIME_PRESENCE_DATE                (TOK_64_CONST(1) << 20)
+#define MIME_PRESENCE_ETAG                (TOK_64_CONST(1) << 21)
+#define MIME_PRESENCE_EXPIRES             (TOK_64_CONST(1) << 22)
+#define MIME_PRESENCE_FROM                (TOK_64_CONST(1) << 23)
+#define MIME_PRESENCE_HOST                (TOK_64_CONST(1) << 24)
+#define MIME_PRESENCE_IF_MATCH            (TOK_64_CONST(1) << 25)
+#define MIME_PRESENCE_IF_MODIFIED_SINCE   (TOK_64_CONST(1) << 26)
+#define MIME_PRESENCE_IF_NONE_MATCH       (TOK_64_CONST(1) << 27)
+#define MIME_PRESENCE_IF_RANGE            (TOK_64_CONST(1) << 28)
 #define MIME_PRESENCE_IF_UNMODIFIED_SINCE (TOK_64_CONST(1) << 29)
-#define MIME_PRESENCE_KEEP_ALIVE (TOK_64_CONST(1) << 30)
-#define MIME_PRESENCE_KEYWORDS (TOK_64_CONST(1) << 31)
-#define MIME_PRESENCE_LAST_MODIFIED (TOK_64_CONST(1) << 32)
-#define MIME_PRESENCE_LINES (TOK_64_CONST(1) << 33)
-#define MIME_PRESENCE_LOCATION (TOK_64_CONST(1) << 34)
-#define MIME_PRESENCE_MAX_FORWARDS (TOK_64_CONST(1) << 35)
-#define MIME_PRESENCE_PATH (TOK_64_CONST(1) << 36)
-#define MIME_PRESENCE_PRAGMA (TOK_64_CONST(1) << 37)
-#define MIME_PRESENCE_PROXY_AUTHENTICATE (TOK_64_CONST(1) << 38)
+#define MIME_PRESENCE_KEEP_ALIVE          (TOK_64_CONST(1) << 30)
+#define MIME_PRESENCE_KEYWORDS            (TOK_64_CONST(1) << 31)
+#define MIME_PRESENCE_LAST_MODIFIED       (TOK_64_CONST(1) << 32)
+#define MIME_PRESENCE_LINES               (TOK_64_CONST(1) << 33)
+#define MIME_PRESENCE_LOCATION            (TOK_64_CONST(1) << 34)
+#define MIME_PRESENCE_MAX_FORWARDS        (TOK_64_CONST(1) << 35)
+#define MIME_PRESENCE_PATH                (TOK_64_CONST(1) << 36)
+#define MIME_PRESENCE_PRAGMA              (TOK_64_CONST(1) << 37)
+#define MIME_PRESENCE_PROXY_AUTHENTICATE  (TOK_64_CONST(1) << 38)
 #define MIME_PRESENCE_PROXY_AUTHORIZATION (TOK_64_CONST(1) << 39)
-#define MIME_PRESENCE_PROXY_CONNECTION (TOK_64_CONST(1) << 40)
-#define MIME_PRESENCE_PUBLIC (TOK_64_CONST(1) << 41)
-#define MIME_PRESENCE_RANGE (TOK_64_CONST(1) << 42)
-#define MIME_PRESENCE_REFERER (TOK_64_CONST(1) << 43)
-#define MIME_PRESENCE_SERVER (TOK_64_CONST(1) << 44)
-#define MIME_PRESENCE_SET_COOKIE (TOK_64_CONST(1) << 45)
-#define MIME_PRESENCE_SUBJECT (TOK_64_CONST(1) << 46)
-#define MIME_PRESENCE_SUMMARY (TOK_64_CONST(1) << 47)
-#define MIME_PRESENCE_TE (TOK_64_CONST(1) << 48)
-#define MIME_PRESENCE_TRANSFER_ENCODING (TOK_64_CONST(1) << 49)
-#define MIME_PRESENCE_UPGRADE (TOK_64_CONST(1) << 50)
-#define MIME_PRESENCE_USER_AGENT (TOK_64_CONST(1) << 51)
-#define MIME_PRESENCE_VARY (TOK_64_CONST(1) << 52)
-#define MIME_PRESENCE_VIA (TOK_64_CONST(1) << 53)
-#define MIME_PRESENCE_WARNING (TOK_64_CONST(1) << 54)
-#define MIME_PRESENCE_WWW_AUTHENTICATE (TOK_64_CONST(1) << 55)
+#define MIME_PRESENCE_PROXY_CONNECTION    (TOK_64_CONST(1) << 40)
+#define MIME_PRESENCE_PUBLIC              (TOK_64_CONST(1) << 41)
+#define MIME_PRESENCE_RANGE               (TOK_64_CONST(1) << 42)
+#define MIME_PRESENCE_REFERER             (TOK_64_CONST(1) << 43)
+#define MIME_PRESENCE_SERVER              (TOK_64_CONST(1) << 44)
+#define MIME_PRESENCE_SET_COOKIE          (TOK_64_CONST(1) << 45)
+#define MIME_PRESENCE_SUBJECT             (TOK_64_CONST(1) << 46)
+#define MIME_PRESENCE_SUMMARY             (TOK_64_CONST(1) << 47)
+#define MIME_PRESENCE_TE                  (TOK_64_CONST(1) << 48)
+#define MIME_PRESENCE_TRANSFER_ENCODING   (TOK_64_CONST(1) << 49)
+#define MIME_PRESENCE_UPGRADE             (TOK_64_CONST(1) << 50)
+#define MIME_PRESENCE_USER_AGENT          (TOK_64_CONST(1) << 51)
+#define MIME_PRESENCE_VARY                (TOK_64_CONST(1) << 52)
+#define MIME_PRESENCE_VIA                 (TOK_64_CONST(1) << 53)
+#define MIME_PRESENCE_WARNING             (TOK_64_CONST(1) << 54)
+#define MIME_PRESENCE_WWW_AUTHENTICATE    (TOK_64_CONST(1) << 55)
 
 // bits 56-60 were used for a benchmark hack, but are now free to be used
 // for something else
@@ -369,7 +369,7 @@ hdrtoken_wks_to_flags(const char *wks)
 #define MIME_PRESENCE_XREF (TOK_64_CONST(1) << 61)
 
 #define MIME_PRESENCE_NONE TOK_64_CONST(0)
-#define MIME_PRESENCE_ALL ~(TOK_64_CONST(0))
+#define MIME_PRESENCE_ALL  ~(TOK_64_CONST(0))
 
 /*-------------------------------------------------------------------------
   -------------------------------------------------------------------------*/
diff --git a/proxy/hdrs/HuffmanCodec.cc b/proxy/hdrs/HuffmanCodec.cc
index a99e30306c8..520c2e93e92 100644
--- a/proxy/hdrs/HuffmanCodec.cc
+++ b/proxy/hdrs/HuffmanCodec.cc
@@ -32,43 +32,264 @@ struct huffman_entry {
 };
 
 static const huffman_entry huffman_table[] = {
-  {0x1ff8, 13},    {0x7fffd8, 23},   {0xfffffe2, 28}, {0xfffffe3, 28},  {0xfffffe4, 28}, {0xfffffe5, 28}, {0xfffffe6, 28},
-  {0xfffffe7, 28}, {0xfffffe8, 28},  {0xffffea, 24},  {0x3ffffffc, 30}, {0xfffffe9, 28}, {0xfffffea, 28}, {0x3ffffffd, 30},
-  {0xfffffeb, 28}, {0xfffffec, 28},  {0xfffffed, 28}, {0xfffffee, 28},  {0xfffffef, 28}, {0xffffff0, 28}, {0xffffff1, 28},
-  {0xffffff2, 28}, {0x3ffffffe, 30}, {0xffffff3, 28}, {0xffffff4, 28},  {0xffffff5, 28}, {0xffffff6, 28}, {0xffffff7, 28},
-  {0xffffff8, 28}, {0xffffff9, 28},  {0xffffffa, 28}, {0xffffffb, 28},  {0x14, 6},       {0x3f8, 10},     {0x3f9, 10},
-  {0xffa, 12},     {0x1ff9, 13},     {0x15, 6},       {0xf8, 8},        {0x7fa, 11},     {0x3fa, 10},     {0x3fb, 10},
-  {0xf9, 8},       {0x7fb, 11},      {0xfa, 8},       {0x16, 6},        {0x17, 6},       {0x18, 6},       {0x0, 5},
-  {0x1, 5},        {0x2, 5},         {0x19, 6},       {0x1a, 6},        {0x1b, 6},       {0x1c, 6},       {0x1d, 6},
-  {0x1e, 6},       {0x1f, 6},        {0x5c, 7},       {0xfb, 8},        {0x7ffc, 15},    {0x20, 6},       {0xffb, 12},
-  {0x3fc, 10},     {0x1ffa, 13},     {0x21, 6},       {0x5d, 7},        {0x5e, 7},       {0x5f, 7},       {0x60, 7},
-  {0x61, 7},       {0x62, 7},        {0x63, 7},       {0x64, 7},        {0x65, 7},       {0x66, 7},       {0x67, 7},
-  {0x68, 7},       {0x69, 7},        {0x6a, 7},       {0x6b, 7},        {0x6c, 7},       {0x6d, 7},       {0x6e, 7},
-  {0x6f, 7},       {0x70, 7},        {0x71, 7},       {0x72, 7},        {0xfc, 8},       {0x73, 7},       {0xfd, 8},
-  {0x1ffb, 13},    {0x7fff0, 19},    {0x1ffc, 13},    {0x3ffc, 14},     {0x22, 6},       {0x7ffd, 15},    {0x3, 5},
-  {0x23, 6},       {0x4, 5},         {0x24, 6},       {0x5, 5},         {0x25, 6},       {0x26, 6},       {0x27, 6},
-  {0x6, 5},        {0x74, 7},        {0x75, 7},       {0x28, 6},        {0x29, 6},       {0x2a, 6},       {0x7, 5},
-  {0x2b, 6},       {0x76, 7},        {0x2c, 6},       {0x8, 5},         {0x9, 5},        {0x2d, 6},       {0x77, 7},
-  {0x78, 7},       {0x79, 7},        {0x7a, 7},       {0x7b, 7},        {0x7ffe, 15},    {0x7fc, 11},     {0x3ffd, 14},
-  {0x1ffd, 13},    {0xffffffc, 28},  {0xfffe6, 20},   {0x3fffd2, 22},   {0xfffe7, 20},   {0xfffe8, 20},   {0x3fffd3, 22},
-  {0x3fffd4, 22},  {0x3fffd5, 22},   {0x7fffd9, 23},  {0x3fffd6, 22},   {0x7fffda, 23},  {0x7fffdb, 23},  {0x7fffdc, 23},
-  {0x7fffdd, 23},  {0x7fffde, 23},   {0xffffeb, 24},  {0x7fffdf, 23},   {0xffffec, 24},  {0xffffed, 24},  {0x3fffd7, 22},
-  {0x7fffe0, 23},  {0xffffee, 24},   {0x7fffe1, 23},  {0x7fffe2, 23},   {0x7fffe3, 23},  {0x7fffe4, 23},  {0x1fffdc, 21},
-  {0x3fffd8, 22},  {0x7fffe5, 23},   {0x3fffd9, 22},  {0x7fffe6, 23},   {0x7fffe7, 23},  {0xffffef, 24},  {0x3fffda, 22},
-  {0x1fffdd, 21},  {0xfffe9, 20},    {0x3fffdb, 22},  {0x3fffdc, 22},   {0x7fffe8, 23},  {0x7fffe9, 23},  {0x1fffde, 21},
-  {0x7fffea, 23},  {0x3fffdd, 22},   {0x3fffde, 22},  {0xfffff0, 24},   {0x1fffdf, 21},  {0x3fffdf, 22},  {0x7fffeb, 23},
-  {0x7fffec, 23},  {0x1fffe0, 21},   {0x1fffe1, 21},  {0x3fffe0, 22},   {0x1fffe2, 21},  {0x7fffed, 23},  {0x3fffe1, 22},
-  {0x7fffee, 23},  {0x7fffef, 23},   {0xfffea, 20},   {0x3fffe2, 22},   {0x3fffe3, 22},  {0x3fffe4, 22},  {0x7ffff0, 23},
-  {0x3fffe5, 22},  {0x3fffe6, 22},   {0x7ffff1, 23},  {0x3ffffe0, 26},  {0x3ffffe1, 26}, {0xfffeb, 20},   {0x7fff1, 19},
-  {0x3fffe7, 22},  {0x7ffff2, 23},   {0x3fffe8, 22},  {0x1ffffec, 25},  {0x3ffffe2, 26}, {0x3ffffe3, 26}, {0x3ffffe4, 26},
-  {0x7ffffde, 27}, {0x7ffffdf, 27},  {0x3ffffe5, 26}, {0xfffff1, 24},   {0x1ffffed, 25}, {0x7fff2, 19},   {0x1fffe3, 21},
-  {0x3ffffe6, 26}, {0x7ffffe0, 27},  {0x7ffffe1, 27}, {0x3ffffe7, 26},  {0x7ffffe2, 27}, {0xfffff2, 24},  {0x1fffe4, 21},
-  {0x1fffe5, 21},  {0x3ffffe8, 26},  {0x3ffffe9, 26}, {0xffffffd, 28},  {0x7ffffe3, 27}, {0x7ffffe4, 27}, {0x7ffffe5, 27},
-  {0xfffec, 20},   {0xfffff3, 24},   {0xfffed, 20},   {0x1fffe6, 21},   {0x3fffe9, 22},  {0x1fffe7, 21},  {0x1fffe8, 21},
-  {0x7ffff3, 23},  {0x3fffea, 22},   {0x3fffeb, 22},  {0x1ffffee, 25},  {0x1ffffef, 25}, {0xfffff4, 24},  {0xfffff5, 24},
-  {0x3ffffea, 26}, {0x7ffff4, 23},   {0x3ffffeb, 26}, {0x7ffffe6, 27},  {0x3ffffec, 26}, {0x3ffffed, 26}, {0x7ffffe7, 27},
-  {0x7ffffe8, 27}, {0x7ffffe9, 27},  {0x7ffffea, 27}, {0x7ffffeb, 27},  {0xffffffe, 28}, {0x7ffffec, 27}, {0x7ffffed, 27},
-  {0x7ffffee, 27}, {0x7ffffef, 27},  {0x7fffff0, 27}, {0x3ffffee, 26},  {0x3fffffff, 30}};
+  {0x1ff8,     13},
+  {0x7fffd8,   23},
+  {0xfffffe2,  28},
+  {0xfffffe3,  28},
+  {0xfffffe4,  28},
+  {0xfffffe5,  28},
+  {0xfffffe6,  28},
+  {0xfffffe7,  28},
+  {0xfffffe8,  28},
+  {0xffffea,   24},
+  {0x3ffffffc, 30},
+  {0xfffffe9,  28},
+  {0xfffffea,  28},
+  {0x3ffffffd, 30},
+  {0xfffffeb,  28},
+  {0xfffffec,  28},
+  {0xfffffed,  28},
+  {0xfffffee,  28},
+  {0xfffffef,  28},
+  {0xffffff0,  28},
+  {0xffffff1,  28},
+  {0xffffff2,  28},
+  {0x3ffffffe, 30},
+  {0xffffff3,  28},
+  {0xffffff4,  28},
+  {0xffffff5,  28},
+  {0xffffff6,  28},
+  {0xffffff7,  28},
+  {0xffffff8,  28},
+  {0xffffff9,  28},
+  {0xffffffa,  28},
+  {0xffffffb,  28},
+  {0x14,       6 },
+  {0x3f8,      10},
+  {0x3f9,      10},
+  {0xffa,      12},
+  {0x1ff9,     13},
+  {0x15,       6 },
+  {0xf8,       8 },
+  {0x7fa,      11},
+  {0x3fa,      10},
+  {0x3fb,      10},
+  {0xf9,       8 },
+  {0x7fb,      11},
+  {0xfa,       8 },
+  {0x16,       6 },
+  {0x17,       6 },
+  {0x18,       6 },
+  {0x0,        5 },
+  {0x1,        5 },
+  {0x2,        5 },
+  {0x19,       6 },
+  {0x1a,       6 },
+  {0x1b,       6 },
+  {0x1c,       6 },
+  {0x1d,       6 },
+  {0x1e,       6 },
+  {0x1f,       6 },
+  {0x5c,       7 },
+  {0xfb,       8 },
+  {0x7ffc,     15},
+  {0x20,       6 },
+  {0xffb,      12},
+  {0x3fc,      10},
+  {0x1ffa,     13},
+  {0x21,       6 },
+  {0x5d,       7 },
+  {0x5e,       7 },
+  {0x5f,       7 },
+  {0x60,       7 },
+  {0x61,       7 },
+  {0x62,       7 },
+  {0x63,       7 },
+  {0x64,       7 },
+  {0x65,       7 },
+  {0x66,       7 },
+  {0x67,       7 },
+  {0x68,       7 },
+  {0x69,       7 },
+  {0x6a,       7 },
+  {0x6b,       7 },
+  {0x6c,       7 },
+  {0x6d,       7 },
+  {0x6e,       7 },
+  {0x6f,       7 },
+  {0x70,       7 },
+  {0x71,       7 },
+  {0x72,       7 },
+  {0xfc,       8 },
+  {0x73,       7 },
+  {0xfd,       8 },
+  {0x1ffb,     13},
+  {0x7fff0,    19},
+  {0x1ffc,     13},
+  {0x3ffc,     14},
+  {0x22,       6 },
+  {0x7ffd,     15},
+  {0x3,        5 },
+  {0x23,       6 },
+  {0x4,        5 },
+  {0x24,       6 },
+  {0x5,        5 },
+  {0x25,       6 },
+  {0x26,       6 },
+  {0x27,       6 },
+  {0x6,        5 },
+  {0x74,       7 },
+  {0x75,       7 },
+  {0x28,       6 },
+  {0x29,       6 },
+  {0x2a,       6 },
+  {0x7,        5 },
+  {0x2b,       6 },
+  {0x76,       7 },
+  {0x2c,       6 },
+  {0x8,        5 },
+  {0x9,        5 },
+  {0x2d,       6 },
+  {0x77,       7 },
+  {0x78,       7 },
+  {0x79,       7 },
+  {0x7a,       7 },
+  {0x7b,       7 },
+  {0x7ffe,     15},
+  {0x7fc,      11},
+  {0x3ffd,     14},
+  {0x1ffd,     13},
+  {0xffffffc,  28},
+  {0xfffe6,    20},
+  {0x3fffd2,   22},
+  {0xfffe7,    20},
+  {0xfffe8,    20},
+  {0x3fffd3,   22},
+  {0x3fffd4,   22},
+  {0x3fffd5,   22},
+  {0x7fffd9,   23},
+  {0x3fffd6,   22},
+  {0x7fffda,   23},
+  {0x7fffdb,   23},
+  {0x7fffdc,   23},
+  {0x7fffdd,   23},
+  {0x7fffde,   23},
+  {0xffffeb,   24},
+  {0x7fffdf,   23},
+  {0xffffec,   24},
+  {0xffffed,   24},
+  {0x3fffd7,   22},
+  {0x7fffe0,   23},
+  {0xffffee,   24},
+  {0x7fffe1,   23},
+  {0x7fffe2,   23},
+  {0x7fffe3,   23},
+  {0x7fffe4,   23},
+  {0x1fffdc,   21},
+  {0x3fffd8,   22},
+  {0x7fffe5,   23},
+  {0x3fffd9,   22},
+  {0x7fffe6,   23},
+  {0x7fffe7,   23},
+  {0xffffef,   24},
+  {0x3fffda,   22},
+  {0x1fffdd,   21},
+  {0xfffe9,    20},
+  {0x3fffdb,   22},
+  {0x3fffdc,   22},
+  {0x7fffe8,   23},
+  {0x7fffe9,   23},
+  {0x1fffde,   21},
+  {0x7fffea,   23},
+  {0x3fffdd,   22},
+  {0x3fffde,   22},
+  {0xfffff0,   24},
+  {0x1fffdf,   21},
+  {0x3fffdf,   22},
+  {0x7fffeb,   23},
+  {0x7fffec,   23},
+  {0x1fffe0,   21},
+  {0x1fffe1,   21},
+  {0x3fffe0,   22},
+  {0x1fffe2,   21},
+  {0x7fffed,   23},
+  {0x3fffe1,   22},
+  {0x7fffee,   23},
+  {0x7fffef,   23},
+  {0xfffea,    20},
+  {0x3fffe2,   22},
+  {0x3fffe3,   22},
+  {0x3fffe4,   22},
+  {0x7ffff0,   23},
+  {0x3fffe5,   22},
+  {0x3fffe6,   22},
+  {0x7ffff1,   23},
+  {0x3ffffe0,  26},
+  {0x3ffffe1,  26},
+  {0xfffeb,    20},
+  {0x7fff1,    19},
+  {0x3fffe7,   22},
+  {0x7ffff2,   23},
+  {0x3fffe8,   22},
+  {0x1ffffec,  25},
+  {0x3ffffe2,  26},
+  {0x3ffffe3,  26},
+  {0x3ffffe4,  26},
+  {0x7ffffde,  27},
+  {0x7ffffdf,  27},
+  {0x3ffffe5,  26},
+  {0xfffff1,   24},
+  {0x1ffffed,  25},
+  {0x7fff2,    19},
+  {0x1fffe3,   21},
+  {0x3ffffe6,  26},
+  {0x7ffffe0,  27},
+  {0x7ffffe1,  27},
+  {0x3ffffe7,  26},
+  {0x7ffffe2,  27},
+  {0xfffff2,   24},
+  {0x1fffe4,   21},
+  {0x1fffe5,   21},
+  {0x3ffffe8,  26},
+  {0x3ffffe9,  26},
+  {0xffffffd,  28},
+  {0x7ffffe3,  27},
+  {0x7ffffe4,  27},
+  {0x7ffffe5,  27},
+  {0xfffec,    20},
+  {0xfffff3,   24},
+  {0xfffed,    20},
+  {0x1fffe6,   21},
+  {0x3fffe9,   22},
+  {0x1fffe7,   21},
+  {0x1fffe8,   21},
+  {0x7ffff3,   23},
+  {0x3fffea,   22},
+  {0x3fffeb,   22},
+  {0x1ffffee,  25},
+  {0x1ffffef,  25},
+  {0xfffff4,   24},
+  {0xfffff5,   24},
+  {0x3ffffea,  26},
+  {0x7ffff4,   23},
+  {0x3ffffeb,  26},
+  {0x7ffffe6,  27},
+  {0x3ffffec,  26},
+  {0x3ffffed,  26},
+  {0x7ffffe7,  27},
+  {0x7ffffe8,  27},
+  {0x7ffffe9,  27},
+  {0x7ffffea,  27},
+  {0x7ffffeb,  27},
+  {0xffffffe,  28},
+  {0x7ffffec,  27},
+  {0x7ffffed,  27},
+  {0x7ffffee,  27},
+  {0x7ffffef,  27},
+  {0x7fffff0,  27},
+  {0x3ffffee,  26},
+  {0x3fffffff, 30}
+};
 
 using Node = struct node {
   node *left, *right;
@@ -150,7 +371,7 @@ hpack_huffman_fin()
 }
 
 #define MAX_HUFFMAN_CODE_LEN 30
-#define EOS 0x3fffffff
+#define EOS                  0x3fffffff
 
 int64_t
 huffman_decode(char *dst_start, const uint8_t *src, uint32_t src_len)
@@ -167,7 +388,7 @@ huffman_decode(char *dst_start, const uint8_t *src, uint32_t src_len)
     }
     if (*src & (1 << shift)) {
       curr_bits |= 1;
-      current = current->right;
+      current   = current->right;
     } else {
       current = current->left;
     }
@@ -233,14 +454,14 @@ huffman_encode(uint8_t *dst_start, const uint8_t *src, uint32_t src_len)
 
     if (remain_bits > bit_len) {
       remain_bits = remain_bits - bit_len;
-      buf |= hex << remain_bits;
+      buf         |= hex << remain_bits;
     } else if (remain_bits == bit_len) {
-      buf |= hex;
+      buf         |= hex;
       dst         = huffman_encode_append(dst, buf);
       remain_bits = 32;
       buf         = 0;
     } else {
-      buf |= hex >> (bit_len - remain_bits);
+      buf         |= hex >> (bit_len - remain_bits);
       dst         = huffman_encode_append(dst, buf);
       remain_bits = (32 - (bit_len - remain_bits));
       buf         = hex << remain_bits;
diff --git a/proxy/hdrs/MIME.cc b/proxy/hdrs/MIME.cc
index 902fd62c4cf..a1ebec5d9ec 100644
--- a/proxy/hdrs/MIME.cc
+++ b/proxy/hdrs/MIME.cc
@@ -43,8 +43,8 @@ using ts::TextView;
  *                    C O M P I L E    O P T I O N S                   *
  *                                                                     *
  ***********************************************************************/
-#define TRACK_FIELD_FIND_CALLS 0
-#define TRACK_COOKING 0
+#define TRACK_FIELD_FIND_CALLS            0
+#define TRACK_COOKING                     0
 #define MIME_FORMAT_DATE_USE_LOOKUP_TABLE 1
 
 /***********************************************************************
@@ -612,7 +612,7 @@ mime_hdr_sanity_check(MIMEHdrImpl *mh)
           }
 
           uint64_t mask = mime_field_presence_mask(field->m_wks_idx);
-          masksum |= mask;
+          masksum       |= mask;
 
           int32_t slot_id = hdrtoken_index_to_slotid(field->m_wks_idx);
           if ((slot_id != MIME_SLOTID_NONE) && (slot_index < MIME_FIELD_SLOTNUM_UNKNOWN) &&
@@ -951,20 +951,22 @@ mime_init_cache_control_cooking_masks()
   static struct {
     const char *name;
     uint32_t mask;
-  } cc_mask_table[] = {{"max-age", MIME_COOKED_MASK_CC_MAX_AGE},
-                       {"no-cache", MIME_COOKED_MASK_CC_NO_CACHE},
-                       {"no-store", MIME_COOKED_MASK_CC_NO_STORE},
-                       {"no-transform", MIME_COOKED_MASK_CC_NO_TRANSFORM},
-                       {"max-stale", MIME_COOKED_MASK_CC_MAX_STALE},
-                       {"min-fresh", MIME_COOKED_MASK_CC_MIN_FRESH},
-                       {"only-if-cached", MIME_COOKED_MASK_CC_ONLY_IF_CACHED},
-                       {"public", MIME_COOKED_MASK_CC_PUBLIC},
-                       {"private", MIME_COOKED_MASK_CC_PRIVATE},
-                       {"must-revalidate", MIME_COOKED_MASK_CC_MUST_REVALIDATE},
-                       {"proxy-revalidate", MIME_COOKED_MASK_CC_PROXY_REVALIDATE},
-                       {"s-maxage", MIME_COOKED_MASK_CC_S_MAXAGE},
-                       {"need-revalidate-once", MIME_COOKED_MASK_CC_NEED_REVALIDATE_ONCE},
-                       {nullptr, 0}};
+  } cc_mask_table[] = {
+    {"max-age",              MIME_COOKED_MASK_CC_MAX_AGE             },
+    {"no-cache",             MIME_COOKED_MASK_CC_NO_CACHE            },
+    {"no-store",             MIME_COOKED_MASK_CC_NO_STORE            },
+    {"no-transform",         MIME_COOKED_MASK_CC_NO_TRANSFORM        },
+    {"max-stale",            MIME_COOKED_MASK_CC_MAX_STALE           },
+    {"min-fresh",            MIME_COOKED_MASK_CC_MIN_FRESH           },
+    {"only-if-cached",       MIME_COOKED_MASK_CC_ONLY_IF_CACHED      },
+    {"public",               MIME_COOKED_MASK_CC_PUBLIC              },
+    {"private",              MIME_COOKED_MASK_CC_PRIVATE             },
+    {"must-revalidate",      MIME_COOKED_MASK_CC_MUST_REVALIDATE     },
+    {"proxy-revalidate",     MIME_COOKED_MASK_CC_PROXY_REVALIDATE    },
+    {"s-maxage",             MIME_COOKED_MASK_CC_S_MAXAGE            },
+    {"need-revalidate-once", MIME_COOKED_MASK_CC_NEED_REVALIDATE_ONCE},
+    {nullptr,                0                                       }
+  };
 
   for (int i = 0; cc_mask_table[i].name != nullptr; i++) {
     const char *wks                              = hdrtoken_string_to_wks(cc_mask_table[i].name);
@@ -1925,7 +1927,7 @@ mime_field_value_str_from_strlist(HdrHeap *heap, int *new_str_len_return, StrLis
   cell = list->head;
   for (i = 0; i < list->count; i++) {
     new_value_len += cell->len;
-    cell = cell->next;
+    cell          = cell->next;
   }
   if (list->count > 1) {
     new_value_len += (2 * (list->count - 1));
@@ -2096,7 +2098,7 @@ mime_field_value_extend_comma_val(HdrHeap *heap, MIMEHdrImpl *mh, MIMEField *fie
 
   // (4) trim quotes if any
   if ((cell->len >= 2) && (cell->str[0] == '\"') && (cell->str[cell->len - 1] == '\"')) {
-    trimmed = 1;
+    trimmed   = 1;
     cell->str += 1;
     cell->len -= 2;
   } else {
@@ -2781,8 +2783,8 @@ mime_mem_print_(const char *src_d, int src_l, char *buf_start, int buf_length, i
       *buf_chars_to_skip_inout -= src_l;
       return 1;
     } else {
-      src_l -= *buf_chars_to_skip_inout;
-      src_d += *buf_chars_to_skip_inout;
+      src_l                    -= *buf_chars_to_skip_inout;
+      src_d                    += *buf_chars_to_skip_inout;
       *buf_chars_to_skip_inout = 0;
     }
   }
@@ -2854,7 +2856,7 @@ mime_field_print(MIMEField *field, char *buf_start, int buf_length, int *buf_ind
 
       buf_start[0] = ':';
       buf_start[1] = ' ';
-      buf_start += 2;
+      buf_start    += 2;
 
       memcpy(buf_start, field->m_ptr_value, field->m_len_value);
       buf_start += field->m_len_value;
@@ -2952,9 +2954,9 @@ mime_days_since_epoch_to_mdy_slowcase(unsigned int days_since_jan_1_1970, int *m
   d = dp = (year * 365) + (year / 4) - (year / 100) + (year / 100 + 3) / 4 - DAYS_OFFSET - 1;
 
   while (dp < mday) {
-    d = dp;
+    d    = dp;
     year += 1;
-    dp = (year * 365) + (year / 4) - (year / 100) + (year / 100 + 3) / 4 - DAYS_OFFSET - 1;
+    dp   = (year * 365) + (year / 4) - (year / 100) + (year / 100 + 3) / 4 - DAYS_OFFSET - 1;
   }
 
   /* convert the days */
@@ -3028,11 +3030,11 @@ mime_format_date(char *buffer, time_t value)
 
   buf = buffer;
 
-  sec = static_cast(value % 60);
+  sec   = static_cast(value % 60);
   value /= 60;
-  min = static_cast(value % 60);
+  min   = static_cast(value % 60);
   value /= 60;
-  hour = static_cast(value % 24);
+  hour  = static_cast(value % 24);
   value /= 24;
 
   /* Jan 1, 1970 was a Thursday */
@@ -3056,24 +3058,24 @@ mime_format_date(char *buffer, time_t value)
   buf[0]                     = three_char_day[0];
   buf[1]                     = three_char_day[1];
   buf[2]                     = three_char_day[2];
-  buf += 3;
+  buf                        += 3;
 
   buf[0] = ',';
   buf[1] = ' ';
-  buf += 2;
+  buf    += 2;
 
   /* the day of month */
   buf[0] = digitstrs[mday][0];
   buf[1] = digitstrs[mday][1];
   buf[2] = ' ';
-  buf += 3;
+  buf    += 3;
 
   /* the month string */
   const char *three_char_month = monthstrs[month];
   buf[0]                       = three_char_month[0];
   buf[1]                       = three_char_month[1];
   buf[2]                       = three_char_month[2];
-  buf += 3;
+  buf                          += 3;
 
   /* the year */
   buf[0] = ' ';
@@ -3090,40 +3092,40 @@ mime_format_date(char *buffer, time_t value)
     buf[4] = (year - 1990) + '0';
   } else {
     buf[4] = (year % 10) + '0';
-    year /= 10;
+    year   /= 10;
     buf[3] = (year % 10) + '0';
-    year /= 10;
+    year   /= 10;
     buf[2] = (year % 10) + '0';
-    year /= 10;
+    year   /= 10;
     buf[1] = (year % 10) + '0';
   }
   buf[5] = ' ';
-  buf += 6;
+  buf    += 6;
 
   /* the hour */
   buf[0] = digitstrs[hour][0];
   buf[1] = digitstrs[hour][1];
   buf[2] = ':';
-  buf += 3;
+  buf    += 3;
 
   /* the minute */
   buf[0] = digitstrs[min][0];
   buf[1] = digitstrs[min][1];
   buf[2] = ':';
-  buf += 3;
+  buf    += 3;
 
   /* the second */
   buf[0] = digitstrs[sec][0];
   buf[1] = digitstrs[sec][1];
   buf[2] = ' ';
-  buf += 3;
+  buf    += 3;
 
   /* the timezone string */
   buf[0] = 'G';
   buf[1] = 'M';
   buf[2] = 'T';
   buf[3] = '\0';
-  buf += 3;
+  buf    += 3;
 
   return buf - buffer; // not counting NUL
 }
@@ -3161,7 +3163,7 @@ mime_parse_int(const char *buf, const char *end)
 
     if ((buf != end) && (*buf == '-')) {
       negative = true;
-      buf += 1;
+      buf      += 1;
     }
     // NOTE: we first compute the value as negative then correct the
     // sign back to positive. This enables us to correctly parse MININT.
@@ -3238,7 +3240,7 @@ mime_parse_int64(const char *buf, const char *end)
 
     if ((buf != end) && (*buf == '-')) {
       negative = true;
-      buf += 1;
+      buf      += 1;
     }
     // NOTE: we first compute the value as negative then correct the
     // sign back to positive. This enables us to correctly parse MININT.
@@ -3646,7 +3648,7 @@ mime_parse_integer(const char *&buf, const char *end, int *integer)
 
     if ((buf != end) && (*buf == '-')) {
       negative = true;
-      buf += 1;
+      buf      += 1;
     }
     // NOTE: we first compute the value as negative then correct the
     // sign back to positive. This enables us to correctly parse MININT.
@@ -3865,10 +3867,10 @@ MIMEHdrImpl::recompute_cooked_stuff(MIMEField *changing_field_or_null)
       if (!field->has_dups()) {
         s = field->value_get(&len);
         if (ptr_len_casecmp(s, len, "public", 6) == 0) {
-          mask = MIME_COOKED_MASK_CC_PUBLIC;
+          mask                                  = MIME_COOKED_MASK_CC_PUBLIC;
           m_cooked_stuff.m_cache_control.m_mask |= mask;
         } else if (ptr_len_casecmp(s, len, "private,no-cache", 16) == 0) {
-          mask = MIME_COOKED_MASK_CC_PRIVATE | MIME_COOKED_MASK_CC_NO_CACHE;
+          mask                                  = MIME_COOKED_MASK_CC_PRIVATE | MIME_COOKED_MASK_CC_NO_CACHE;
           m_cooked_stuff.m_cache_control.m_mask |= mask;
         }
       }
@@ -3889,8 +3891,8 @@ MIMEHdrImpl::recompute_cooked_stuff(MIMEField *changing_field_or_null)
             Debug("http", "recompute_cooked_stuff: got field '%s'", token_wks);
 #endif
 
-            HdrTokenHeapPrefix *p = hdrtoken_wks_to_prefix(token_wks);
-            mask                  = p->wks_type_specific.u.cache_control.cc_mask;
+            HdrTokenHeapPrefix *p                 = hdrtoken_wks_to_prefix(token_wks);
+            mask                                  = p->wks_type_specific.u.cache_control.cc_mask;
             m_cooked_stuff.m_cache_control.m_mask |= mask;
 
 #if TRACK_COOKING
diff --git a/proxy/hdrs/MIME.h b/proxy/hdrs/MIME.h
index ba9501d82de..162340e75a2 100644
--- a/proxy/hdrs/MIME.h
+++ b/proxy/hdrs/MIME.h
@@ -73,19 +73,19 @@ enum MimeParseState {
 #define MIME_HDR_SANITY_CHECK (void)
 #endif
 
-#define MIME_FIELD_SLOT_READINESS_EMPTY 0
+#define MIME_FIELD_SLOT_READINESS_EMPTY    0
 #define MIME_FIELD_SLOT_READINESS_DETACHED 1
-#define MIME_FIELD_SLOT_READINESS_LIVE 2
-#define MIME_FIELD_SLOT_READINESS_DELETED 3
+#define MIME_FIELD_SLOT_READINESS_LIVE     2
+#define MIME_FIELD_SLOT_READINESS_DELETED  3
 
 #define MIME_FIELD_SLOT_FLAGS_DUP_HEAD (1 << 0)
-#define MIME_FIELD_SLOT_FLAGS_COOKED (1 << 1)
+#define MIME_FIELD_SLOT_FLAGS_COOKED   (1 << 1)
 
 #define MIME_FIELD_BLOCK_SLOTS 16
 
-#define MIME_FIELD_SLOTNUM_BITS 4
-#define MIME_FIELD_SLOTNUM_MASK ((1 << MIME_FIELD_SLOTNUM_BITS) - 1)
-#define MIME_FIELD_SLOTNUM_MAX (MIME_FIELD_SLOTNUM_MASK - 1)
+#define MIME_FIELD_SLOTNUM_BITS    4
+#define MIME_FIELD_SLOTNUM_MASK    ((1 << MIME_FIELD_SLOTNUM_BITS) - 1)
+#define MIME_FIELD_SLOTNUM_MAX     (MIME_FIELD_SLOTNUM_MASK - 1)
 #define MIME_FIELD_SLOTNUM_UNKNOWN MIME_FIELD_SLOTNUM_MAX
 
 /***********************************************************************
@@ -97,16 +97,16 @@ enum MimeParseState {
 struct MIMEHdrImpl;
 
 struct MIMEField {
-  const char *m_ptr_name;              // 4
-  const char *m_ptr_value;             // 4
-  MIMEField *m_next_dup;               // 4
-  int16_t m_wks_idx;                   // 2
-  uint16_t m_len_name;                 // 2
-  uint32_t m_len_value : 24;           // 3
-  uint8_t m_n_v_raw_printable : 1;     // 1/8
-  uint8_t m_n_v_raw_printable_pad : 3; // 3/8
-  uint8_t m_readiness : 2;             // 2/8
-  uint8_t m_flags : 2;                 // 2/8
+  const char *m_ptr_name;               // 4
+  const char *m_ptr_value;              // 4
+  MIMEField *m_next_dup;                // 4
+  int16_t m_wks_idx;                    // 2
+  uint16_t m_len_name;                  // 2
+  uint32_t m_len_value            : 24; // 3
+  uint8_t m_n_v_raw_printable     : 1;  // 1/8
+  uint8_t m_n_v_raw_printable_pad : 3;  // 3/8
+  uint8_t m_readiness             : 2;  // 2/8
+  uint8_t m_flags                 : 2;  // 2/8
 
   bool
   is_dup_head() const
@@ -1237,7 +1237,7 @@ class MIMEHdr : public HdrHeapSDKHandle
   void set_server(const char *server_id_tag, int server_id_tag_size);
 
   // No gratuitous copies & refcounts!
-  MIMEHdr(const MIMEHdr &m) = delete;
+  MIMEHdr(const MIMEHdr &m)            = delete;
   MIMEHdr &operator=(const MIMEHdr &m) = delete;
 
 private:
diff --git a/proxy/hdrs/URL.cc b/proxy/hdrs/URL.cc
index c9b2f96d6d6..b6d36516b42 100644
--- a/proxy/hdrs/URL.cc
+++ b/proxy/hdrs/URL.cc
@@ -993,8 +993,8 @@ unescape_str(char *&buf, char *buf_e, const char *&str, const char *str_e, int &
 
   first_pct = ink_memcpy_until_char(buf, const_cast(str), min_len, '%');
   copy_len  = static_cast(first_pct - str);
-  str += copy_len;
-  buf += copy_len;
+  str       += copy_len;
+  buf       += copy_len;
   if (copy_len == min_len) {
     return;
   }
@@ -1003,16 +1003,16 @@ unescape_str(char *&buf, char *buf_e, const char *&str, const char *str_e, int &
     switch (state) {
     case 0:
       if (str[0] == '%') {
-        str += 1;
+        str   += 1;
         state = 1;
       } else {
         *buf++ = str[0];
-        str += 1;
+        str    += 1;
       }
       break;
     case 1:
       if (ParseRules::is_hex(str[0])) {
-        str += 1;
+        str   += 1;
         state = 2;
       } else {
         *buf++ = str[-1];
@@ -1035,8 +1035,8 @@ unescape_str(char *&buf, char *buf_e, const char *&str, const char *str_e, int &
         }
 
         *buf++ = tmp;
-        str += 1;
-        state = 0;
+        str    += 1;
+        state  = 0;
       } else {
         *buf++ = str[-2];
         state  = 3;
@@ -1060,16 +1060,16 @@ unescape_str_tolower(char *&buf, char *end, const char *&str, const char *str_e,
     switch (state) {
     case 0:
       if (str[0] == '%') {
-        str += 1;
+        str   += 1;
         state = 1;
       } else {
         *buf++ = ParseRules::ink_tolower(str[0]);
-        str += 1;
+        str    += 1;
       }
       break;
     case 1:
       if (ParseRules::is_hex(str[0])) {
-        str += 1;
+        str   += 1;
         state = 2;
       } else {
         *buf++ = ParseRules::ink_tolower(str[-1]);
@@ -1092,8 +1092,8 @@ unescape_str_tolower(char *&buf, char *end, const char *&str, const char *str_e,
         }
 
         *buf++ = tmp;
-        str += 1;
-        state = 0;
+        str    += 1;
+        state  = 0;
       } else {
         *buf++ = ParseRules::ink_tolower(str[-2]);
         state  = 3;
@@ -1770,7 +1770,7 @@ url_CryptoHash_get_fast(const URLImpl *url, CryptoContext &ctx, CryptoHash *hash
 
   p = buffer;
   memcpy_tolower(p, url->m_ptr_scheme, url->m_len_scheme);
-  p += url->m_len_scheme;
+  p    += url->m_len_scheme;
   *p++ = ':';
   *p++ = '/';
   *p++ = '/';
@@ -1779,10 +1779,10 @@ url_CryptoHash_get_fast(const URLImpl *url, CryptoContext &ctx, CryptoHash *hash
   // no password
   *p++ = '@';
   memcpy_tolower(p, url->m_ptr_host, url->m_len_host);
-  p += url->m_len_host;
+  p    += url->m_len_host;
   *p++ = '/';
   memcpy(p, url->m_ptr_path, url->m_len_path);
-  p += url->m_len_path;
+  p    += url->m_len_path;
   *p++ = ';';
   // no params
   *p++ = '?';
diff --git a/proxy/hdrs/URL.h b/proxy/hdrs/URL.h
index d91e9f1f8ce..50606bc3e16 100644
--- a/proxy/hdrs/URL.h
+++ b/proxy/hdrs/URL.h
@@ -77,7 +77,7 @@ class URLImpl : public HdrHeapObjImpl
 
   uint32_t m_clean : 1;
   /// Whether the URI had an absolutely empty path, not even an initial '/'.
-  uint32_t m_path_is_empty : 1;
+  uint32_t m_path_is_empty       : 1;
   uint32_t m_normalization_flags : 2; // Only valid if both m_clean and m_ptr_printed_sting are non-zero.
   // 8 bytes + 4 bits, will result in padding
 
@@ -346,7 +346,7 @@ class URL : public HdrHeapSDKHandle
 public:
   static char *unescapify(Arena *arena, const char *str, int length);
   // No gratuitous copies!
-  URL(const URL &u) = delete;
+  URL(const URL &u)            = delete;
   URL &operator=(const URL &u) = delete;
 
 private:
diff --git a/proxy/hdrs/VersionConverter.cc b/proxy/hdrs/VersionConverter.cc
index 16280157e48..6e938b2d075 100644
--- a/proxy/hdrs/VersionConverter.cc
+++ b/proxy/hdrs/VersionConverter.cc
@@ -76,7 +76,7 @@ VersionConverter::_convert_req_from_1_to_2(HTTPHdr &header) const
 
     field->value_set(header.m_heap, header.m_mime, value, value_len);
   } else {
-    ink_abort("initialize HTTP/2 pseudo-headers");
+    ink_abort("initialize HTTP/2 pseudo-headers, no :method");
     return PARSE_RESULT_ERROR;
   }
 
@@ -91,7 +91,7 @@ VersionConverter::_convert_req_from_1_to_2(HTTPHdr &header) const
       field->value_set(header.m_heap, header.m_mime, URL_SCHEME_HTTPS, URL_LEN_HTTPS);
     }
   } else {
-    ink_abort("initialize HTTP/2 pseudo-headers");
+    ink_abort("initialize HTTP/2 pseudo-headers, no :scheme");
     return PARSE_RESULT_ERROR;
   }
 
@@ -110,8 +110,11 @@ VersionConverter::_convert_req_from_1_to_2(HTTPHdr &header) const
     } else {
       field->value_set(header.m_heap, header.m_mime, value, value_len);
     }
+    // Remove the host header field, redundant to the authority field
+    // For istio/envoy, having both was causing 404 responses
+    header.field_delete(MIME_FIELD_HOST, MIME_LEN_HOST);
   } else {
-    ink_abort("initialize HTTP/2 pseudo-headers");
+    ink_abort("initialize HTTP/2 pseudo-headers, no :authority");
     return PARSE_RESULT_ERROR;
   }
 
@@ -119,15 +122,29 @@ VersionConverter::_convert_req_from_1_to_2(HTTPHdr &header) const
   if (MIMEField *field = header.field_find(PSEUDO_HEADER_PATH.data(), PSEUDO_HEADER_PATH.size()); field != nullptr) {
     int value_len     = 0;
     const char *value = header.path_get(&value_len);
+    int param_len     = 0;
+    const char *param = header.params_get(¶m_len);
+    int query_len     = 0;
+    const char *query = header.query_get(&query_len);
+    int path_len      = value_len + 1;
 
-    ts::LocalBuffer buf(value_len + 1);
+    ts::LocalBuffer buf(value_len + 1 + 1 + 1 + query_len + param_len);
     char *path = buf.data();
     path[0]    = '/';
     memcpy(path + 1, value, value_len);
-
-    field->value_set(header.m_heap, header.m_mime, path, value_len + 1);
+    if (param_len > 0) {
+      path[path_len] = ';';
+      memcpy(path + path_len + 1, param, param_len);
+      path_len += 1 + param_len;
+    }
+    if (query_len > 0) {
+      path[path_len] = '?';
+      memcpy(path + path_len + 1, query, query_len);
+      path_len += 1 + query_len;
+    }
+    field->value_set(header.m_heap, header.m_mime, path, path_len);
   } else {
-    ink_abort("initialize HTTP/2 pseudo-headers");
+    ink_abort("initialize HTTP/2 pseudo-headers, no :path");
     return PARSE_RESULT_ERROR;
   }
 
@@ -173,10 +190,15 @@ VersionConverter::_convert_req_from_2_to_1(HTTPHdr &header) const
   if (MIMEField *field = header.field_find(PSEUDO_HEADER_AUTHORITY.data(), PSEUDO_HEADER_AUTHORITY.size());
       field != nullptr && field->value_is_valid(is_control_BIT | is_ws_BIT)) {
     int authority_len;
+    // Set the host header field
+    MIMEField *host = header.field_find(MIME_FIELD_HOST, MIME_LEN_HOST);
+    if (host == nullptr) {
+      host = header.field_create(MIME_FIELD_HOST, MIME_LEN_HOST);
+      header.field_attach(host);
+    }
     const char *authority = field->value_get(&authority_len);
-
     header.m_http->u.req.m_url_impl->set_host(header.m_heap, authority, authority_len, true);
-
+    host->value_set(header.m_heap, header.m_mime, authority, authority_len);
     header.field_delete(field);
   } else {
     return PARSE_RESULT_ERROR;
@@ -234,7 +256,7 @@ VersionConverter::_convert_res_from_1_to_2(HTTPHdr &header) const
 
     field->value_set(header.m_heap, header.m_mime, status_str, STATUS_VALUE_LEN);
   } else {
-    ink_abort("initialize HTTP/2 pseudo-headers");
+    ink_abort("initialize HTTP/2 pseudo-headers, no :status");
     return PARSE_RESULT_ERROR;
   }
 
diff --git a/proxy/hdrs/VersionConverter.h b/proxy/hdrs/VersionConverter.h
index bb0e0e25d18..5ecf6c5b502 100644
--- a/proxy/hdrs/VersionConverter.h
+++ b/proxy/hdrs/VersionConverter.h
@@ -67,47 +67,42 @@ class VersionConverter
 
   static constexpr convert_function _convert_functions[2][N_VERSIONS][N_VERSIONS] = {
     {
-      // Request
+     // Request
       {
         // From 1
         &VersionConverter::_convert_nop,
         &VersionConverter::_convert_req_from_1_to_2,
         &VersionConverter::_convert_req_from_1_to_2,
-      },
-      {
+      }, {
         // From 2
         &VersionConverter::_convert_req_from_2_to_1,
         &VersionConverter::_convert_nop,
         &VersionConverter::_convert_nop,
-      },
-      {
+      }, {
         // From 3
         &VersionConverter::_convert_req_from_2_to_1,
         &VersionConverter::_convert_nop,
         &VersionConverter::_convert_nop,
-      },
-    },
+      }, },
     {
-      // Response
+     // Response
       {
         // From 1
         &VersionConverter::_convert_nop,
         &VersionConverter::_convert_res_from_1_to_2,
         &VersionConverter::_convert_res_from_1_to_2,
-      },
-      {
+      }, {
         // From 2
         &VersionConverter::_convert_res_from_2_to_1,
         &VersionConverter::_convert_nop,
         &VersionConverter::_convert_nop,
-      },
-      {
+      },        {
         // From 3
         &VersionConverter::_convert_res_from_2_to_1,
         &VersionConverter::_convert_nop,
         &VersionConverter::_convert_nop,
-      },
-    }};
+      }, }
+  };
 
   static constexpr std::string_view connection_specific_header_fields[] = {
     "Connection", "Keep-Alive", "Proxy-Connection", "Transfer-Encoding", "Upgrade",
diff --git a/proxy/hdrs/XPACK.cc b/proxy/hdrs/XPACK.cc
index 44963340c7d..3abee8742a3 100644
--- a/proxy/hdrs/XPACK.cc
+++ b/proxy/hdrs/XPACK.cc
@@ -55,7 +55,7 @@ xpack_decode_integer(uint64_t &dst, const uint8_t *buf_start, const uint8_t *buf
         return XPACK_ERROR_COMPRESSION_ERROR;
       }
       dst += added_value << m;
-      m += 7;
+      m   += 7;
     } while (*p & 0x80);
   }
 
@@ -127,7 +127,7 @@ xpack_encode_integer(uint8_t *buf_start, const uint8_t *buf_end, uint64_t value,
     *(p++) = value;
   } else {
     *(p++) = (1 << n) - 1;
-    value -= (1 << n) - 1;
+    value  -= (1 << n) - 1;
     while (value >= 128) {
       if (p >= buf_end) {
         return -1;
diff --git a/proxy/hdrs/load_http_hdr.cc b/proxy/hdrs/load_http_hdr.cc
index 0013fa8c01a..8313ec445e7 100644
--- a/proxy/hdrs/load_http_hdr.cc
+++ b/proxy/hdrs/load_http_hdr.cc
@@ -267,8 +267,8 @@ load_buffer(int fd, hdr_type h_type)
         fprintf(stderr, "Corrupted data file\n");
         exit(1);
       }
-      cur_ptr  = (int *)(hdr_heap + bytes_read);
-      *cur_ptr = el;
+      cur_ptr    = (int *)(hdr_heap + bytes_read);
+      *cur_ptr   = el;
       bytes_read += 4;
     }
     cur_line++;
diff --git a/proxy/hdrs/test_Huffmancode.cc b/proxy/hdrs/test_Huffmancode.cc
index 6f5bf7b915c..d3ce28f0fef 100644
--- a/proxy/hdrs/test_Huffmancode.cc
+++ b/proxy/hdrs/test_Huffmancode.cc
@@ -154,14 +154,15 @@ const static struct {
   uint8_t *expect;
   int64_t expect_len;
 } huffman_encode_test_data[] = {
-  {(uint8_t *)"", 0, (uint8_t *)"", 0},
-  {(uint8_t *)"0", 1, (uint8_t *)"\x07", 1},
-  {(uint8_t *)"302", 3, (uint8_t *)"\x64\x02", 2},
-  {(uint8_t *)"private", 7, (uint8_t *)"\xae\xc3\x77\x1a\x4b", 5},
+  {(uint8_t *)"",                              0,  (uint8_t *)"",                                                                     0 },
+  {(uint8_t *)"0",                             1,  (uint8_t *)"\x07",                                                                 1 },
+  {(uint8_t *)"302",                           3,  (uint8_t *)"\x64\x02",                                                             2 },
+  {(uint8_t *)"private",                       7,  (uint8_t *)"\xae\xc3\x77\x1a\x4b",                                                 5 },
   {(uint8_t *)"Mon, 21 Oct 2013 20:13:21 GMT", 29,
-   (uint8_t *)"\xd0\x7a\xbe\x94\x10\x54\xd4\x44\xa8\x20\x05\x95\x04\x0b\x81\x66\xe0\x82\xa6\x2d\x1b\xff", 22},
-  {(uint8_t *)"https://www.example.com", 23, (uint8_t *)"\x9d\x29\xad\x17\x18\x63\xc7\x8f\x0b\x97\xc8\xe9\xae\x82\xae\x43\xd3",
-   17}};
+   (uint8_t *)"\xd0\x7a\xbe\x94\x10\x54\xd4\x44\xa8\x20\x05\x95\x04\x0b\x81\x66\xe0\x82\xa6\x2d\x1b\xff",                             22},
+  {(uint8_t *)"https://www.example.com",       23, (uint8_t *)"\x9d\x29\xad\x17\x18\x63\xc7\x8f\x0b\x97\xc8\xe9\xae\x82\xae\x43\xd3",
+   17                                                                                                                                   }
+};
 
 void
 encode_test()
@@ -184,7 +185,11 @@ decode_errors_test()
     char *input;
     int input_len;
   } test_cases[] = {
-    {(char *)"\x00", 1}, {(char *)"\xff", 1}, {(char *)"\x1f\xff", 2}, {(char *)"\xff\xae", 2}, {(char *)"\xff\x9f\xff\xff\xff", 5},
+    {(char *)"\x00",                 1},
+    {(char *)"\xff",                 1},
+    {(char *)"\x1f\xff",             2},
+    {(char *)"\xff\xae",             2},
+    {(char *)"\xff\x9f\xff\xff\xff", 5},
   };
 
   for (unsigned int i = 0; i < sizeof(test_cases) / sizeof(test_cases[0]); i++) {
diff --git a/proxy/hdrs/unit_tests/test_Hdrs.cc b/proxy/hdrs/unit_tests/test_Hdrs.cc
index 38a7221b60c..2419fdd049f 100644
--- a/proxy/hdrs/unit_tests/test_Hdrs.cc
+++ b/proxy/hdrs/unit_tests/test_Hdrs.cc
@@ -46,31 +46,33 @@ TEST_CASE("HdrTestHttpParse", "[proxy][hdrtest]")
     int expected_result;
     int expected_bytes_consumed;
   };
-  static const std::array tests = {{
-    {"GET /index.html HTTP/1.0\r\n", PARSE_RESULT_DONE, 26},
-    {"GET /index.html HTTP/1.0\r\n\r\n***BODY****", PARSE_RESULT_DONE, 28},
-    {"GET /index.html HTTP/1.0\r\nUser-Agent: foobar\r\n\r\n***BODY****", PARSE_RESULT_DONE, 48},
-    {"GET", PARSE_RESULT_ERROR, 3},
-    {"GET /index.html", PARSE_RESULT_ERROR, 15},
-    {"GET /index.html\r\n", PARSE_RESULT_ERROR, 17},
-    {"GET /index.html HTTP/1.0", PARSE_RESULT_ERROR, 24},
-    {"GET /index.html HTTP/1.0\r", PARSE_RESULT_ERROR, 25},
-    {"GET /index.html HTTP/1.0\n", PARSE_RESULT_DONE, 25},
-    {"GET /index.html HTTP/1.0\n\n", PARSE_RESULT_DONE, 26},
-    {"GET /index.html HTTP/1.0\r\n\r\n", PARSE_RESULT_DONE, 28},
-    {"GET /index.html HTTP/1.0\r\nUser-Agent: foobar", PARSE_RESULT_ERROR, 44},
-    {"GET /index.html HTTP/1.0\r\nUser-Agent: foobar\n", PARSE_RESULT_DONE, 45},
-    {"GET /index.html HTTP/1.0\r\nUser-Agent: foobar\r\n", PARSE_RESULT_DONE, 46},
-    {"GET /index.html HTTP/1.0\r\nUser-Agent: foobar\r\n\r\n", PARSE_RESULT_DONE, 48},
-    {"GET /index.html HTTP/1.0\nUser-Agent: foobar\n", PARSE_RESULT_DONE, 44},
-    {"GET /index.html HTTP/1.0\nUser-Agent: foobar\nBoo: foo\n", PARSE_RESULT_DONE, 53},
-    {"GET /index.html HTTP/1.0\r\nUser-Agent: foobar\r\n", PARSE_RESULT_DONE, 46},
-    {"GET /index.html HTTP/1.0\r\n", PARSE_RESULT_DONE, 26},
-    {"GET /index.html hTTP/1.0\r\n", PARSE_RESULT_ERROR, 26},
-    {"CONNECT foo.example HTTP/1.1\r\n", PARSE_RESULT_DONE, 30},
-    {"GET foo.example HTTP/1.1\r\n", PARSE_RESULT_ERROR, 26},
-    {"", PARSE_RESULT_ERROR, 0},
-  }};
+  static const std::array tests = {
+    {
+     {"GET /index.html HTTP/1.0\r\n", PARSE_RESULT_DONE, 26},
+     {"GET /index.html HTTP/1.0\r\n\r\n***BODY****", PARSE_RESULT_DONE, 28},
+     {"GET /index.html HTTP/1.0\r\nUser-Agent: foobar\r\n\r\n***BODY****", PARSE_RESULT_DONE, 48},
+     {"GET", PARSE_RESULT_ERROR, 3},
+     {"GET /index.html", PARSE_RESULT_ERROR, 15},
+     {"GET /index.html\r\n", PARSE_RESULT_ERROR, 17},
+     {"GET /index.html HTTP/1.0", PARSE_RESULT_ERROR, 24},
+     {"GET /index.html HTTP/1.0\r", PARSE_RESULT_ERROR, 25},
+     {"GET /index.html HTTP/1.0\n", PARSE_RESULT_DONE, 25},
+     {"GET /index.html HTTP/1.0\n\n", PARSE_RESULT_DONE, 26},
+     {"GET /index.html HTTP/1.0\r\n\r\n", PARSE_RESULT_DONE, 28},
+     {"GET /index.html HTTP/1.0\r\nUser-Agent: foobar", PARSE_RESULT_ERROR, 44},
+     {"GET /index.html HTTP/1.0\r\nUser-Agent: foobar\n", PARSE_RESULT_DONE, 45},
+     {"GET /index.html HTTP/1.0\r\nUser-Agent: foobar\r\n", PARSE_RESULT_DONE, 46},
+     {"GET /index.html HTTP/1.0\r\nUser-Agent: foobar\r\n\r\n", PARSE_RESULT_DONE, 48},
+     {"GET /index.html HTTP/1.0\nUser-Agent: foobar\n", PARSE_RESULT_DONE, 44},
+     {"GET /index.html HTTP/1.0\nUser-Agent: foobar\nBoo: foo\n", PARSE_RESULT_DONE, 53},
+     {"GET /index.html HTTP/1.0\r\nUser-Agent: foobar\r\n", PARSE_RESULT_DONE, 46},
+     {"GET /index.html HTTP/1.0\r\n", PARSE_RESULT_DONE, 26},
+     {"GET /index.html hTTP/1.0\r\n", PARSE_RESULT_ERROR, 26},
+     {"CONNECT foo.example HTTP/1.1\r\n", PARSE_RESULT_DONE, 30},
+     {"GET foo.example HTTP/1.1\r\n", PARSE_RESULT_ERROR, 26},
+     {"", PARSE_RESULT_ERROR, 0},
+     }
+  };
 
   HTTPParser parser;
 
@@ -104,11 +106,13 @@ TEST_CASE("MIMEScanner_fragments", "[proxy][mimescanner_fragments]")
     bool shares_input;
     int expected_result;
   };
-  constexpr std::array const fragments = {{
-    {message.substr(0, 11), true, PARSE_RESULT_CONT},
-    {message.substr(11, 11), true, PARSE_RESULT_CONT},
-    {message.substr(22), false, PARSE_RESULT_OK},
-  }};
+  constexpr std::array const fragments = {
+    {
+     {message.substr(0, 11), true, PARSE_RESULT_CONT},
+     {message.substr(11, 11), true, PARSE_RESULT_CONT},
+     {message.substr(22), false, PARSE_RESULT_OK},
+     }
+  };
 
   MIMEScanner scanner;
   ts::TextView output; // only set on last call
@@ -539,28 +543,28 @@ TEST_CASE("HdrTest", "[proxy][hdrtest]")
       std::string_view line;
       ParseResult expected;
     } test_cases[] = {
-      ////
-      // Field Name
-      {"Content-Length: 10\r\n", PARSE_RESULT_CONT},
+  ////
+  // Field Name
+      {"Content-Length: 10\r\n",     PARSE_RESULT_CONT },
       {"Content-Length\x0b: 10\r\n", PARSE_RESULT_ERROR},
-      ////
-      // Field Value
-      // SP
-      {"Content-Length: 10\r\n", PARSE_RESULT_CONT},
-      // HTAB
-      {"Foo: ab\td/cd\r\n", PARSE_RESULT_CONT},
-      // VCHAR
-      {"Foo: ab\x21/cd\r\n", PARSE_RESULT_CONT},
-      {"Foo: ab\x7e/cd\r\n", PARSE_RESULT_CONT},
-      // DEL
-      {"Foo: ab\x7f/cd\r\n", PARSE_RESULT_ERROR},
-      // obs-text
-      {"Foo: ab\x80/cd\r\n", PARSE_RESULT_CONT},
-      {"Foo: ab\xff/cd\r\n", PARSE_RESULT_CONT},
-      // control char
+ ////
+  // Field Value
+  // SP
+      {"Content-Length: 10\r\n",     PARSE_RESULT_CONT },
+ // HTAB
+      {"Foo: ab\td/cd\r\n",          PARSE_RESULT_CONT },
+ // VCHAR
+      {"Foo: ab\x21/cd\r\n",         PARSE_RESULT_CONT },
+      {"Foo: ab\x7e/cd\r\n",         PARSE_RESULT_CONT },
+ // DEL
+      {"Foo: ab\x7f/cd\r\n",         PARSE_RESULT_ERROR},
+ // obs-text
+      {"Foo: ab\x80/cd\r\n",         PARSE_RESULT_CONT },
+      {"Foo: ab\xff/cd\r\n",         PARSE_RESULT_CONT },
+ // control char
       {"Content-Length: 10\x0b\r\n", PARSE_RESULT_ERROR},
       {"Content-Length:\x0b 10\r\n", PARSE_RESULT_ERROR},
-      {"Foo: ab\x1d/cd\r\n", PARSE_RESULT_ERROR},
+      {"Foo: ab\x1d/cd\r\n",         PARSE_RESULT_ERROR},
     };
 
     MIMEHdr hdr;
@@ -587,26 +591,26 @@ TEST_CASE("HdrTest", "[proxy][hdrtest]")
       const char *fast;
       const char *slow;
     } dates[] = {
-      {"Sun, 06 Nov 1994 08:49:37 GMT", "Sunday, 06-Nov-1994 08:49:37 GMT"},
-      {"Mon, 07 Nov 1994 08:49:37 GMT", "Monday, 07-Nov-1994 08:49:37 GMT"},
-      {"Tue, 08 Nov 1994 08:49:37 GMT", "Tuesday, 08-Nov-1994 08:49:37 GMT"},
+      {"Sun, 06 Nov 1994 08:49:37 GMT", "Sunday, 06-Nov-1994 08:49:37 GMT"   },
+      {"Mon, 07 Nov 1994 08:49:37 GMT", "Monday, 07-Nov-1994 08:49:37 GMT"   },
+      {"Tue, 08 Nov 1994 08:49:37 GMT", "Tuesday, 08-Nov-1994 08:49:37 GMT"  },
       {"Wed, 09 Nov 1994 08:49:37 GMT", "Wednesday, 09-Nov-1994 08:49:37 GMT"},
-      {"Thu, 10 Nov 1994 08:49:37 GMT", "Thursday, 10-Nov-1994 08:49:37 GMT"},
-      {"Fri, 11 Nov 1994 08:49:37 GMT", "Friday, 11-Nov-1994 08:49:37 GMT"},
-      {"Sat, 11 Nov 1994 08:49:37 GMT", "Saturday, 11-Nov-1994 08:49:37 GMT"},
-      {"Sun, 03 Jan 1999 08:49:37 GMT", "Sunday, 03-Jan-1999 08:49:37 GMT"},
-      {"Sun, 07 Feb 1999 08:49:37 GMT", "Sunday, 07-Feb-1999 08:49:37 GMT"},
-      {"Sun, 07 Mar 1999 08:49:37 GMT", "Sunday, 07-Mar-1999 08:49:37 GMT"},
-      {"Sun, 04 Apr 1999 08:49:37 GMT", "Sunday, 04-Apr-1999 08:49:37 GMT"},
-      {"Sun, 02 May 1999 08:49:37 GMT", "Sunday, 02-May-1999 08:49:37 GMT"},
-      {"Sun, 06 Jun 1999 08:49:37 GMT", "Sunday, 06-Jun-1999 08:49:37 GMT"},
-      {"Sun, 04 Jul 1999 08:49:37 GMT", "Sunday, 04-Jul-1999 08:49:37 GMT"},
-      {"Sun, 01 Aug 1999 08:49:37 GMT", "Sunday, 01-Aug-1999 08:49:37 GMT"},
-      {"Sun, 05 Sep 1999 08:49:37 GMT", "Sunday, 05-Sep-1999 08:49:37 GMT"},
-      {"Sun, 03 Oct 1999 08:49:37 GMT", "Sunday, 03-Oct-1999 08:49:37 GMT"},
-      {"Sun, 07 Nov 1999 08:49:37 GMT", "Sunday, 07-Nov-1999 08:49:37 GMT"},
-      {"Sun, 05 Dec 1999 08:49:37 GMT", "Sunday, 05-Dec-1999 08:49:37 GMT"},
-      {nullptr, nullptr},
+      {"Thu, 10 Nov 1994 08:49:37 GMT", "Thursday, 10-Nov-1994 08:49:37 GMT" },
+      {"Fri, 11 Nov 1994 08:49:37 GMT", "Friday, 11-Nov-1994 08:49:37 GMT"   },
+      {"Sat, 11 Nov 1994 08:49:37 GMT", "Saturday, 11-Nov-1994 08:49:37 GMT" },
+      {"Sun, 03 Jan 1999 08:49:37 GMT", "Sunday, 03-Jan-1999 08:49:37 GMT"   },
+      {"Sun, 07 Feb 1999 08:49:37 GMT", "Sunday, 07-Feb-1999 08:49:37 GMT"   },
+      {"Sun, 07 Mar 1999 08:49:37 GMT", "Sunday, 07-Mar-1999 08:49:37 GMT"   },
+      {"Sun, 04 Apr 1999 08:49:37 GMT", "Sunday, 04-Apr-1999 08:49:37 GMT"   },
+      {"Sun, 02 May 1999 08:49:37 GMT", "Sunday, 02-May-1999 08:49:37 GMT"   },
+      {"Sun, 06 Jun 1999 08:49:37 GMT", "Sunday, 06-Jun-1999 08:49:37 GMT"   },
+      {"Sun, 04 Jul 1999 08:49:37 GMT", "Sunday, 04-Jul-1999 08:49:37 GMT"   },
+      {"Sun, 01 Aug 1999 08:49:37 GMT", "Sunday, 01-Aug-1999 08:49:37 GMT"   },
+      {"Sun, 05 Sep 1999 08:49:37 GMT", "Sunday, 05-Sep-1999 08:49:37 GMT"   },
+      {"Sun, 03 Oct 1999 08:49:37 GMT", "Sunday, 03-Oct-1999 08:49:37 GMT"   },
+      {"Sun, 07 Nov 1999 08:49:37 GMT", "Sunday, 07-Nov-1999 08:49:37 GMT"   },
+      {"Sun, 05 Dec 1999 08:49:37 GMT", "Sunday, 05-Dec-1999 08:49:37 GMT"   },
+      {nullptr,                         nullptr                              },
     };
 
     int i;
@@ -1057,48 +1061,38 @@ TEST_CASE("HdrTest", "[proxy][hdrtest]")
     } tests[] = {
       {"GET http://foo.com/bar.txt HTTP/1.0\r\n"
        "Accept-Language: fjdfjdslkf dsjkfdj flkdsfjlk sjfdlk ajfdlksa\r\n"
-       "\r\n",
-       "GET http://foo.com/bar.txt HTTP/1.0\r\n"
+       "\r\n",                           "GET http://foo.com/bar.txt HTTP/1.0\r\n"
        "Accept-Language: fjdfjdslkf dsjkfdj flkdsfjlk sjfdlk ajfdlksa\r\n"
-       "\r\n",
-       "HTTP/1.0 200 OK\r\n"
-       "\r\n",
-       "HTTP/1.0 200 OK\r\n"
-       "\r\n"},
+       "\r\n",                           "HTTP/1.0 200 OK\r\n"
+       "\r\n",                                                                          "HTTP/1.0 200 OK\r\n"
+       "\r\n"                                                                         },
       {"GET http://foo.com/bar.txt HTTP/1.0\r\n"
        "Accept-Language: fjdfjdslkf dsjkfdj flkdsfjlk sjfdlk ajfdlksa fjfj dslkfjdslk fjsdafkl dsajfkldsa jfkldsafj "
        "klsafjs lkafjdsalk fsdjakfl sdjaflkdsaj flksdjflsd ;ffd salfdjs lf;sdaf ;dsaf jdsal;fdjsaflkjsda \r\n"
-       "\r\n",
-       "GET http://foo.com/bar.txt HTTP/1.0\r\n"
+       "\r\n",                           "GET http://foo.com/bar.txt HTTP/1.0\r\n"
        "Accept-Language: fjdfjdslkf dsjkfdj flkdsfjlk sjfdlk ajfdlksa fjfj dslkfjdslk fjsdafkl dsajfkldsa jfkldsafj "
        "klsafjs lkafjdsalk fsdjakfl sdjaflkdsaj flksdjflsd ;ffd salfdjs lf;sdaf ;dsaf jdsal;fdjsaflkjsda \r\n"
-       "\r\n",
-       "HTTP/1.0 200 OK\r\n"
-       "\r\n",
-       "HTTP/1.0 200 OK\r\n"
-       "\r\n"},
+       "\r\n",                           "HTTP/1.0 200 OK\r\n"
+       "\r\n",                                                                          "HTTP/1.0 200 OK\r\n"
+       "\r\n"                                                                         },
       {"GET http://foo.com/bar.txt HTTP/1.0\r\n"
        "Accept-Language: fjdfjdslkf dsjkfdj flkdsfjlk sjfdlk ajfdlksa fjfj dslkfjdslk fjsdafkl dsajfkldsa jfkldsafj "
        "klsafjs lkafjdsalk fsdjakfl sdjaflkdsaj flksdjflsd ;ffd salfdjs lf;sdaf ;dsaf jdsal;fdjsaflkjsda kfl; fsdajfl; "
        "sdjafl;dsajlsjfl;sdafjsdal;fjds al;fdjslaf ;slajdk;f\r\n"
-       "\r\n",
-       "GET http://foo.com/bar.txt HTTP/1.0\r\n"
+       "\r\n",                           "GET http://foo.com/bar.txt HTTP/1.0\r\n"
        "Accept-Language: fjdfjdslkf dsjkfdj flkdsfjlk sjfdlk ajfdlksa fjfj dslkfjdslk fjsdafkl dsajfkldsa jfkldsafj "
        "klsafjs lkafjdsalk fsdjakfl sdjaflkdsaj flksdjflsd ;ffd salfdjs lf;sdaf ;dsaf jdsal;fdjsaflkjsda kfl; fsdajfl; "
        "sdjafl;dsajlsjfl;sdafjsdal;fjds al;fdjslaf ;slajdk;f\r\n"
-       "\r\n",
-       "HTTP/1.0 200 OK\r\n"
-       "\r\n",
-       "HTTP/1.0 200 OK\r\n"
-       "\r\n"},
+       "\r\n",                           "HTTP/1.0 200 OK\r\n"
+       "\r\n",                                                                          "HTTP/1.0 200 OK\r\n"
+       "\r\n"                                                                         },
       {"GET http://people.netscape.com/jwz/hacks-1.gif HTTP/1.0\r\n"
        "If-Modified-Since: Wednesday, 26-Feb-97 06:58:17 GMT; length=842\r\n"
        "Referer: chocolate fribble\r\n", // missing final CRLF
        "GET http://people.netscape.com/jwz/hacks-1.gif HTTP/1.0\r\n"
        "If-Modified-Since: Wednesday, 26-Feb-97 06:58:17 GMT; length=842\r\n"
        "Referer: chocolate fribble\r\n"
-       "\r\n",
-       "HTTP/1.0 200 OK\r\n"
+       "\r\n", "HTTP/1.0 200 OK\r\n"
        "MIME-Version: 1.0\r\n"
        "Server: WebSTAR/2.1 ID/30013\r\n"
        "Content-Type: text/html\r\n"
@@ -1113,25 +1107,23 @@ TEST_CASE("HdrTest", "[proxy][hdrtest]")
        "\r\n"},
       {"GET http://people.netscape.com/jwz/hacks-1.gif HTTP/1.0\r\n"
        "If-Modified-Since: Wednesday, 26-Feb-97 06:58:17 GMT; length=842\r\n"
-       "Referer: \r\n", // missing final CRLF
+       "Referer: \r\n",                  // missing final CRLF
        "GET http://people.netscape.com/jwz/hacks-1.gif HTTP/1.0\r\n"
        "If-Modified-Since: Wednesday, 26-Feb-97 06:58:17 GMT; length=842\r\n"
        "Referer: \r\n"
-       "\r\n",
-       "HTTP/1.0 200 OK\r\n"
+       "\r\n",                  "HTTP/1.0 200 OK\r\n"
        "MIME-Version: 1.0\r\n"
        "Server: WebSTAR/2.1 ID/30013\r\n"
        "Content-Type: text/html\r\n"
        "Content-Length: 939\r\n"
        "Last-Modified: Thursday, 01-Jan-04 05:00:00 GMT\r\n"
-       "\r\n",
-       "HTTP/1.0 200 OK\r\n"
+       "\r\n",                                                                 "HTTP/1.0 200 OK\r\n"
        "MIME-Version: 1.0\r\n"
        "Server: WebSTAR/2.1 ID/30013\r\n"
        "Content-Type: text/html\r\n"
        "Content-Length: 939\r\n"
        "Last-Modified: Thursday, 01-Jan-04 05:00:00 GMT\r\n"
-       "\r\n"},
+       "\r\n"                                                                },
       {"GET http://www.news.com:80/ HTTP/1.0\r\n"
        "Proxy-Connection: Keep-Alive\r\n"
        "User-Agent: Mozilla/4.04 [en] (X11; I; Linux 2.0.33 i586)\r\n"
@@ -1142,8 +1134,7 @@ TEST_CASE("HdrTest", "[proxy][hdrtest]")
        "Accept-Charset: iso-8859-1, *, utf-8\r\n"
        "Client-ip: D1012148\r\n"
        "Foo: abcdefghijklmnopqrtu\r\n"
-       "\r\n",
-       "GET http://www.news.com:80/ HTTP/1.0\r\n"
+       "\r\n",                           "GET http://www.news.com:80/ HTTP/1.0\r\n"
        "Proxy-Connection: Keep-Alive\r\n"
        "User-Agent: Mozilla/4.04 [en] (X11; I; Linux 2.0.33 i586)\r\n"
        "Pragma: no-cache\r\n"
@@ -1153,15 +1144,13 @@ TEST_CASE("HdrTest", "[proxy][hdrtest]")
        "Accept-Charset: iso-8859-1, *, utf-8\r\n"
        "Client-ip: D1012148\r\n"
        "Foo: abcdefghijklmnopqrtu\r\n"
-       "\r\n",
-       "HTTP/1.0 200 OK\r\n"
+       "\r\n",                           "HTTP/1.0 200 OK\r\n"
        "Content-Length: 16428\r\n"
        "Content-Type: text/html\r\n"
-       "\r\n",
-       "HTTP/1.0 200 OK\r\n"
+       "\r\n",                                                                          "HTTP/1.0 200 OK\r\n"
        "Content-Length: 16428\r\n"
        "Content-Type: text/html\r\n"
-       "\r\n"},
+       "\r\n"                                                                         },
       {"GET http://people.netscape.com/jwz/hacks-1.gif HTTP/1.0\r\n"
        "If-Modified-Since: Wednesday, 26-Feb-97 06:58:17 GMT; length=842\r\n"
        "Referer: http://people.netscape.com/jwz/index.html\r\n"
@@ -1170,8 +1159,7 @@ TEST_CASE("HdrTest", "[proxy][hdrtest]")
        "Pragma: no-cache\r\n"
        "Host: people.netscape.com\r\n"
        "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*\r\n"
-       "\r\n",
-       "GET http://people.netscape.com/jwz/hacks-1.gif HTTP/1.0\r\n"
+       "\r\n",                           "GET http://people.netscape.com/jwz/hacks-1.gif HTTP/1.0\r\n"
        "If-Modified-Since: Wednesday, 26-Feb-97 06:58:17 GMT; length=842\r\n"
        "Referer: http://people.netscape.com/jwz/index.html\r\n"
        "Proxy-Connection: Keep-Alive\r\n"
@@ -1179,15 +1167,13 @@ TEST_CASE("HdrTest", "[proxy][hdrtest]")
        "Pragma: no-cache\r\n"
        "Host: people.netscape.com\r\n"
        "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*\r\n"
-       "\r\n",
-       "HTTP/1.0 200 OK\r\n"
+       "\r\n",                           "HTTP/1.0 200 OK\r\n"
        "Content-Length: 16428\r\n"
        "Content-Type: text/html\r\n"
-       "\r\n",
-       "HTTP/1.0 200 OK\r\n"
+       "\r\n",                                                                          "HTTP/1.0 200 OK\r\n"
        "Content-Length: 16428\r\n"
        "Content-Type: text/html\r\n"
-       "\r\n"},
+       "\r\n"                                                                         },
     };
 
     int ntests = sizeof(tests) / sizeof(tests[0]);
@@ -1418,21 +1404,23 @@ TEST_CASE("HdrTest", "[proxy][hdrtest]")
       char const *response;
     };
 
-    RequestResponse rr[] = {{request0, response0},
-                            {request09, response09},
-                            {request1, response1},
-                            {request_no_colon, response_no_colon},
-                            {request_no_val, response_no_colon},
-                            {request_leading_space, response0},
-                            {request_multi_fblock, response0},
-                            {request_padding, response0},
-                            {request_09p, response0},
-                            {request_09ht, response0},
-                            {request_11, response0},
-                            {request_unterminated, response_unterminated},
-                            {request_blank, response_blank},
-                            {request_blank2, response_blank2},
-                            {request_blank3, response_blank3}};
+    RequestResponse rr[] = {
+      {request0,              response0            },
+      {request09,             response09           },
+      {request1,              response1            },
+      {request_no_colon,      response_no_colon    },
+      {request_no_val,        response_no_colon    },
+      {request_leading_space, response0            },
+      {request_multi_fblock,  response0            },
+      {request_padding,       response0            },
+      {request_09p,           response0            },
+      {request_09ht,          response0            },
+      {request_11,            response0            },
+      {request_unterminated,  response_unterminated},
+      {request_blank,         response_blank       },
+      {request_blank2,        response_blank2      },
+      {request_blank3,        response_blank3      }
+    };
 
     int err;
     HTTPHdr req_hdr, rsp_hdr;
@@ -1721,29 +1709,29 @@ TEST_CASE("HdrTest", "[proxy][hdrtest]")
       int L;
       int I;
     } test_cases[] = {
-      {"en", "*", 1.0, 1, 1},
-      {"en", "fr", 0.0, 0, 0},
-      {"en", "de, fr, en;q=0.7", 0.7, 2, 3},
-      {"en-cockney", "de, fr, en;q=0.7", 0.7, 2, 3},
-      {"en-cockney", "de, fr, en-foobar;q=0.8, en;q=0.7", 0.7, 2, 4},
-      {"en-cockney", "de, fr, en-cockney;q=0.8, en;q=0.7", 0.8, 10, 3},
-      {"en-cockney", "de, fr, en;q=0.8, en;q=0.7", 0.8, 2, 3},
-      {"en-cockney", "de, fr, en;q=0.7, en;q=0.8", 0.8, 2, 4},
-      {"en-cockney", "de, fr, en;q=0.8, en;q=0.8", 0.8, 2, 3},
-      {"en-cockney", "de, fr, en-cockney;q=0.7, en;q=0.8", 0.7, 10, 3},
-      {"en-cockney", "de, fr, en;q=0.8, en-cockney;q=0.7", 0.7, 10, 4},
-      {"en-cockney", "de, fr, en-cockney;q=0.8, en;q=0.8", 0.8, 10, 3},
-      {"en-cockney", "de, fr, en-cockney;q=0.8, en;q=0.7", 0.8, 10, 3},
-      {"en-cockney", "de, fr, en-american", 0.0, 0, 0},
-      {"en-cockney", "de, fr, en;q=0.8, en;q=0.8, *", 0.8, 2, 3},
-      {"en-cockney", "de, fr, en;q=0.8, en;q=0.8, *;q=0.9", 0.8, 2, 3},
-      {"en-foobar", "de, fr, en;q=0.8, en;q=0.8, *;q=0.9", 0.8, 2, 3},
-      {"oo-foobar", "de, fr, en;q=0.8, en;q=0.8, *;q=0.9", 0.9, 1, 5},
-      {"oo-foobar", "de, fr, en;q=0.8, en;q=0.8, *;q=0.9, *", 1.0, 1, 6},
-      {"oo-foobar", "de, fr, en;q=0.8, en;q=0.8, *, *;q=0.9", 1.0, 1, 5},
-      {"fr-belgian", "de, fr;hi-there;q=0.9, fr;q=0.8, en", 0.9, 2, 2},
-      {"fr-belgian", "de, fr;q=0.8, fr;hi-there;q=0.9, en", 0.9, 2, 3},
-      {nullptr, nullptr, 0.0, 0, 0},
+      {"en",         "*",                                      1.0, 1,  1},
+      {"en",         "fr",                                     0.0, 0,  0},
+      {"en",         "de, fr, en;q=0.7",                       0.7, 2,  3},
+      {"en-cockney", "de, fr, en;q=0.7",                       0.7, 2,  3},
+      {"en-cockney", "de, fr, en-foobar;q=0.8, en;q=0.7",      0.7, 2,  4},
+      {"en-cockney", "de, fr, en-cockney;q=0.8, en;q=0.7",     0.8, 10, 3},
+      {"en-cockney", "de, fr, en;q=0.8, en;q=0.7",             0.8, 2,  3},
+      {"en-cockney", "de, fr, en;q=0.7, en;q=0.8",             0.8, 2,  4},
+      {"en-cockney", "de, fr, en;q=0.8, en;q=0.8",             0.8, 2,  3},
+      {"en-cockney", "de, fr, en-cockney;q=0.7, en;q=0.8",     0.7, 10, 3},
+      {"en-cockney", "de, fr, en;q=0.8, en-cockney;q=0.7",     0.7, 10, 4},
+      {"en-cockney", "de, fr, en-cockney;q=0.8, en;q=0.8",     0.8, 10, 3},
+      {"en-cockney", "de, fr, en-cockney;q=0.8, en;q=0.7",     0.8, 10, 3},
+      {"en-cockney", "de, fr, en-american",                    0.0, 0,  0},
+      {"en-cockney", "de, fr, en;q=0.8, en;q=0.8, *",          0.8, 2,  3},
+      {"en-cockney", "de, fr, en;q=0.8, en;q=0.8, *;q=0.9",    0.8, 2,  3},
+      {"en-foobar",  "de, fr, en;q=0.8, en;q=0.8, *;q=0.9",    0.8, 2,  3},
+      {"oo-foobar",  "de, fr, en;q=0.8, en;q=0.8, *;q=0.9",    0.9, 1,  5},
+      {"oo-foobar",  "de, fr, en;q=0.8, en;q=0.8, *;q=0.9, *", 1.0, 1,  6},
+      {"oo-foobar",  "de, fr, en;q=0.8, en;q=0.8, *, *;q=0.9", 1.0, 1,  5},
+      {"fr-belgian", "de, fr;hi-there;q=0.9, fr;q=0.8, en",    0.9, 2,  2},
+      {"fr-belgian", "de, fr;q=0.8, fr;hi-there;q=0.9, en",    0.9, 2,  3},
+      {nullptr,      nullptr,                                  0.0, 0,  0},
     };
 
     int i, I, L;
@@ -1776,33 +1764,33 @@ TEST_CASE("HdrTest", "[proxy][hdrtest]")
       float Q;
       int I;
     } test_cases[] = {
-      {"iso-8859-1", "*", 1.0, 1},
-      {"iso-8859-1", "iso-8859-2", 0.0, 0},
-      {"iso-8859-1", "iso-8859", 0.0, 0},
-      {"iso-8859-1", "iso-8859-12", 0.0, 0},
-      {"iso-8859-1", "koi-8-r", 0.0, 0},
-      {"euc-jp", "shift_jis, iso-2022-jp, euc-jp;q=0.7", 0.7, 3},
-      {"euc-jp", "shift_jis, iso-2022-jp, euc-jp;q=0.7", 0.7, 3},
-      {"euc-jp", "shift_jis, iso-2022-jp, euc-jp;q=0.8, euc-jp;q=0.7", 0.8, 3},
-      {"euc-jp", "shift_jis, iso-2022-jp, euc-jp;q=0.7, euc-jp;q=0.8", 0.8, 4},
-      {"euc-jp", "euc-jp;q=0.9, shift_jis, iso-2022-jp, euc-jp;q=0.7, euc-jp;q=0.8", 0.9, 1},
-      {"EUC-JP", "euc-jp;q=0.9, shift_jis, iso-2022-jp, euc-jp, euc-jp;q=0.8", 1.0, 4},
-      {"euc-jp", "euc-jp;q=0.9, shift_jis, iso-2022-jp, EUC-JP, euc-jp;q=0.8", 1.0, 4},
-      {"euc-jp", "shift_jis, iso-2022-jp, euc-jp-foobar", 0.0, 0},
-      {"euc-jp", "shift_jis, iso-2022-jp, euc-jp-foobar, *", 1.0, 4},
-      {"euc-jp", "shift_jis, iso-2022-jp, euc-jp-foobar, *;q=0.543", 0.543, 4},
-      {"euc-jp", "shift_jis, iso-2022-jp, euc-jp-foobar, *;q=0.0", 0.0, 4},
-      {"euc-jp", "shift_jis, iso-2022-jp, *;q=0.0, euc-jp-foobar, *;q=0.0", 0.0, 3},
-      {"euc-jp", "shift_jis, iso-2022-jp, *;q=0.0, euc-jp-foobar, *;q=0.5", 0.5, 5},
-      {"euc-jp", "shift_jis, iso-2022-jp, *;q=0.5, euc-jp-foobar, *;q=0.0", 0.5, 3},
-      {"euc-jp", "shift_jis, iso-2022-jp, *;q=0.5, euc-jp-foobar, *, *;q=0.0", 1.0, 5},
-      {"euc-jp", "shift_jis, euc-jp;hi-there;q=0.5, iso-2022-jp", 0.5, 2},
-      {"euc-jp", "shift_jis, euc-jp;hi-there;q= 0.5, iso-2022-jp", 0.5, 2},
-      {"euc-jp", "shift_jis, euc-jp;hi-there;q = 0.5, iso-2022-jp", 0.5, 2},
-      {"euc-jp", "shift_jis, euc-jp;hi-there ; q = 0.5, iso-2022-jp", 0.5, 2},
-      {"euc-jp", "shift_jis, euc-jp;hi-there ;; q = 0.5, iso-2022-jp", 0.5, 2},
-      {"euc-jp", "shift_jis, euc-jp;hi-there ;; Q = 0.5, iso-2022-jp", 0.5, 2},
-      {nullptr, nullptr, 0.0, 0},
+      {"iso-8859-1", "*",                                                                1.0,   1},
+      {"iso-8859-1", "iso-8859-2",                                                       0.0,   0},
+      {"iso-8859-1", "iso-8859",                                                         0.0,   0},
+      {"iso-8859-1", "iso-8859-12",                                                      0.0,   0},
+      {"iso-8859-1", "koi-8-r",                                                          0.0,   0},
+      {"euc-jp",     "shift_jis, iso-2022-jp, euc-jp;q=0.7",                             0.7,   3},
+      {"euc-jp",     "shift_jis, iso-2022-jp, euc-jp;q=0.7",                             0.7,   3},
+      {"euc-jp",     "shift_jis, iso-2022-jp, euc-jp;q=0.8, euc-jp;q=0.7",               0.8,   3},
+      {"euc-jp",     "shift_jis, iso-2022-jp, euc-jp;q=0.7, euc-jp;q=0.8",               0.8,   4},
+      {"euc-jp",     "euc-jp;q=0.9, shift_jis, iso-2022-jp, euc-jp;q=0.7, euc-jp;q=0.8", 0.9,   1},
+      {"EUC-JP",     "euc-jp;q=0.9, shift_jis, iso-2022-jp, euc-jp, euc-jp;q=0.8",       1.0,   4},
+      {"euc-jp",     "euc-jp;q=0.9, shift_jis, iso-2022-jp, EUC-JP, euc-jp;q=0.8",       1.0,   4},
+      {"euc-jp",     "shift_jis, iso-2022-jp, euc-jp-foobar",                            0.0,   0},
+      {"euc-jp",     "shift_jis, iso-2022-jp, euc-jp-foobar, *",                         1.0,   4},
+      {"euc-jp",     "shift_jis, iso-2022-jp, euc-jp-foobar, *;q=0.543",                 0.543, 4},
+      {"euc-jp",     "shift_jis, iso-2022-jp, euc-jp-foobar, *;q=0.0",                   0.0,   4},
+      {"euc-jp",     "shift_jis, iso-2022-jp, *;q=0.0, euc-jp-foobar, *;q=0.0",          0.0,   3},
+      {"euc-jp",     "shift_jis, iso-2022-jp, *;q=0.0, euc-jp-foobar, *;q=0.5",          0.5,   5},
+      {"euc-jp",     "shift_jis, iso-2022-jp, *;q=0.5, euc-jp-foobar, *;q=0.0",          0.5,   3},
+      {"euc-jp",     "shift_jis, iso-2022-jp, *;q=0.5, euc-jp-foobar, *, *;q=0.0",       1.0,   5},
+      {"euc-jp",     "shift_jis, euc-jp;hi-there;q=0.5, iso-2022-jp",                    0.5,   2},
+      {"euc-jp",     "shift_jis, euc-jp;hi-there;q= 0.5, iso-2022-jp",                   0.5,   2},
+      {"euc-jp",     "shift_jis, euc-jp;hi-there;q = 0.5, iso-2022-jp",                  0.5,   2},
+      {"euc-jp",     "shift_jis, euc-jp;hi-there ; q = 0.5, iso-2022-jp",                0.5,   2},
+      {"euc-jp",     "shift_jis, euc-jp;hi-there ;; q = 0.5, iso-2022-jp",               0.5,   2},
+      {"euc-jp",     "shift_jis, euc-jp;hi-there ;; Q = 0.5, iso-2022-jp",               0.5,   2},
+      {nullptr,      nullptr,                                                            0.0,   0},
     };
 
     int i, I;
@@ -1853,10 +1841,9 @@ TEST_CASE("HdrTest", "[proxy][hdrtest]")
       {"foo, bar,", 3, {{0, 3}, {5, 3}, {9, 0}, {-1, 0}}},
       {"foo, bar, ", 3, {{0, 3}, {5, 3}, {9, 0}, {-1, 0}}},
       {
-        ",foo,bar,",
-        4,
-        {{0, 0}, {1, 3}, {5, 3}, {9, 0}},
-      },
+       ",foo,bar,", 4,
+       {{0, 0}, {1, 3}, {5, 3}, {9, 0}},
+       },
     };
 
     HTTPHdr hdr;
@@ -1912,43 +1899,43 @@ TEST_CASE("HdrTest", "[proxy][hdrtest]")
       const char *slice;
       const char *new_raw;
     } tests[] = {
-      {"a,b,c", 0, "fred", "fred, b, c"},
-      {"a,b,c", 1, "fred", "a, fred, c"},
-      {"a,b,c", 2, "fred", "a, b, fred"},
-      {"a,b,c", 3, "fred", "a,b,c"},
-      {"", 0, "", ""},
-      {"", 0, "foo", "foo"},
-      {"", 1, "foo", ""},
-      {" ", 0, "", ""},
-      {" ", 0, "foo", "foo"},
-      {" ", 1, "foo", " "},
-      {",", 0, "foo", "foo, "},
-      {",", 1, "foo", ", foo"},
-      {",,", 0, "foo", "foo, , "},
-      {",,", 1, "foo", ", foo, "},
-      {",,", 2, "foo", ", , foo"},
-      {"foo", 0, "abc", "abc"},
-      {"foo", 1, "abc", "foo"},
-      {"foo", 0, "abc,", "abc,"},
-      {"foo", 0, ",abc", ",abc"},
-      {",,", 1, ",,,", ", ,,,, "},
-      {" a , b , c", 0, "fred", "fred, b, c"},
-      {" a , b , c", 1, "fred", "a, fred, c"},
-      {" a , b , c", 2, "fred", "a, b, fred"},
-      {" a , b , c", 3, "fred", " a , b , c"},
-      {"    a   ,   b ", 0, "fred", "fred, b"},
-      {"    a   ,   b ", 1, "fred", "a, fred"},
-      {"    a   , b ", 1, "fred", "a, fred"},
-      {"    a   ,b ", 1, "fred", "a, fred"},
-      {"a, , , , e, , g,", 0, "fred", "fred, , , , e, , g, "},
-      {"a, , , , e, , g,", 1, "fred", "a, fred, , , e, , g, "},
-      {"a, , , , e, , g,", 2, "fred", "a, , fred, , e, , g, "},
-      {"a, , , , e, , g,", 5, "fred", "a, , , , e, fred, g, "},
-      {"a, , , , e, , g,", 7, "fred", "a, , , , e, , g, fred"},
-      {"a, , , , e, , g,", 8, "fred", "a, , , , e, , g,"},
-      {"a, \"boo,foo\", c", 0, "wawa", "wawa, \"boo,foo\", c"},
-      {"a, \"boo,foo\", c", 1, "wawa", "a, wawa, c"},
-      {"a, \"boo,foo\", c", 2, "wawa", "a, \"boo,foo\", wawa"},
+      {"a,b,c",             0, "fred", "fred, b, c"           },
+      {"a,b,c",             1, "fred", "a, fred, c"           },
+      {"a,b,c",             2, "fred", "a, b, fred"           },
+      {"a,b,c",             3, "fred", "a,b,c"                },
+      {"",                  0, "",     ""                     },
+      {"",                  0, "foo",  "foo"                  },
+      {"",                  1, "foo",  ""                     },
+      {" ",                 0, "",     ""                     },
+      {" ",                 0, "foo",  "foo"                  },
+      {" ",                 1, "foo",  " "                    },
+      {",",                 0, "foo",  "foo, "                },
+      {",",                 1, "foo",  ", foo"                },
+      {",,",                0, "foo",  "foo, , "              },
+      {",,",                1, "foo",  ", foo, "              },
+      {",,",                2, "foo",  ", , foo"              },
+      {"foo",               0, "abc",  "abc"                  },
+      {"foo",               1, "abc",  "foo"                  },
+      {"foo",               0, "abc,", "abc,"                 },
+      {"foo",               0, ",abc", ",abc"                 },
+      {",,",                1, ",,,",  ", ,,,, "              },
+      {" a , b , c",        0, "fred", "fred, b, c"           },
+      {" a , b , c",        1, "fred", "a, fred, c"           },
+      {" a , b , c",        2, "fred", "a, b, fred"           },
+      {" a , b , c",        3, "fred", " a , b , c"           },
+      {"    a   ,   b ",    0, "fred", "fred, b"              },
+      {"    a   ,   b ",    1, "fred", "a, fred"              },
+      {"    a   , b ",      1, "fred", "a, fred"              },
+      {"    a   ,b ",       1, "fred", "a, fred"              },
+      {"a, , , , e, , g,",  0, "fred", "fred, , , , e, , g, " },
+      {"a, , , , e, , g,",  1, "fred", "a, fred, , , e, , g, "},
+      {"a, , , , e, , g,",  2, "fred", "a, , fred, , e, , g, "},
+      {"a, , , , e, , g,",  5, "fred", "a, , , , e, fred, g, "},
+      {"a, , , , e, , g,",  7, "fred", "a, , , , e, , g, fred"},
+      {"a, , , , e, , g,",  8, "fred", "a, , , , e, , g,"     },
+      {"a, \"boo,foo\", c", 0, "wawa", "wawa, \"boo,foo\", c" },
+      {"a, \"boo,foo\", c", 1, "wawa", "a, wawa, c"           },
+      {"a, \"boo,foo\", c", 2, "wawa", "a, \"boo,foo\", wawa" },
     };
 
     HTTPHdr hdr;
@@ -2003,42 +1990,42 @@ TEST_CASE("HdrTest", "[proxy][hdrtest]")
         int len;
       } pieces[3];
     } tests[] = {
-      {"", 1, {{0, 0}, {-1, 0}, {-1, 0}}},
-      {",", 2, {{0, 0}, {1, 0}, {-1, 0}}},
-      {" ,", 2, {{0, 0}, {2, 0}, {-1, 0}}},
-      {", ", 2, {{0, 0}, {1, 0}, {-1, 0}}},
-      {" , ", 2, {{0, 0}, {2, 0}, {-1, 0}}},
-      {"abc,", 2, {{0, 3}, {4, 0}, {-1, 0}}},
-      {"abc, ", 2, {{0, 3}, {4, 0}, {-1, 0}}},
-      {"", 1, {{0, 0}, {-1, 0}, {-1, 0}}},
-      {" ", 1, {{0, 0}, {-1, 0}, {-1, 0}}},
-      {"  ", 1, {{0, 0}, {-1, 0}, {-1, 0}}},
-      {"a", 1, {{0, 1}, {-1, 0}, {-1, 0}}},
-      {" a", 1, {{1, 1}, {-1, 0}, {-1, 0}}},
-      {"  a  ", 1, {{2, 1}, {-1, 0}, {-1, 0}}},
-      {"abc,defg", 2, {{0, 3}, {4, 4}, {-1, 0}}},
-      {" abc,defg", 2, {{1, 3}, {5, 4}, {-1, 0}}},
-      {" abc, defg", 2, {{1, 3}, {6, 4}, {-1, 0}}},
-      {" abc , defg", 2, {{1, 3}, {7, 4}, {-1, 0}}},
-      {" abc , defg ", 2, {{1, 3}, {7, 4}, {-1, 0}}},
-      {" abc , defg, ", 3, {{1, 3}, {7, 4}, {12, 0}}},
-      {" abc , defg ,", 3, {{1, 3}, {7, 4}, {13, 0}}},
-      {", abc , defg ", 3, {{0, 0}, {2, 3}, {8, 4}}},
-      {" ,abc , defg ", 3, {{0, 0}, {2, 3}, {8, 4}}},
-      {"a,b", 2, {{0, 1}, {2, 1}, {-1, 0}}},
-      {"a,,b", 3, {{0, 1}, {2, 0}, {3, 1}}},
-      {"a, ,b", 3, {{0, 1}, {2, 0}, {4, 1}}},
-      {"a ,,b", 3, {{0, 1}, {3, 0}, {4, 1}}},
-      {",", 2, {{0, 0}, {1, 0}, {-1, 0}}},
-      {" ,", 2, {{0, 0}, {2, 0}, {-1, 0}}},
-      {", ", 2, {{0, 0}, {1, 0}, {-1, 0}}},
-      {" , ", 2, {{0, 0}, {2, 0}, {-1, 0}}},
-      {"a,b,", 3, {{0, 1}, {2, 1}, {4, 0}}},
-      {"a,b, ", 3, {{0, 1}, {2, 1}, {4, 0}}},
-      {"a,b,  ", 3, {{0, 1}, {2, 1}, {4, 0}}},
-      {"a,b,  c", 3, {{0, 1}, {2, 1}, {6, 1}}},
-      {"a,b,  c ", 3, {{0, 1}, {2, 1}, {6, 1}}},
-      {"a,\"b,c\",d", 3, {{0, 1}, {3, 3}, {8, 1}}},
+      {"",              1, {{0, 0}, {-1, 0}, {-1, 0}}},
+      {",",             2, {{0, 0}, {1, 0}, {-1, 0}} },
+      {" ,",            2, {{0, 0}, {2, 0}, {-1, 0}} },
+      {", ",            2, {{0, 0}, {1, 0}, {-1, 0}} },
+      {" , ",           2, {{0, 0}, {2, 0}, {-1, 0}} },
+      {"abc,",          2, {{0, 3}, {4, 0}, {-1, 0}} },
+      {"abc, ",         2, {{0, 3}, {4, 0}, {-1, 0}} },
+      {"",              1, {{0, 0}, {-1, 0}, {-1, 0}}},
+      {" ",             1, {{0, 0}, {-1, 0}, {-1, 0}}},
+      {"  ",            1, {{0, 0}, {-1, 0}, {-1, 0}}},
+      {"a",             1, {{0, 1}, {-1, 0}, {-1, 0}}},
+      {" a",            1, {{1, 1}, {-1, 0}, {-1, 0}}},
+      {"  a  ",         1, {{2, 1}, {-1, 0}, {-1, 0}}},
+      {"abc,defg",      2, {{0, 3}, {4, 4}, {-1, 0}} },
+      {" abc,defg",     2, {{1, 3}, {5, 4}, {-1, 0}} },
+      {" abc, defg",    2, {{1, 3}, {6, 4}, {-1, 0}} },
+      {" abc , defg",   2, {{1, 3}, {7, 4}, {-1, 0}} },
+      {" abc , defg ",  2, {{1, 3}, {7, 4}, {-1, 0}} },
+      {" abc , defg, ", 3, {{1, 3}, {7, 4}, {12, 0}} },
+      {" abc , defg ,", 3, {{1, 3}, {7, 4}, {13, 0}} },
+      {", abc , defg ", 3, {{0, 0}, {2, 3}, {8, 4}}  },
+      {" ,abc , defg ", 3, {{0, 0}, {2, 3}, {8, 4}}  },
+      {"a,b",           2, {{0, 1}, {2, 1}, {-1, 0}} },
+      {"a,,b",          3, {{0, 1}, {2, 0}, {3, 1}}  },
+      {"a, ,b",         3, {{0, 1}, {2, 0}, {4, 1}}  },
+      {"a ,,b",         3, {{0, 1}, {3, 0}, {4, 1}}  },
+      {",",             2, {{0, 0}, {1, 0}, {-1, 0}} },
+      {" ,",            2, {{0, 0}, {2, 0}, {-1, 0}} },
+      {", ",            2, {{0, 0}, {1, 0}, {-1, 0}} },
+      {" , ",           2, {{0, 0}, {2, 0}, {-1, 0}} },
+      {"a,b,",          3, {{0, 1}, {2, 1}, {4, 0}}  },
+      {"a,b, ",         3, {{0, 1}, {2, 1}, {4, 0}}  },
+      {"a,b,  ",        3, {{0, 1}, {2, 1}, {4, 0}}  },
+      {"a,b,  c",       3, {{0, 1}, {2, 1}, {6, 1}}  },
+      {"a,b,  c ",      3, {{0, 1}, {2, 1}, {6, 1}}  },
+      {"a,\"b,c\",d",   3, {{0, 1}, {3, 3}, {8, 1}}  },
     };
 
     int i, j, ntests, offset;
diff --git a/proxy/hdrs/unit_tests/test_URL.cc b/proxy/hdrs/unit_tests/test_URL.cc
index 115aeee5d85..bb1886d5800 100644
--- a/proxy/hdrs/unit_tests/test_URL.cc
+++ b/proxy/hdrs/unit_tests/test_URL.cc
@@ -29,21 +29,23 @@ TEST_CASE("ValidateURL", "[proxy][validurl]")
   static const struct {
     const char *const text;
     bool valid;
-  } http_validate_hdr_field_test_case[] = {{"yahoo", true},
-                                           {"yahoo.com", true},
-                                           {"yahoo.wow.com", true},
-                                           {"yahoo.wow.much.amaze.com", true},
-                                           {"209.131.52.50", true},
-                                           {"192.168.0.1", true},
-                                           {"localhost", true},
-                                           {"3ffe:1900:4545:3:200:f8ff:fe21:67cf", true},
-                                           {"fe80:0:0:0:200:f8ff:fe21:67cf", true},
-                                           {"fe80::200:f8ff:fe21:67cf", true},
-                                           {"", false}, // Sample host header XSS attack
-                                           {"jlads;f8-9349*(D&F*D(234jD*(FSD*(VKLJ#(*$@()#$)))))", false},
-                                           {"\"\t\n", false},
-                                           {"!@#$%^ &*(*&^%$#@#$%^&*(*&^%$#))", false},
-                                           {":):(:O!!!!!!", false}};
+  } http_validate_hdr_field_test_case[] = {
+    {"yahoo",                                               true },
+    {"yahoo.com",                                           true },
+    {"yahoo.wow.com",                                       true },
+    {"yahoo.wow.much.amaze.com",                            true },
+    {"209.131.52.50",                                       true },
+    {"192.168.0.1",                                         true },
+    {"localhost",                                           true },
+    {"3ffe:1900:4545:3:200:f8ff:fe21:67cf",                 true },
+    {"fe80:0:0:0:200:f8ff:fe21:67cf",                       true },
+    {"fe80::200:f8ff:fe21:67cf",                            true },
+    {"",                               false}, // Sample host header XSS attack
+    {"jlads;f8-9349*(D&F*D(234jD*(FSD*(VKLJ#(*$@()#$)))))", false},
+    {"\"\t\n",                                              false},
+    {"!@#$%^ &*(*&^%$#@#$%^&*(*&^%$#))",                    false},
+    {":):(:O!!!!!!",                                        false}
+  };
   for (auto i : http_validate_hdr_field_test_case) {
     const char *const txt = i.text;
     if (validate_host_name({txt}) != i.valid) {
@@ -58,9 +60,18 @@ TEST_CASE("Validate Scheme", "[proxy][validscheme]")
   static const struct {
     std::string_view text;
     bool valid;
-  } scheme_test_cases[] = {{"http", true},      {"https", true},      {"example", true},    {"example.", true},
-                           {"example++", true}, {"example--.", true}, {"++example", false}, {"--example", false},
-                           {".example", false}, {"example://", false}};
+  } scheme_test_cases[] = {
+    {"http",       true },
+    {"https",      true },
+    {"example",    true },
+    {"example.",   true },
+    {"example++",  true },
+    {"example--.", true },
+    {"++example",  false},
+    {"--example",  false},
+    {".example",   false},
+    {"example://", false}
+  };
 
   for (auto i : scheme_test_cases) {
     // it's pretty hard to debug with
@@ -86,30 +97,32 @@ TEST_CASE("ParseRulesStrictURI", "[proxy][parseuri]")
   const struct {
     const char *const uri;
     bool valid;
-  } http_strict_uri_parsing_test_case[] = {{"//index.html", true},
-                                           {"/home", true},
-                                           {"/path/data?key=value#id", true},
-                                           {"/ABCDEFGHIJKLMNOPQRSTUVWXYZ", true},
-                                           {"/abcdefghijklmnopqrstuvwxyz", true},
-                                           {"/abcde fghijklmnopqrstuvwxyz", false},
-                                           {"/abcde\tfghijklmnopqrstuvwxyz", false},
-                                           {"/abcdefghijklmnopqrstuvwxyz", false},
-                                           {"/0123456789", true},
-                                           {":/?#[]@", true},
-                                           {"!$&'()*+,;=", true},
-                                           {"-._~", true},
-                                           {"%", true},
-                                           {"\n", false},
-                                           {"\"", false},
-                                           {"<", false},
-                                           {">", false},
-                                           {"\\", false},
-                                           {"^", false},
-                                           {"`", false},
-                                           {"{", false},
-                                           {"|", false},
-                                           {"}", false},
-                                           {"é", false}};
+  } http_strict_uri_parsing_test_case[] = {
+    {"//index.html",                  true },
+    {"/home",                         true },
+    {"/path/data?key=value#id",       true },
+    {"/ABCDEFGHIJKLMNOPQRSTUVWXYZ",   true },
+    {"/abcdefghijklmnopqrstuvwxyz",   true },
+    {"/abcde fghijklmnopqrstuvwxyz",  false},
+    {"/abcde\tfghijklmnopqrstuvwxyz", false},
+    {"/abcdefghijklmnopqrstuvwxyz",  false},
+    {"/0123456789",                   true },
+    {":/?#[]@",                       true },
+    {"!$&'()*+,;=",                   true },
+    {"-._~",                          true },
+    {"%",                             true },
+    {"\n",                            false},
+    {"\"",                            false},
+    {"<",                             false},
+    {">",                             false},
+    {"\\",                            false},
+    {"^",                             false},
+    {"`",                             false},
+    {"{",                             false},
+    {"|",                             false},
+    {"}",                             false},
+    {"é",                            false}
+  };
 
   for (auto i : http_strict_uri_parsing_test_case) {
     const char *const uri = i.uri;
@@ -125,30 +138,32 @@ TEST_CASE("ParseRulesMostlyStrictURI", "[proxy][parseuri]")
   const struct {
     const char *const uri;
     bool valid;
-  } http_mostly_strict_uri_parsing_test_case[] = {{"//index.html", true},
-                                                  {"/home", true},
-                                                  {"/path/data?key=value#id", true},
-                                                  {"/ABCDEFGHIJKLMNOPQRSTUVWXYZ", true},
-                                                  {"/abcdefghijklmnopqrstuvwxyz", true},
-                                                  {"/abcde fghijklmnopqrstuvwxyz", false},
-                                                  {"/abcde\tfghijklmnopqrstuvwxyz", false},
-                                                  {"/abcdefghijklmnopqrstuvwxyz", false},
-                                                  {"/0123456789", true},
-                                                  {":/?#[]@", true},
-                                                  {"!$&'()*+,;=", true},
-                                                  {"-._~", true},
-                                                  {"%", true},
-                                                  {"\n", false},
-                                                  {"\"", true},
-                                                  {"<", true},
-                                                  {">", true},
-                                                  {"\\", true},
-                                                  {"^", true},
-                                                  {"`", true},
-                                                  {"{", true},
-                                                  {"|", true},
-                                                  {"}", true},
-                                                  {"é", false}}; // Non-printable ascii
+  } http_mostly_strict_uri_parsing_test_case[] = {
+    {"//index.html",                  true },
+    {"/home",                         true },
+    {"/path/data?key=value#id",       true },
+    {"/ABCDEFGHIJKLMNOPQRSTUVWXYZ",   true },
+    {"/abcdefghijklmnopqrstuvwxyz",   true },
+    {"/abcde fghijklmnopqrstuvwxyz",  false},
+    {"/abcde\tfghijklmnopqrstuvwxyz", false},
+    {"/abcdefghijklmnopqrstuvwxyz",  false},
+    {"/0123456789",                   true },
+    {":/?#[]@",                       true },
+    {"!$&'()*+,;=",                   true },
+    {"-._~",                          true },
+    {"%",                             true },
+    {"\n",                            false},
+    {"\"",                            true },
+    {"<",                             true },
+    {">",                             true },
+    {"\\",                            true },
+    {"^",                             true },
+    {"`",                             true },
+    {"{",                             true },
+    {"|",                             true },
+    {"}",                             true },
+    {"é",                            false}
+  }; // Non-printable ascii
 
   for (auto i : http_mostly_strict_uri_parsing_test_case) {
     const char *const uri = i.uri;
diff --git a/proxy/hdrs/unit_tests/test_XPACK.cc b/proxy/hdrs/unit_tests/test_XPACK.cc
index 3404e6b6786..335756ebbe9 100644
--- a/proxy/hdrs/unit_tests/test_XPACK.cc
+++ b/proxy/hdrs/unit_tests/test_XPACK.cc
@@ -38,7 +38,11 @@ TEST_CASE("XPACK_Integer", "[xpack]")
     uint8_t *encoded_field;
     int encoded_field_len;
     int prefix;
-  } integer_test_case[] = {{10, (uint8_t *)"\x0a", 1, 5}, {1337, (uint8_t *)"\x1F\x9A\x0A", 3, 5}, {42, (uint8_t *)R"(*)", 1, 8}};
+  } integer_test_case[] = {
+    {10,   (uint8_t *)"\x0a",         1, 5},
+    {1337, (uint8_t *)"\x1F\x9A\x0A", 3, 5},
+    {42,   (uint8_t *)R"(*)",         1, 8}
+  };
 
   SECTION("Encoding")
   {
@@ -74,26 +78,21 @@ TEST_CASE("XPACK_String", "[xpack]")
     uint8_t *encoded_field;
     int encoded_field_len;
   } string_test_case[] = {
-    {(char *)"", 0,
+    {(char *)"",                        0,
      (uint8_t *)"\x0"
-                "",
-     1},
-    {(char *)"custom-key", 10,
+                "",                                                                                     1 },
+    {(char *)"custom-key",              10,
      (uint8_t *)"\xA"
-                "custom-key",
-     11},
-    {(char *)"", 0,
+                "custom-key",                                                                           11},
+    {(char *)"",                        0,
      (uint8_t *)"\x80"
-                "",
-     1},
-    {(char *)"custom-key", 10,
+                "",                                                                                     1 },
+    {(char *)"custom-key",              10,
      (uint8_t *)"\x88"
-                "\x25\xa8\x49\xe9\x5b\xa9\x7d\x7f",
-     9},
+                "\x25\xa8\x49\xe9\x5b\xa9\x7d\x7f",                                                     9 },
     {(char *)"cw Times New Roman_σ=1", 23,
      (uint8_t *)"\x95"
-                "\x27\x85\x37\x9a\x92\xa1\x4d\x25\xf0\xa6\xd3\xd2\x3a\xa2\xff\xff\xf6\xff\xff\x44\x01",
-     22},
+                "\x27\x85\x37\x9a\x92\xa1\x4d\x25\xf0\xa6\xd3\xd2\x3a\xa2\xff\xff\xf6\xff\xff\x44\x01", 22},
   };
 
   SECTION("Encoding")
diff --git a/proxy/hdrs/unit_tests/test_mime.cc b/proxy/hdrs/unit_tests/test_mime.cc
index 0ad70384ac9..4db2ebdb609 100644
--- a/proxy/hdrs/unit_tests/test_mime.cc
+++ b/proxy/hdrs/unit_tests/test_mime.cc
@@ -203,17 +203,19 @@ TEST_CASE("MimeParsers", "[proxy][mimeparsers]")
   const char *end;
   int value;
 
-  static const std::vector> tests = {{"0", 0},
-                                                                  {"1234", 1234},
-                                                                  {"-1234", -1234},
-                                                                  {"2147483647", 2147483647},
-                                                                  {"-2147483648", 2147483648},
-                                                                  {"2147483648", INT_MAX},
-                                                                  {"-2147483649", INT_MIN},
-                                                                  {"2147483647", INT_MAX},
-                                                                  {"-2147483648", INT_MIN},
-                                                                  {"999999999999", INT_MAX},
-                                                                  {"-999999999999", INT_MIN}};
+  static const std::vector> tests = {
+    {"0",             0         },
+    {"1234",          1234      },
+    {"-1234",         -1234     },
+    {"2147483647",    2147483647},
+    {"-2147483648",   2147483648},
+    {"2147483648",    INT_MAX   },
+    {"-2147483649",   INT_MIN   },
+    {"2147483647",    INT_MAX   },
+    {"-2147483648",   INT_MIN   },
+    {"999999999999",  INT_MAX   },
+    {"-999999999999", INT_MIN   }
+  };
 
   for (const auto &it : tests) {
     auto [buf, val] = it;
diff --git a/proxy/http/ConnectingEntry.cc b/proxy/http/ConnectingEntry.cc
new file mode 100644
index 00000000000..255aa90f412
--- /dev/null
+++ b/proxy/http/ConnectingEntry.cc
@@ -0,0 +1,157 @@
+/** @file
+
+  Server side connection management.
+
+  @section license License
+
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements.  See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership.  The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+
+ */
+
+#include "ConnectingEntry.h"
+#include "HttpSM.h"
+
+ConnectingEntry::~ConnectingEntry()
+{
+  if (_netvc_read_buffer != nullptr) {
+    free_MIOBuffer(_netvc_read_buffer);
+    _netvc_read_buffer = nullptr;
+  }
+}
+
+int
+ConnectingEntry::state_http_server_open(int event, void *data)
+{
+  Debug("http_connect", "entered inside ConnectingEntry::state_http_server_open");
+
+  switch (event) {
+  case NET_EVENT_OPEN: {
+    _netvc                 = static_cast(data);
+    UnixNetVConnection *vc = static_cast(_netvc);
+    ink_release_assert(_pending_action == nullptr || _pending_action->continuation == vc->get_action()->continuation);
+    _pending_action = nullptr;
+    Debug("http_connect", "ConnectingEntrysetting handler for connection handshake");
+    // Just want to get a write-ready event so we know that the connection handshake is complete.
+    // The buffer we create will be handed over to the eventually created server session
+    _netvc_read_buffer = new_MIOBuffer(HTTP_SERVER_RESP_HDR_BUFFER_INDEX);
+    _netvc_reader      = _netvc_read_buffer->alloc_reader();
+    _netvc->do_io_write(this, 1, _netvc_reader);
+    ink_release_assert(!_connect_sms.empty());
+    if (!_connect_sms.empty()) {
+      HttpSM *prime_connect_sm = *(_connect_sms.begin());
+      _netvc->set_inactivity_timeout(prime_connect_sm->get_server_connect_timeout());
+    }
+    ink_release_assert(_pending_action == nullptr);
+    return 0;
+  }
+  case VC_EVENT_READ_COMPLETE:
+  case VC_EVENT_WRITE_READY:
+  case VC_EVENT_WRITE_COMPLETE: {
+    Debug("http_connect", "Kick off %zd state machines waiting for origin", _connect_sms.size());
+    this->remove_entry();
+    _netvc->do_io_write(nullptr, 0, nullptr);
+    if (!_connect_sms.empty()) {
+      auto prime_iter = _connect_sms.rbegin();
+      ink_release_assert(prime_iter != _connect_sms.rend());
+      PoolableSession *new_session = (*prime_iter)->create_server_session(_netvc, _netvc_read_buffer, _netvc_reader);
+      _netvc                       = nullptr;
+      _netvc_read_buffer           = nullptr;
+
+      // Did we end up with a multiplexing session?
+      int count = 0;
+      if (new_session->is_multiplexing()) {
+        // Hand off to all queued up ConnectSM's.
+        while (!_connect_sms.empty()) {
+          Debug("http_connect", "ConnectingEntry Pass along CONNECT_EVENT_TXN %d", count++);
+          auto entry = _connect_sms.begin();
+
+          SCOPED_MUTEX_LOCK(lock, (*entry)->mutex, this_ethread());
+          (*entry)->handleEvent(CONNECT_EVENT_TXN, new_session);
+          _connect_sms.erase(entry);
+        }
+      } else {
+        // Hand off to one and tell all of the others to connect directly
+        Debug("http_connect", "ConnectingEntry send CONNECT_EVENT_TXN to first %d", count++);
+        {
+          SCOPED_MUTEX_LOCK(lock, (*prime_iter)->mutex, this_ethread());
+          (*prime_iter)->handleEvent(CONNECT_EVENT_TXN, new_session);
+          _connect_sms.erase((++prime_iter).base());
+        }
+        while (!_connect_sms.empty()) {
+          auto entry = _connect_sms.begin();
+          Debug("http_connect", "ConnectingEntry Pass along CONNECT_EVENT_DIRECT %d", count++);
+          SCOPED_MUTEX_LOCK(lock, (*entry)->mutex, this_ethread());
+          (*entry)->handleEvent(CONNECT_EVENT_DIRECT, nullptr);
+          _connect_sms.erase(entry);
+        }
+      }
+    } else {
+      ink_release_assert(!"There should be some sms on the connect_entry");
+    }
+    delete this;
+
+    // ConnectingEntry should remove itself from the tables and delete itself
+    return 0;
+  }
+  case VC_EVENT_INACTIVITY_TIMEOUT:
+  case VC_EVENT_ACTIVE_TIMEOUT:
+  case VC_EVENT_ERROR:
+  case NET_EVENT_OPEN_FAILED: {
+    Debug("http_connect", "Stop %zd state machines waiting for failed origin", _connect_sms.size());
+    this->remove_entry();
+    int vc_provided_cert = 0;
+    int lerrno           = EIO;
+    if (_netvc != nullptr) {
+      vc_provided_cert = _netvc->provided_cert();
+      lerrno           = _netvc->lerrno == 0 ? lerrno : _netvc->lerrno;
+      _netvc->do_io_close();
+    }
+    while (!_connect_sms.empty()) {
+      auto entry = _connect_sms.begin();
+      SCOPED_MUTEX_LOCK(lock, (*entry)->mutex, this_ethread());
+      (*entry)->t_state.set_connect_fail(lerrno);
+      (*entry)->server_connection_provided_cert = vc_provided_cert;
+      (*entry)->handleEvent(event, data);
+      _connect_sms.erase(entry);
+    }
+    // ConnectingEntry should remove itself from the tables and delete itself
+    delete this;
+
+    return 0;
+  }
+  default:
+    Error("[ConnectingEntry::state_http_server_open] Unknown event: %d", event);
+    ink_release_assert(0);
+    return 0;
+  }
+
+  return 0;
+}
+
+void
+ConnectingEntry::remove_entry()
+{
+  EThread *ethread = this_ethread();
+  auto ip_iter     = ethread->connecting_pool->m_ip_pool.find(this->_ipaddr);
+  while (ip_iter != ethread->connecting_pool->m_ip_pool.end() && this->_ipaddr == ip_iter->first) {
+    if (ip_iter->second == this) {
+      ethread->connecting_pool->m_ip_pool.erase(ip_iter);
+      break;
+    }
+    ++ip_iter;
+  }
+}
diff --git a/proxy/http/ConnectingEntry.h b/proxy/http/ConnectingEntry.h
new file mode 100644
index 00000000000..3427295a4b8
--- /dev/null
+++ b/proxy/http/ConnectingEntry.h
@@ -0,0 +1,79 @@
+/** @file
+
+  Server side connection management.
+
+  @section license License
+
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements.  See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership.  The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+
+ */
+
+#include "PoolableSession.h"
+
+#include 
+#include 
+
+class HttpSM;
+
+/** Represents a server side session entry in a ConnectionPool to an origin. */
+class ConnectingEntry : public Continuation
+{
+public:
+  ConnectingEntry() = default;
+  ~ConnectingEntry() override;
+  void remove_entry();
+  int state_http_server_open(int event, void *data);
+  static PoolableSession *create_server_session(HttpSM *root_sm, NetVConnection *netvc, MIOBuffer *netvc_read_buffer,
+                                                IOBufferReader *netvc_reader);
+
+public:
+  std::string sni;
+  std::string cert_name;
+  IpEndpoint _ipaddr;
+  std::string hostname;
+  std::set _connect_sms;
+  NetVConnection *_netvc = nullptr;
+
+private:
+  MIOBuffer *_netvc_read_buffer = nullptr;
+  IOBufferReader *_netvc_reader = nullptr;
+  Action *_pending_action       = nullptr;
+  NetVCOptions opt;
+};
+
+struct IpHelper {
+  size_t
+  operator()(IpEndpoint const &arg) const
+  {
+    return IpAddr{&arg.sa}.hash();
+  }
+  bool
+  operator()(IpEndpoint const &arg1, IpEndpoint const &arg2) const
+  {
+    return ats_ip_addr_port_eq(&arg1.sa, &arg2.sa);
+  }
+};
+
+using ConnectingIpPool = std::unordered_multimap;
+
+/** Represents the set of connections to an origin. */
+class ConnectingPool
+{
+public:
+  ConnectingPool() = default;
+  ConnectingIpPool m_ip_pool;
+};
diff --git a/proxy/http/Http1ServerSession.h b/proxy/http/Http1ServerSession.h
index 0c6c76c9fdf..8a7b43f69e6 100644
--- a/proxy/http/Http1ServerSession.h
+++ b/proxy/http/Http1ServerSession.h
@@ -53,7 +53,7 @@ class Http1ServerSession : public PoolableSession
 
 public:
   Http1ServerSession();
-  Http1ServerSession(self_type const &) = delete;
+  Http1ServerSession(self_type const &)   = delete;
   self_type &operator=(self_type const &) = delete;
   ~Http1ServerSession()                   = default;
 
diff --git a/proxy/http/HttpBodyFactory.h b/proxy/http/HttpBodyFactory.h
index 1803eaf8736..08eae3d612c 100644
--- a/proxy/http/HttpBodyFactory.h
+++ b/proxy/http/HttpBodyFactory.h
@@ -67,8 +67,8 @@
 #include 
 
 #define HTTP_BODY_TEMPLATE_MAGIC 0xB0DFAC00
-#define HTTP_BODY_SET_MAGIC 0xB0DFAC55
-#define HTTP_BODY_FACTORY_MAGIC 0xB0DFACFF
+#define HTTP_BODY_SET_MAGIC      0xB0DFAC55
+#define HTTP_BODY_FACTORY_MAGIC  0xB0DFACFF
 
 ////////////////////////////////////////////////////////////////////////
 //
diff --git a/proxy/http/HttpConfig.cc b/proxy/http/HttpConfig.cc
index 377985ef354..9d1bf3e9181 100644
--- a/proxy/http/HttpConfig.cc
+++ b/proxy/http/HttpConfig.cc
@@ -113,10 +113,15 @@ http_config_enum_read(const char *name, const ConfigEnumPair (&list)[N], Mgmt
 ////////////////////////////////////////////////////////////////
 /// Session sharing match types.
 static const ConfigEnumPair SessionSharingMatchStrings[] = {
-  {TS_SERVER_SESSION_SHARING_MATCH_NONE, "none"}, {TS_SERVER_SESSION_SHARING_MATCH_IP, "ip"},
-  {TS_SERVER_SESSION_SHARING_MATCH_HOST, "host"}, {TS_SERVER_SESSION_SHARING_MATCH_HOST, "hostsni"},
-  {TS_SERVER_SESSION_SHARING_MATCH_BOTH, "both"}, {TS_SERVER_SESSION_SHARING_MATCH_HOSTONLY, "hostonly"},
-  {TS_SERVER_SESSION_SHARING_MATCH_SNI, "sni"},   {TS_SERVER_SESSION_SHARING_MATCH_CERT, "cert"}};
+  {TS_SERVER_SESSION_SHARING_MATCH_NONE,     "none"    },
+  {TS_SERVER_SESSION_SHARING_MATCH_IP,       "ip"      },
+  {TS_SERVER_SESSION_SHARING_MATCH_HOST,     "host"    },
+  {TS_SERVER_SESSION_SHARING_MATCH_HOST,     "hostsni" },
+  {TS_SERVER_SESSION_SHARING_MATCH_BOTH,     "both"    },
+  {TS_SERVER_SESSION_SHARING_MATCH_HOSTONLY, "hostonly"},
+  {TS_SERVER_SESSION_SHARING_MATCH_SNI,      "sni"     },
+  {TS_SERVER_SESSION_SHARING_MATCH_CERT,     "cert"    }
+};
 
 bool
 HttpConfig::load_server_session_sharing_match(const char *key, MgmtByte &mask)
@@ -167,7 +172,8 @@ http_config_enum_mask_read(const char *name, MgmtByte &value)
 static const ConfigEnumPair SessionSharingPoolStrings[] = {
   {TS_SERVER_SESSION_SHARING_POOL_GLOBAL, "global"},
   {TS_SERVER_SESSION_SHARING_POOL_THREAD, "thread"},
-  {TS_SERVER_SESSION_SHARING_POOL_HYBRID, "hybrid"}};
+  {TS_SERVER_SESSION_SHARING_POOL_HYBRID, "hybrid"}
+};
 
 int HttpConfig::m_id = 0;
 HttpConfigParams HttpConfig::m_master;
@@ -1401,13 +1407,13 @@ HttpConfig::startup()
   HttpEstablishStaticConfigLongLong(c.max_payload_iobuf_index, "proxy.config.payload.io.max_buffer_index");
   HttpEstablishStaticConfigLongLong(c.max_msg_iobuf_index, "proxy.config.msg.io.max_buffer_index");
 
-  //##############################################################################
-  //#
-  //# Redirection
-  //#
-  //# See RecordsConfig definition.
-  //#
-  //##############################################################################
+  // ##############################################################################
+  // #
+  // # Redirection
+  // #
+  // # See RecordsConfig definition.
+  // #
+  // ##############################################################################
   HttpEstablishStaticConfigByte(c.oride.redirect_use_orig_cache_key, "proxy.config.http.redirect_use_orig_cache_key");
   HttpEstablishStaticConfigByte(c.redirection_host_no_port, "proxy.config.http.redirect_host_no_port");
   HttpEstablishStaticConfigLongLong(c.oride.number_of_redirections, "proxy.config.http.number_of_redirections");
@@ -1941,8 +1947,8 @@ HttpConfig::parse_redirect_actions(char *input_string, RedirectEnabled::Action &
   // SELF
   // We must store the self address class separately instead of adding the addresses to our map.
   // The addresses Trafficserver will use depend on configurations that are loaded here, so they are not available yet.
-  action = configMapping.find(AddressClass::SELF) != configMapping.end() ? configMapping[AddressClass::SELF] :
-                                                                           configMapping[AddressClass::DEFAULT];
+  action      = configMapping.find(AddressClass::SELF) != configMapping.end() ? configMapping[AddressClass::SELF] :
+                                                                                configMapping[AddressClass::DEFAULT];
   self_action = action;
 
   // IpMap::fill only marks things that are not already marked.
diff --git a/proxy/http/HttpConfig.h b/proxy/http/HttpConfig.h
index 4ce28a100bc..c3057058aab 100644
--- a/proxy/http/HttpConfig.h
+++ b/proxy/http/HttpConfig.h
@@ -383,9 +383,9 @@ enum CacheOpenWriteFailAction_t {
 extern RecRawStatBlock *http_rsb;
 
 /* Stats should only be accessed using these macros */
-#define HTTP_INCREMENT_DYN_STAT(x) RecIncrRawStat(http_rsb, this_ethread(), (int)x, 1)
-#define HTTP_DECREMENT_DYN_STAT(x) RecIncrRawStat(http_rsb, this_ethread(), (int)x, -1)
-#define HTTP_SUM_DYN_STAT(x, y) RecIncrRawStat(http_rsb, this_ethread(), (int)x, (int64_t)y)
+#define HTTP_INCREMENT_DYN_STAT(x)     RecIncrRawStat(http_rsb, this_ethread(), (int)x, 1)
+#define HTTP_DECREMENT_DYN_STAT(x)     RecIncrRawStat(http_rsb, this_ethread(), (int)x, -1)
+#define HTTP_SUM_DYN_STAT(x, y)        RecIncrRawStat(http_rsb, this_ethread(), (int)x, (int64_t)y)
 #define HTTP_SUM_GLOBAL_DYN_STAT(x, y) RecIncrGlobalRawStatSum(http_rsb, x, y)
 
 #define HTTP_CLEAR_DYN_STAT(x)          \
@@ -394,7 +394,7 @@ extern RecRawStatBlock *http_rsb;
     RecSetRawStatCount(http_rsb, x, 0); \
   } while (0);
 
-#define HTTP_READ_DYN_SUM(x, S) RecGetRawStatSum(http_rsb, (int)x, &S) // This aggregates threads too
+#define HTTP_READ_DYN_SUM(x, S)        RecGetRawStatSum(http_rsb, (int)x, &S) // This aggregates threads too
 #define HTTP_READ_GLOBAL_DYN_SUM(x, S) RecGetGlobalRawStatSum(http_rsb, (int)x, &S)
 
 /////////////////////////////////////////////////////////////
@@ -468,9 +468,13 @@ enum class Action {
 };
 
 static std::map address_class_map = {
-  {"default", AddressClass::DEFAULT},     {"private", AddressClass::PRIVATE},     {"loopback", AddressClass::LOOPBACK},
-  {"multicast", AddressClass::MULTICAST}, {"linklocal", AddressClass::LINKLOCAL}, {"routable", AddressClass::ROUTABLE},
-  {"self", AddressClass::SELF},
+  {"default",   AddressClass::DEFAULT  },
+  {"private",   AddressClass::PRIVATE  },
+  {"loopback",  AddressClass::LOOPBACK },
+  {"multicast", AddressClass::MULTICAST},
+  {"linklocal", AddressClass::LINKLOCAL},
+  {"routable",  AddressClass::ROUTABLE },
+  {"self",      AddressClass::SELF     },
 };
 
 static std::map action_map = {
@@ -864,7 +868,7 @@ struct HttpConfigParams : public ConfigInfo {
   /////////////////////////////////////
   // operator = and copy constructor //
   /////////////////////////////////////
-  HttpConfigParams(const HttpConfigParams &) = delete;
+  HttpConfigParams(const HttpConfigParams &)            = delete;
   HttpConfigParams &operator=(const HttpConfigParams &) = delete;
 };
 
diff --git a/proxy/http/HttpConnectionCount.cc b/proxy/http/HttpConnectionCount.cc
index 3d9318f21c1..e51c45426ea 100644
--- a/proxy/http/HttpConnectionCount.cc
+++ b/proxy/http/HttpConnectionCount.cc
@@ -71,7 +71,8 @@ const MgmtConverter OutboundConnTrack::MATCH_CONV{
   }};
 
 const std::array(OutboundConnTrack::MATCH_BOTH) + 1> OutboundConnTrack::MATCH_TYPE_NAME{
-  {"ip"sv, "port"sv, "host"sv, "both"sv}};
+  {"ip"sv, "port"sv, "host"sv, "both"sv}
+};
 
 // Make sure the clock is millisecond resolution or finer.
 static_assert(OutboundConnTrack::Group::Clock::period::num == 1);
diff --git a/proxy/http/HttpConnectionCount.h b/proxy/http/HttpConnectionCount.h
index 19a3075dc85..10cc1daa4e6 100644
--- a/proxy/http/HttpConnectionCount.h
+++ b/proxy/http/HttpConnectionCount.h
@@ -54,7 +54,7 @@ class OutboundConnTrack
 
 public:
   // Non-copyable.
-  OutboundConnTrack(const self_type &) = delete;
+  OutboundConnTrack(const self_type &)    = delete;
   self_type &operator=(const self_type &) = delete;
 
   /// Definition of an upstream server group equivalence class.
diff --git a/proxy/http/HttpPages.cc b/proxy/http/HttpPages.cc
index 37061dad546..afc9c445e07 100644
--- a/proxy/http/HttpPages.cc
+++ b/proxy/http/HttpPages.cc
@@ -97,10 +97,10 @@ HttpPagesHandler::dump_hdr(HTTPHdr *hdr, const char *desc)
     int done;
     offset = 0;
     do {
-      used = 0;
-      tmp  = offset;
-      done = hdr->print(b, 4095, &used, &tmp);
-      offset += used;
+      used    = 0;
+      tmp     = offset;
+      done    = hdr->print(b, 4095, &used, &tmp);
+      offset  += used;
       b[used] = '\0';
       resp_add(b);
     } while (!done);
diff --git a/proxy/http/HttpProxyServerMain.cc b/proxy/http/HttpProxyServerMain.cc
index 6b5a1fa9ebe..d092c60a369 100644
--- a/proxy/http/HttpProxyServerMain.cc
+++ b/proxy/http/HttpProxyServerMain.cc
@@ -51,6 +51,7 @@
 HttpSessionAccept *plugin_http_accept             = nullptr;
 HttpSessionAccept *plugin_http_transparent_accept = nullptr;
 extern std::function create_h1_server_session;
+extern std::function create_h2_server_session;
 extern std::map> ProtocolSessionCreateMap;
 
 static SLL ssl_plugin_acceptors;
@@ -225,6 +226,7 @@ MakeHttpProxyAcceptor(HttpProxyAcceptor &acceptor, HttpProxyPort &port, unsigned
   }
   ProtocolSessionCreateMap.insert({TS_ALPN_PROTOCOL_INDEX_HTTP_1_0, create_h1_server_session});
   ProtocolSessionCreateMap.insert({TS_ALPN_PROTOCOL_INDEX_HTTP_1_1, create_h1_server_session});
+  ProtocolSessionCreateMap.insert({TS_ALPN_PROTOCOL_INDEX_HTTP_2_0, create_h2_server_session});
 
   if (port.isSSL()) {
     SSLNextProtocolAccept *ssl = new SSLNextProtocolAccept(probe, port.m_transparent_passthrough);
diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index e53889f0e54..04fcbfc71e0 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -24,11 +24,13 @@
 
 #include "../ProxyTransaction.h"
 #include "HttpSM.h"
+#include "ConnectingEntry.h"
 #include "HttpTransact.h"
 #include "HttpBodyFactory.h"
 #include "HttpTransactHeaders.h"
 #include "ProxyConfig.h"
 #include "Http1ServerSession.h"
+#include "Http2ServerSession.h"
 #include "HttpDebugNames.h"
 #include "HttpSessionManager.h"
 #include "P_Cache.h"
@@ -64,8 +66,8 @@
 #include 
 
 #define DEFAULT_RESPONSE_BUFFER_SIZE_INDEX 6 // 8K
-#define DEFAULT_REQUEST_BUFFER_SIZE_INDEX 6  // 8K
-#define MIN_CONFIG_BUFFER_SIZE_INDEX 5       // 4K
+#define DEFAULT_REQUEST_BUFFER_SIZE_INDEX  6 // 8K
+#define MIN_CONFIG_BUFFER_SIZE_INDEX       5 // 4K
 
 #define hsm_release_assert(EX)              \
   {                                         \
@@ -204,7 +206,6 @@ HttpVCTable::find_entry(VIO *vio)
 void
 HttpVCTable::remove_entry(HttpVCTableEntry *e)
 {
-  ink_assert(e->vc == nullptr || e->in_tunnel);
   e->vc  = nullptr;
   e->eos = false;
   if (e->read_buffer) {
@@ -237,18 +238,6 @@ HttpVCTable::cleanup_entry(HttpVCTableEntry *e)
 {
   ink_assert(e->vc);
   if (e->in_tunnel == false) {
-    // Update stats
-    switch (e->vc_type) {
-    case HTTP_UA_VC:
-      // proxy.process.http.current_client_transactions is decremented in HttpSM::destroy
-      break;
-    default:
-      // This covers:
-      // HTTP_UNKNOWN, HTTP_SERVER_VC, HTTP_TRANSFORM_VC, HTTP_CACHE_READ_VC,
-      // HTTP_CACHE_WRITE_VC, HTTP_RAW_SERVER_VC
-      break;
-    }
-
     if (e->vc_type == HTTP_SERVER_VC) {
       HTTP_INCREMENT_DYN_STAT(http_origin_shutdown_cleanup_entry);
     }
@@ -268,6 +257,14 @@ HttpVCTable::cleanup_all()
   }
 }
 
+void
+initialize_thread_for_connecting_pools(EThread *thread)
+{
+  if (thread->connecting_pool == nullptr) {
+    thread->connecting_pool = new ConnectingPool();
+  }
+}
+
 #define SMDebug(tag, fmt, ...) SpecificDebug(debug_on, tag, "[%" PRId64 "] " fmt, sm_id, ##__VA_ARGS__)
 
 #define REMEMBER(e, r)                             \
@@ -372,6 +369,8 @@ HttpSM::init(bool from_early_data)
 
   magic = HTTP_SM_MAGIC_ALIVE;
 
+  server_txn = nullptr;
+
   // Unique state machine identifier
   sm_id                 = next_sm_id++;
   t_state.state_machine = this;
@@ -601,8 +600,7 @@ HttpSM::attach_client_session(ProxyTransaction *client_vc)
   //  this hook maybe asynchronous, we need to disable IO on
   //  client but set the continuation to be the state machine
   //  so if we get an timeout events the sm handles them
-  //  hold onto enabling read until setup_client_read_request_header
-  ua_entry->read_vio  = client_vc->do_io_read(this, 0, nullptr);
+  ua_entry->read_vio  = client_vc->do_io_read(this, 0, ua_txn->get_remote_reader()->mbuf);
   ua_entry->write_vio = client_vc->do_io_write(this, 0, nullptr);
 
   /////////////////////////
@@ -794,8 +792,9 @@ HttpSM::state_read_client_request_header(int event, void *data)
       ua_raw_buffer_reader = nullptr;
     }
     http_parser_clear(&http_parser);
-    ua_entry->vc_read_handler                    = &HttpSM::state_watch_for_client_abort;
-    ua_entry->vc_write_handler                   = &HttpSM::state_watch_for_client_abort;
+    ua_entry->vc_read_handler  = &HttpSM::state_watch_for_client_abort;
+    ua_entry->vc_write_handler = &HttpSM::state_watch_for_client_abort;
+    ua_txn->cancel_inactivity_timeout();
     milestones[TS_MILESTONE_UA_READ_HEADER_DONE] = Thread::get_hrtime();
   }
 
@@ -997,19 +996,23 @@ HttpSM::state_watch_for_client_abort(int event, void *data)
    */
   case VC_EVENT_EOS: {
     // We got an early EOS. If the tunnal has cache writer, don't kill it for background fill.
-    NetVConnection *netvc = ua_txn->get_netvc();
-    if (ua_txn->allow_half_open() || tunnel.has_consumer_besides_client()) {
-      if (netvc) {
-        netvc->do_io_shutdown(IO_SHUTDOWN_READ);
+    if (!terminate_sm) { // Not done already
+      NetVConnection *netvc = ua_txn->get_netvc();
+      if (ua_txn->allow_half_open() || tunnel.has_consumer_besides_client()) {
+        if (netvc) {
+          netvc->do_io_shutdown(IO_SHUTDOWN_READ);
+        }
+      } else {
+        ua_txn->do_io_close();
+        vc_table.cleanup_entry(ua_entry);
+        ua_entry = nullptr;
+        tunnel.kill_tunnel();
+        terminate_sm = true; // Just die already, the requester is gone
+        set_ua_abort(HttpTransact::ABORTED, event);
+      }
+      if (ua_entry) {
+        ua_entry->eos = true;
       }
-      ua_entry->eos = true;
-    } else {
-      ua_txn->do_io_close();
-      vc_table.cleanup_entry(ua_entry);
-      ua_entry = nullptr;
-      tunnel.kill_tunnel();
-      terminate_sm = true; // Just die already, the requester is gone
-      set_ua_abort(HttpTransact::ABORTED, event);
     }
     break;
   }
@@ -1221,14 +1224,6 @@ HttpSM::state_raw_http_server_open(int event, void *data)
 
   pending_action = nullptr;
   switch (event) {
-  case EVENT_INTERVAL:
-    // If we get EVENT_INTERNAL it means that we moved the transaction
-    // to a different thread in do_http_server_open.  Since we didn't
-    // do any of the actual work in do_http_server_open, we have to
-    // go back and do it now.
-    do_http_server_open(true);
-    return 0;
-
   case NET_EVENT_OPEN: {
     // Record the VC in our table
     server_entry     = vc_table.new_entry();
@@ -1549,7 +1544,7 @@ plugins required to work with sni_routing.
         api_timer = -Thread::get_hrtime_updated();
         HTTP_SM_SET_DEFAULT_HANDLER(&HttpSM::state_api_callout);
         ink_release_assert(pending_action.empty());
-        pending_action = mutex->thread_holding->schedule_in(this, HRTIME_MSECONDS(10));
+        pending_action = this_ethread()->schedule_in(this, HRTIME_MSECONDS(10));
         return -1;
       }
 
@@ -1624,6 +1619,10 @@ plugins required to work with sni_routing.
     }
     break;
 
+  // Eat the EOS while we are waiting for any locks to complete the transaction
+  case VC_EVENT_EOS:
+    return 0;
+
   default:
     ink_assert(false);
     terminate_sm = true;
@@ -1817,7 +1816,7 @@ HttpSM::handle_api_return()
 }
 
 PoolableSession *
-HttpSM::create_server_session(NetVConnection *netvc)
+HttpSM::create_server_session(NetVConnection *netvc, MIOBuffer *netvc_read_buffer, IOBufferReader *netvc_reader)
 {
   // Figure out what protocol was negotiated
   int proto_index      = SessionProtocolNameRegistry::INVALID;
@@ -1832,28 +1831,24 @@ HttpSM::create_server_session(NetVConnection *netvc)
 
   PoolableSession *retval = ProxySession::create_outbound_session(proto_index);
 
-  HttpTransact::State &s       = this->t_state;
-  retval->sharing_pool         = static_cast(s.http_config_param->server_session_sharing_pool);
-  retval->sharing_match        = static_cast(s.txn_conf->server_session_sharing_match);
-  MIOBuffer *netvc_read_buffer = new_MIOBuffer(HTTP_SERVER_RESP_HDR_BUFFER_INDEX);
-  IOBufferReader *netvc_reader = netvc_read_buffer->alloc_reader();
+  retval->sharing_pool  = static_cast(t_state.http_config_param->server_session_sharing_pool);
+  retval->sharing_match = static_cast(t_state.txn_conf->server_session_sharing_match);
+  retval->attach_hostname(t_state.current.server->name);
   retval->new_connection(netvc, netvc_read_buffer, netvc_reader);
 
-  retval->attach_hostname(s.current.server->name);
-
-  ATS_PROBE1(new_origin_server_connection, s.current.server->name);
+  ATS_PROBE1(new_origin_server_connection, t_state.current.server->name);
   retval->set_active();
 
   if (netvc) {
-    ats_ip_copy(&s.server_info.src_addr, netvc->get_local_addr());
+    ats_ip_copy(&t_state.server_info.src_addr, netvc->get_local_addr());
   }
 
   // If origin_max_connections or origin_min_keep_alive_connections is set then we are metering
   // the max and or min number of connections per host. Transfer responsibility for this to the
   // session object.
-  if (s.outbound_conn_track_state.is_active()) {
-    SMDebug("http_connect", "max number of outbound connections: %d", s.txn_conf->outbound_conntrack.max);
-    retval->enable_outbound_connection_tracking(s.outbound_conn_track_state.drop());
+  if (t_state.outbound_conn_track_state.is_active()) {
+    SMDebug("http_connect", "max number of outbound connections: %d", t_state.txn_conf->outbound_conntrack.max);
+    retval->enable_outbound_connection_tracking(t_state.outbound_conn_track_state.drop());
   }
   return retval;
 }
@@ -1861,14 +1856,26 @@ HttpSM::create_server_session(NetVConnection *netvc)
 bool
 HttpSM::create_server_txn(PoolableSession *new_session)
 {
+  ink_assert(new_session != nullptr);
   bool retval = false;
-  server_txn  = new_session->new_transaction();
-  if (server_txn != nullptr) {
+
+  server_txn = new_session->new_transaction();
+  if (server_txn) {
+    retval = true;
     server_txn->attach_transaction(this);
+    if (t_state.current.request_to == ResolveInfo::PARENT_PROXY) {
+      new_session->to_parent_proxy = true;
+      HTTP_INCREMENT_DYN_STAT(http_current_parent_proxy_connections_stat);
+      HTTP_INCREMENT_DYN_STAT(http_total_parent_proxy_connections_stat);
+    } else {
+      new_session->to_parent_proxy = false;
+    }
     server_txn->do_io_write(this, 0, nullptr);
     attach_server_session();
-    retval = true;
   }
+  _netvc             = nullptr;
+  _netvc_read_buffer = nullptr;
+  _netvc_reader      = nullptr;
   return retval;
 }
 
@@ -1891,78 +1898,77 @@ HttpSM::state_http_server_open(int event, void *data)
 
   switch (event) {
   case NET_EVENT_OPEN: {
-    NetVConnection *netvc        = static_cast(data);
-    UnixNetVConnection *vc       = static_cast(data);
-    PoolableSession *new_session = this->create_server_session(netvc);
-    if (t_state.current.request_to == ResolveInfo::PARENT_PROXY) {
-      new_session->to_parent_proxy = true;
-      HTTP_INCREMENT_DYN_STAT(http_current_parent_proxy_connections_stat);
-      HTTP_INCREMENT_DYN_STAT(http_total_parent_proxy_connections_stat);
-    } else {
-      new_session->to_parent_proxy = false;
-    }
-    this->create_server_txn(new_session);
-
     // Since the UnixNetVConnection::action_ or SocksEntry::action_ may be returned from netProcessor.connect_re, and the
-    // SocksEntry::action_ will be copied into UnixNetVConnection::action_ before call back NET_EVENT_OPEN from SocksEntry::free(),
-    // so we just compare the Continuation between pending_action and VC's action_.
+    // SocksEntry::action_ will be copied into UnixNetVConnection::action_ before call back NET_EVENT_OPEN from
+    // SocksEntry::free(), so we just compare the Continuation between pending_action and VC's action_.
+    _netvc                 = static_cast(data);
+    _netvc_read_buffer     = new_MIOBuffer(HTTP_SERVER_RESP_HDR_BUFFER_INDEX);
+    _netvc_reader          = _netvc_read_buffer->alloc_reader();
+    UnixNetVConnection *vc = static_cast(_netvc);
     ink_release_assert(pending_action.empty() || pending_action.get_continuation() == vc->get_action()->continuation);
     pending_action = nullptr;
 
     if (this->plugin_tunnel_type == HTTP_NO_PLUGIN_TUNNEL) {
-      SMDebug("http", "setting handler for TCP handshake");
-      // Just want to get a write-ready event so we know that the TCP handshake is complete.
-      server_entry->vc_write_handler = &HttpSM::state_http_server_open;
-      server_entry->vc_read_handler  = &HttpSM::state_http_server_open;
-
-      int64_t nbytes = 1;
-      if (t_state.txn_conf->proxy_protocol_out >= 0) {
-        nbytes = do_outbound_proxy_protocol(server_txn->get_remote_reader()->mbuf, vc, ua_txn->get_netvc(),
-                                            t_state.txn_conf->proxy_protocol_out);
-      }
-
-      server_entry->write_vio = server_txn->do_io_write(this, nbytes, server_txn->get_remote_reader());
+      SMDebug("http_connect", "setting handler for connection handshake timeout %" PRId64, this->get_server_connect_timeout());
+      // Just want to get a write-ready event so we know that the connection handshake is complete.
+      // The buffer we create will be handed over to the eventually created server session
+      _netvc->do_io_write(this, 1, _netvc_reader);
+      _netvc->set_inactivity_timeout(this->get_server_connect_timeout());
 
     } else { // in the case of an intercept plugin don't to the connect timeout change
-      SMDebug("http", "not setting handler for TCP handshake");
+      SMDebug("http_connect", "not setting handler for connection handshake");
+      this->create_server_txn(this->create_server_session(_netvc, _netvc_read_buffer, _netvc_reader));
       handle_http_server_open();
     }
-
+    ink_assert(pending_action.empty());
     return 0;
   }
+  case CONNECT_EVENT_DIRECT:
+    // Try it again, but direct this time
+    do_http_server_open(false, true);
+    break;
+  case CONNECT_EVENT_TXN:
+    SMDebug("http", "Connection handshake complete via CONNECT_EVENT_TXN");
+    if (this->create_server_txn(static_cast(data))) {
+      write_outbound_proxy_protocol();
+      handle_http_server_open();
+    } else { // Failed to create transaction.  Maybe too many active transactions already
+      // Try again (probably need a bounding counter here)
+      do_http_server_open(false);
+    }
+    return 0;
   case VC_EVENT_READ_COMPLETE:
   case VC_EVENT_WRITE_READY:
   case VC_EVENT_WRITE_COMPLETE:
     // Update the time out to the regular connection timeout.
-    SMDebug("http_ss", "TCP Handshake complete");
-    server_entry->vc_write_handler = &HttpSM::state_send_server_request_header;
-
-    // Reset the timeout to the non-connect timeout
-    server_txn->set_inactivity_timeout(get_server_inactivity_timeout());
+    SMDebug("http_ss", "Connection handshake complete");
+    this->create_server_txn(this->create_server_session(_netvc, _netvc_read_buffer, _netvc_reader));
+    write_outbound_proxy_protocol();
     t_state.current.server->clear_connect_fail();
     handle_http_server_open();
     return 0;
-  case EVENT_INTERVAL: // Delayed call from another thread
-    if (server_txn == nullptr) {
-      do_http_server_open();
-    }
-    break;
   case VC_EVENT_INACTIVITY_TIMEOUT:
   case VC_EVENT_ACTIVE_TIMEOUT:
     t_state.set_connect_fail(ETIMEDOUT);
   /* fallthrough */
   case VC_EVENT_ERROR:
   case NET_EVENT_OPEN_FAILED: {
-    if (server_txn) {
-      NetVConnection *vc = server_txn->get_netvc();
-      if (vc) {
-        t_state.set_connect_fail(vc->lerrno);
-        server_connection_provided_cert = vc->provided_cert();
-      }
-    }
-
     t_state.current.state = HttpTransact::CONNECTION_ERROR;
     t_state.outbound_conn_track_state.clear();
+    if (_netvc != nullptr) {
+      if (event == VC_EVENT_ERROR || event == NET_EVENT_OPEN_FAILED) {
+        t_state.set_connect_fail(_netvc->lerrno);
+      }
+      this->server_connection_provided_cert = _netvc->provided_cert();
+      _netvc->do_io_write(nullptr, 0, nullptr);
+      _netvc->do_io_close();
+      _netvc = nullptr;
+    } else {
+      // We set this to 0 because otherwise
+      // HttpTransact::retry_server_connection_not_open will raise an assertion
+      // if the value is the default UNKNOWN_INTERNAL_ERROR.
+      t_state.cause_of_death_errno = 0;
+    }
 
     /* If we get this error in transparent mode, then we simply can't bind to the 4-tuple to make the connection.  There's no hope
        of retries succeeding in the near future. The best option is to just shut down the connection without further comment. The
@@ -2025,6 +2031,8 @@ HttpSM::state_read_server_response_header(int event, void *data)
   case VC_EVENT_READ_READY:
   case VC_EVENT_READ_COMPLETE:
     // More data to parse
+    // Got some data, won't retry origin connection on error
+    t_state.current.attempts.maximize(t_state.configured_connect_attempts_max_retries());
     break;
 
   case VC_EVENT_ERROR:
@@ -2076,6 +2084,12 @@ HttpSM::state_read_server_response_header(int event, void *data)
     http_parser_clear(&http_parser);
     milestones[TS_MILESTONE_SERVER_READ_HEADER_DONE] = Thread::get_hrtime();
 
+    // Any other events to the end
+    if (server_entry->vc_type == HTTP_SERVER_VC) {
+      server_entry->vc_read_handler  = &HttpSM::tunnel_handler;
+      server_entry->vc_write_handler = &HttpSM::tunnel_handler;
+    }
+
     // If there is a post body in transit, give up on it
     if (tunnel.is_tunnel_alive()) {
       tunnel.abort_tunnel();
@@ -2104,6 +2118,9 @@ HttpSM::state_read_server_response_header(int event, void *data)
     if (allow_error == false) {
       SMDebug("http_seq", "Error parsing server response header");
       t_state.current.state = HttpTransact::PARSE_ERROR;
+      // We set this to 0 because otherwise HttpTransact::retry_server_connection_not_open
+      // will raise an assertion if the value is the default UNKNOWN_INTERNAL_ERROR.
+      t_state.cause_of_death_errno = 0;
 
       // If the server closed prematurely on us, use the
       //   server setup error routine since it will forward
@@ -2185,9 +2202,9 @@ HttpSM::state_send_server_request_header(int event, void *data)
     break;
 
   case VC_EVENT_WRITE_COMPLETE:
-    if (server_entry->write_vio != nullptr) {
-      // We are done sending the request header, deallocate
-      //  our buffer and then decide what to do next
+    // We are done sending the request header, deallocate
+    //  our buffer and then decide what to do next
+    if (server_entry->write_buffer) {
       free_MIOBuffer(server_entry->write_buffer);
       server_entry->write_buffer = nullptr;
       method                     = t_state.hdr_info.server_request.method_get_wksidx();
@@ -2203,6 +2220,10 @@ HttpSM::state_send_server_request_header(int event, void *data)
           }
         }
       }
+      // Any other events to these read response
+      if (server_entry->vc_type == HTTP_SERVER_VC) {
+        server_entry->vc_read_handler = &HttpSM::state_read_server_response_header;
+      }
     }
 
     break;
@@ -2253,6 +2274,91 @@ HttpSM::state_send_server_request_header(int event, void *data)
   return 0;
 }
 
+bool
+HttpSM::origin_multiplexed() const
+{
+  return (t_state.dns_info.http_version == HTTP_2_0 || t_state.dns_info.http_version == HTTP_INVALID);
+}
+
+void
+HttpSM::cancel_pending_server_connection()
+{
+  EThread *ethread = this_ethread();
+  if (nullptr == ethread->connecting_pool) {
+    return; // No pending requests
+  }
+  if (t_state.current.server) {
+    IpEndpoint ip;
+    ip.assign(&this->t_state.current.server->dst_addr.sa);
+    auto ip_iter = ethread->connecting_pool->m_ip_pool.find(ip);
+    while (ip_iter != ethread->connecting_pool->m_ip_pool.end() && ip_iter->first == ip) {
+      ConnectingEntry *connecting_entry = ip_iter->second;
+      // Found a match
+      // Look for our sm in the queue
+      auto entry = connecting_entry->_connect_sms.find(this);
+      if (entry != connecting_entry->_connect_sms.end()) {
+        connecting_entry->_connect_sms.erase(entry);
+        if (connecting_entry->_connect_sms.empty()) {
+          if (connecting_entry->_netvc) {
+            connecting_entry->_netvc->do_io_write(nullptr, 0, nullptr);
+            connecting_entry->_netvc->do_io_close();
+          }
+          ethread->connecting_pool->m_ip_pool.erase(ip_iter);
+          delete connecting_entry;
+          break;
+        } else {
+          //  Leave the shared entry remaining alone
+        }
+      }
+      ++ip_iter;
+    }
+  }
+}
+
+// Returns true if there was a matching entry that we
+// queued this request on
+bool
+HttpSM::add_to_existing_request()
+{
+  HttpTransact::State &s = this->t_state;
+  bool retval            = false;
+  EThread *ethread       = this_ethread();
+
+  if (this->plugin_tunnel_type != HTTP_NO_PLUGIN_TUNNEL) {
+    return false;
+  }
+
+  if (nullptr == ethread->connecting_pool) {
+    initialize_thread_for_connecting_pools(ethread);
+  }
+  auto my_nh = ((UnixNetVConnection *)(this)->ua_txn->get_netvc())->nh;
+  ink_release_assert(my_nh == nullptr /* PluginVC */ || my_nh == get_NetHandler(this_ethread()));
+
+  HTTP_SM_SET_DEFAULT_HANDLER(&HttpSM::state_http_server_open);
+
+  IpEndpoint ip;
+  ip.assign(&s.current.server->dst_addr.sa);
+  auto ip_iter                       = ethread->connecting_pool->m_ip_pool.find(ip);
+  std::string_view proposed_sni      = this->get_outbound_sni();
+  std::string_view proposed_cert     = this->get_outbound_cert();
+  std::string_view proposed_hostname = this->t_state.current.server->name;
+  while (!retval && ip_iter != ethread->connecting_pool->m_ip_pool.end() && ip_iter->first == ip) {
+    // Check that entry matches sni, hostname, and cert
+    if (proposed_hostname == ip_iter->second->hostname && proposed_sni == ip_iter->second->sni &&
+        proposed_cert == ip_iter->second->cert_name && ip_iter->second->_connect_sms.size() < 50) {
+      // Pre-emptively set a server connect failure that will be cleared once a WRITE_READY is received from origin or
+      // bytes are received back
+      this->t_state.set_connect_fail(EIO);
+      ip_iter->second->_connect_sms.insert(this);
+      Debug("http_connect", "Add entry to connection queue. size=%" PRId64, ip_iter->second->_connect_sms.size());
+      retval = true;
+      break;
+    }
+    ++ip_iter;
+  }
+  return retval;
+}
+
 void
 HttpSM::process_srv_info(HostDBRecord *record)
 {
@@ -2349,11 +2455,6 @@ int
 HttpSM::state_hostdb_lookup(int event, void *data)
 {
   STATE_ENTER(&HttpSM::state_hostdb_lookup, event);
-  //    ink_assert (m_origin_server_vc == 0);
-  // REQ_FLAVOR_SCHEDULED_UPDATE can be transformed into
-  // REQ_FLAVOR_REVPROXY
-  ink_assert(t_state.req_flavor == HttpTransact::REQ_FLAVOR_SCHEDULED_UPDATE ||
-             t_state.req_flavor == HttpTransact::REQ_FLAVOR_REVPROXY || ua_entry->vc != nullptr);
 
   switch (event) {
   case EVENT_HOST_DB_LOOKUP:
@@ -2367,9 +2468,9 @@ HttpSM::state_hostdb_lookup(int event, void *data)
 
     char const *host_name = t_state.dns_info.is_srv() ? t_state.dns_info.record->name() : t_state.dns_info.lookup_name;
     HostDBProcessor::Options opt;
-    opt.port  = t_state.dns_info.is_srv() ? t_state.dns_info.srv_port : t_state.server_info.dst_addr.host_order_port();
-    opt.flags = (t_state.cache_info.directives.does_client_permit_dns_storing) ? HostDBProcessor::HOSTDB_DO_NOT_FORCE_DNS :
-                                                                                 HostDBProcessor::HOSTDB_FORCE_DNS_RELOAD;
+    opt.port           = t_state.dns_info.is_srv() ? t_state.dns_info.srv_port : t_state.server_info.dst_addr.host_order_port();
+    opt.flags          = (t_state.cache_info.directives.does_client_permit_dns_storing) ? HostDBProcessor::HOSTDB_DO_NOT_FORCE_DNS :
+                                                                                          HostDBProcessor::HOSTDB_FORCE_DNS_RELOAD;
     opt.timeout        = (t_state.api_txn_dns_timeout_value != -1) ? t_state.api_txn_dns_timeout_value : 0;
     opt.host_res_style = ats_host_res_from(ua_txn->get_netvc()->get_local_addr()->sa_family, t_state.txn_conf->host_res_data.order);
 
@@ -2384,7 +2485,6 @@ HttpSM::state_hostdb_lookup(int event, void *data)
   default:
     ink_assert(!"Unexpected event");
   }
-
   return 0;
 }
 
@@ -2699,7 +2799,7 @@ HttpSM::main_handler(int event, void *data)
   }
 
   if (vc_entry) {
-    jump_point = static_cast(data) == vc_entry->read_vio ? vc_entry->vc_read_handler : vc_entry->vc_write_handler;
+    jump_point = (static_cast(data) == vc_entry->read_vio) ? vc_entry->vc_read_handler : vc_entry->vc_write_handler;
     ink_assert(jump_point != (HttpSMHandler) nullptr);
     ink_assert(vc_entry->vc != (VConnection *)nullptr);
     (this->*jump_point)(event, data);
@@ -2864,7 +2964,6 @@ HttpSM::tunnel_handler_post(int event, void *data)
     // Is the response header ready and waiting?
     // If so, go ahead and do the hook processing
     if (milestones[TS_MILESTONE_SERVER_READ_HEADER_DONE] != 0) {
-      Warning("Process waiting response id=[%" PRId64, sm_id);
       t_state.current.state         = HttpTransact::CONNECTION_ALIVE;
       t_state.transact_return_point = HttpTransact::HandleResponse;
       t_state.api_next_action       = HttpTransact::SM_ACTION_API_READ_RESPONSE_HDR;
@@ -2878,6 +2977,50 @@ HttpSM::tunnel_handler_post(int event, void *data)
   return 0;
 }
 
+int
+HttpSM::tunnel_handler_trailer(int event, void *data)
+{
+  STATE_ENTER(&HttpSM::tunnel_handler_trailer, event);
+
+  switch (event) {
+  case HTTP_TUNNEL_EVENT_DONE: // Response tunnel done.
+    break;
+
+  default:
+    // If the response tunnel did not succeed, just clean up as in the default case
+    return tunnel_handler(event, data);
+  }
+
+  ink_assert(event == HTTP_TUNNEL_EVENT_DONE);
+
+  // Set up a new tunnel to transport the trailing header to the UA
+  HTTP_SM_SET_DEFAULT_HANDLER(&HttpSM::tunnel_handler);
+
+  MIOBuffer *trailer_buffer = new_MIOBuffer(HTTP_HEADER_BUFFER_SIZE_INDEX);
+  IOBufferReader *buf_start = trailer_buffer->alloc_reader();
+
+  size_t nbytes   = INT64_MAX;
+  int start_bytes = trailer_buffer->write(server_txn->get_remote_reader(), server_txn->get_remote_reader()->read_avail());
+  server_txn->get_remote_reader()->consume(start_bytes);
+  // The server has already sent all it has
+  if (server_txn->is_read_closed()) {
+    nbytes = start_bytes;
+  }
+  // Signal the ua_txn to get ready for a trailer
+  ua_txn->set_expect_send_trailer();
+  tunnel.reset();
+  HttpTunnelProducer *p = tunnel.add_producer(server_entry->vc, nbytes, buf_start, &HttpSM::tunnel_handler_trailer_server,
+                                              HT_HTTP_SERVER, "http server trailer");
+  tunnel.add_consumer(ua_entry->vc, server_entry->vc, &HttpSM::tunnel_handler_trailer_ua, HT_HTTP_CLIENT, "user agent trailer");
+
+  ua_entry->in_tunnel     = true;
+  server_entry->in_tunnel = true;
+
+  tunnel.tunnel_run(p);
+
+  return 0;
+}
+
 int
 HttpSM::tunnel_handler_cache_fill(int event, void *data)
 {
@@ -2888,12 +3031,31 @@ HttpSM::tunnel_handler_cache_fill(int event, void *data)
 
   ink_release_assert(cache_sm.cache_write_vc);
 
-  tunnel.deallocate_buffers();
-  this->postbuf_clear();
-  tunnel.reset();
+  int64_t alloc_index       = find_server_buffer_size();
+  MIOBuffer *buf            = new_MIOBuffer(alloc_index);
+  IOBufferReader *buf_start = buf->alloc_reader();
 
-  setup_server_transfer_to_cache_only();
-  tunnel.tunnel_run();
+  TunnelChunkingAction_t action =
+    (t_state.current.server && t_state.current.server->transfer_encoding == HttpTransact::CHUNKED_ENCODING) ?
+      TCA_DECHUNK_CONTENT :
+      TCA_PASSTHRU_DECHUNKED_CONTENT;
+
+  int64_t nbytes = server_transfer_init(buf, 0);
+
+  HTTP_SM_SET_DEFAULT_HANDLER(&HttpSM::tunnel_handler);
+
+  server_entry->vc = server_txn;
+  HttpTunnelProducer *p =
+    tunnel.add_producer(server_entry->vc, nbytes, buf_start, &HttpSM::tunnel_handler_server, HT_HTTP_SERVER, "http server");
+
+  tunnel.set_producer_chunking_action(p, 0, action);
+  tunnel.set_producer_chunking_size(p, t_state.txn_conf->http_chunking_size);
+
+  setup_cache_write_transfer(&cache_sm, server_entry->vc, &t_state.cache_info.object_store, 0, "cache write");
+
+  server_entry->in_tunnel = true;
+  // Kick off the new producer
+  tunnel.tunnel_run(p);
 
   return 0;
 }
@@ -3081,7 +3243,6 @@ HttpSM::tunnel_handler_server(int event, HttpTunnelProducer *p)
       t_state.current.server->state = HttpTransact::TRANSACTION_COMPLETE;
       break;
     }
-
     HTTP_INCREMENT_DYN_STAT(http_origin_shutdown_tunnel_server);
     close_connection = true;
 
@@ -3145,6 +3306,13 @@ HttpSM::tunnel_handler_server(int event, HttpTunnelProducer *p)
         tunnel.local_finish_all(p);
       }
     }
+    if (server_txn->expect_receive_trailer()) {
+      SMDebug("http", "wait for that trailing header");
+      // Swap out the default hander to set up the new tunnel for the trailer exchange.
+      HTTP_SM_SET_DEFAULT_HANDLER(&HttpSM::tunnel_handler_trailer);
+      tunnel.local_finish_all(p);
+      return 0;
+    }
     break;
 
   case HTTP_TUNNEL_EVENT_CONSUMER_DETACH:
@@ -3220,6 +3388,84 @@ HttpSM::tunnel_handler_server(int event, HttpTunnelProducer *p)
   return 0;
 }
 
+int
+HttpSM::tunnel_handler_trailer_server(int event, HttpTunnelProducer *p)
+{
+  STATE_ENTER(&HttpSM::tunnel_handler_trailer_server, event);
+
+  switch (event) {
+  case VC_EVENT_INACTIVITY_TIMEOUT:
+  case VC_EVENT_ACTIVE_TIMEOUT:
+  case VC_EVENT_ERROR:
+    t_state.squid_codes.log_code  = SQUID_LOG_ERR_READ_TIMEOUT;
+    t_state.squid_codes.hier_code = SQUID_HIER_TIMEOUT_DIRECT;
+    /* fallthru */
+
+  case VC_EVENT_EOS:
+
+    switch (event) {
+    case VC_EVENT_INACTIVITY_TIMEOUT:
+      t_state.current.server->state = HttpTransact::INACTIVE_TIMEOUT;
+      break;
+    case VC_EVENT_ACTIVE_TIMEOUT:
+      t_state.current.server->state = HttpTransact::ACTIVE_TIMEOUT;
+      break;
+    case VC_EVENT_ERROR:
+      t_state.current.server->state = HttpTransact::CONNECTION_ERROR;
+      break;
+    case VC_EVENT_EOS:
+      t_state.current.server->state = HttpTransact::TRANSACTION_COMPLETE;
+      break;
+    }
+
+    ink_assert(p->vc_type == HT_HTTP_SERVER);
+
+    SMDebug("http", "aborting HTTP tunnel due to server truncation");
+    tunnel.chain_abort_all(p);
+
+    t_state.current.server->abort      = HttpTransact::ABORTED;
+    t_state.client_info.keep_alive     = HTTP_NO_KEEPALIVE;
+    t_state.current.server->keep_alive = HTTP_NO_KEEPALIVE;
+    t_state.squid_codes.log_code       = SQUID_LOG_ERR_READ_ERROR;
+    break;
+
+  case HTTP_TUNNEL_EVENT_PRECOMPLETE:
+  case VC_EVENT_READ_COMPLETE:
+    //
+    // The transfer completed successfully
+    p->read_success               = true;
+    t_state.current.server->state = HttpTransact::TRANSACTION_COMPLETE;
+    t_state.current.server->abort = HttpTransact::DIDNOT_ABORT;
+    break;
+
+  case HTTP_TUNNEL_EVENT_CONSUMER_DETACH:
+  case VC_EVENT_READ_READY:
+  case VC_EVENT_WRITE_READY:
+  case VC_EVENT_WRITE_COMPLETE:
+  default:
+    // None of these events should ever come our way
+    ink_assert(0);
+    break;
+  }
+
+  // We handled the event.  Now either shutdown server transaction
+  ink_assert(server_entry->vc == p->vc);
+  ink_assert(p->vc_type == HT_HTTP_SERVER);
+  ink_assert(p->vc == server_txn);
+
+  // The server session has been released. Clean all pointer
+  // Calling remove_entry instead of server_entry because we don't
+  // want to close the server VC at this point
+  vc_table.remove_entry(server_entry);
+
+  p->vc->do_io_close();
+  p->read_vio = nullptr;
+
+  server_entry = nullptr;
+
+  return 0;
+}
+
 // int HttpSM::tunnel_handler_100_continue_ua(int event, HttpTunnelConsumer* c)
 //
 //     Used for tunneling the 100 continue response.  The tunnel
@@ -3241,6 +3487,7 @@ HttpSM::tunnel_handler_100_continue_ua(int event, HttpTunnelConsumer *c)
   case VC_EVENT_ACTIVE_TIMEOUT:
   case VC_EVENT_ERROR:
     set_ua_abort(HttpTransact::ABORTED, event);
+    vc_table.remove_entry(ua_entry);
     c->vc->do_io_close();
     break;
   case VC_EVENT_WRITE_COMPLETE:
@@ -3339,13 +3586,13 @@ HttpSM::tunnel_handler_ua(int event, HttpTunnelConsumer *c)
         HTTP_INCREMENT_DYN_STAT(http_background_fill_current_count_stat);
         HTTP_INCREMENT_DYN_STAT(http_background_fill_total_count_stat);
 
-        ink_assert(server_entry->vc == server_txn);
         ink_assert(c->is_downstream_from(server_txn));
         server_txn->set_active_timeout(HRTIME_SECONDS(t_state.txn_conf->background_fill_active_timeout));
       }
 
       // Even with the background fill, the client side should go down
       c->write_vio = nullptr;
+      vc_table.remove_entry(ua_entry);
       c->vc->do_io_close(EHTTP_ERROR);
       c->alive = false;
 
@@ -3414,8 +3661,9 @@ HttpSM::tunnel_handler_ua(int event, HttpTunnelConsumer *c)
     break;
   }
 
-  ink_assert(ua_entry->vc == c->vc);
-  if (close_connection) {
+  if (event == VC_EVENT_WRITE_COMPLETE && server_txn && server_txn->expect_receive_trailer()) {
+    // Don't shutdown if we are still expecting a trailer
+  } else if (close_connection) {
     // If the client could be pipelining or is doing a POST, we need to
     //   set the ua_txn into half close mode
 
@@ -3427,6 +3675,7 @@ HttpSM::tunnel_handler_ua(int event, HttpTunnelConsumer *c)
     }
 
     vc_table.remove_entry(this->ua_entry);
+    ink_release_assert(vc_table.find_entry(ua_txn) == nullptr);
     ua_txn->do_io_close();
   } else {
     ink_assert(ua_txn->get_remote_reader() != nullptr);
@@ -3437,13 +3686,73 @@ HttpSM::tunnel_handler_ua(int event, HttpTunnelConsumer *c)
   return 0;
 }
 
+int
+HttpSM::tunnel_handler_trailer_ua(int event, HttpTunnelConsumer *c)
+{
+  HttpTunnelProducer *p     = nullptr;
+  HttpTunnelConsumer *selfc = nullptr;
+
+  STATE_ENTER(&HttpSM::tunnel_handler_trailer_ua, event);
+  ink_assert(c->vc == ua_txn);
+  milestones[TS_MILESTONE_UA_CLOSE] = Thread::get_hrtime();
+
+  switch (event) {
+  case VC_EVENT_EOS:
+    ua_entry->eos = true;
+
+  // FALL-THROUGH
+  case VC_EVENT_INACTIVITY_TIMEOUT:
+  case VC_EVENT_ACTIVE_TIMEOUT:
+  case VC_EVENT_ERROR:
+
+    // The user agent died or aborted.  Check to
+    //  see if we should setup a background fill
+    set_ua_abort(HttpTransact::ABORTED, event);
+
+    // Should not be processing trailer headers in the background fill case
+    ink_assert(!is_bg_fill_necessary(c));
+    p = c->producer;
+    tunnel.chain_abort_all(c->producer);
+    selfc = p->self_consumer;
+    if (selfc) {
+      // This is the case where there is a transformation between ua and os
+      p = selfc->producer;
+      // if producer is the cache or OS, close the producer.
+      // Otherwise in case of large docs, producer iobuffer gets filled up,
+      // waiting for a consumer to consume data and the connection is never closed.
+      if (p->alive && ((p->vc_type == HT_CACHE_READ) || (p->vc_type == HT_HTTP_SERVER))) {
+        tunnel.chain_abort_all(p);
+      }
+    }
+    break;
+
+  case VC_EVENT_WRITE_COMPLETE:
+    c->write_success          = true;
+    t_state.client_info.abort = HttpTransact::DIDNOT_ABORT;
+    break;
+  case VC_EVENT_WRITE_READY:
+  case VC_EVENT_READ_READY:
+  case VC_EVENT_READ_COMPLETE:
+  default:
+    // None of these events should ever come our way
+    ink_assert(0);
+    break;
+  }
+
+  ink_assert(ua_entry->vc == c->vc);
+  vc_table.remove_entry(this->ua_entry);
+  ua_txn->do_io_close();
+  ink_release_assert(vc_table.find_entry(ua_txn) == nullptr);
+  return 0;
+}
+
 int
 HttpSM::tunnel_handler_ua_push(int event, HttpTunnelProducer *p)
 {
   STATE_ENTER(&HttpSM::tunnel_handler_ua_push, event);
 
   pushed_response_body_bytes += p->bytes_read;
-  client_request_body_bytes += p->bytes_read;
+  client_request_body_bytes  += p->bytes_read;
 
   switch (event) {
   case VC_EVENT_INACTIVITY_TIMEOUT:
@@ -4237,12 +4546,11 @@ HttpSM::do_hostdb_lookup()
     pending_action = hostDBProcessor.getSRVbyname_imm(this, (cb_process_result_pfn)&HttpSM::process_srv_info, d, 0, opt);
     if (pending_action.empty()) {
       char const *host_name = t_state.dns_info.resolved_p ? t_state.dns_info.srv_hostname : t_state.dns_info.lookup_name;
-      opt.port              = t_state.dns_info.resolved_p ?
-                   t_state.dns_info.srv_port :
-                   t_state.server_info.dst_addr.isValid() ? t_state.server_info.dst_addr.host_order_port() :
-                                                            t_state.hdr_info.client_request.port_get();
-      opt.flags = (t_state.cache_info.directives.does_client_permit_dns_storing) ? HostDBProcessor::HOSTDB_DO_NOT_FORCE_DNS :
-                                                                                   HostDBProcessor::HOSTDB_FORCE_DNS_RELOAD;
+      opt.port              = t_state.dns_info.resolved_p            ? t_state.dns_info.srv_port :
+                              t_state.server_info.dst_addr.isValid() ? t_state.server_info.dst_addr.host_order_port() :
+                                                                       t_state.hdr_info.client_request.port_get();
+      opt.flags   = (t_state.cache_info.directives.does_client_permit_dns_storing) ? HostDBProcessor::HOSTDB_DO_NOT_FORCE_DNS :
+                                                                                     HostDBProcessor::HOSTDB_FORCE_DNS_RELOAD;
       opt.timeout = (t_state.api_txn_dns_timeout_value != -1) ? t_state.api_txn_dns_timeout_value : 0;
       opt.host_res_style =
         ats_host_res_from(ua_txn->get_netvc()->get_local_addr()->sa_family, t_state.txn_conf->host_res_data.order);
@@ -4272,9 +4580,9 @@ HttpSM::do_hostdb_lookup()
     }
 
     HostDBProcessor::Options opt;
-    opt.port  = server_port;
-    opt.flags = (t_state.cache_info.directives.does_client_permit_dns_storing) ? HostDBProcessor::HOSTDB_DO_NOT_FORCE_DNS :
-                                                                                 HostDBProcessor::HOSTDB_FORCE_DNS_RELOAD;
+    opt.port    = server_port;
+    opt.flags   = (t_state.cache_info.directives.does_client_permit_dns_storing) ? HostDBProcessor::HOSTDB_DO_NOT_FORCE_DNS :
+                                                                                   HostDBProcessor::HOSTDB_FORCE_DNS_RELOAD;
     opt.timeout = (t_state.api_txn_dns_timeout_value != -1) ? t_state.api_txn_dns_timeout_value : 0;
 
     opt.host_res_style = ats_host_res_from(ua_txn->get_netvc()->get_local_addr()->sa_family, t_state.txn_conf->host_res_data.order);
@@ -4415,8 +4723,8 @@ HttpSM::parse_range_and_compare(MIMEField *field, int64_t content_length)
     return;
   }
 
-  ranges = new RangeRecord[n_values];
-  value += 6; // skip leading 'bytes='
+  ranges    = new RangeRecord[n_values];
+  value     += 6; // skip leading 'bytes='
   value_len -= 6;
 
   // assume range_in_cache
@@ -4944,7 +5252,7 @@ HttpSM::get_outbound_sni() const
 //
 //////////////////////////////////////////////////////////////////////////
 void
-HttpSM::do_http_server_open(bool raw)
+HttpSM::do_http_server_open(bool raw, bool only_direct)
 {
   int ip_family = t_state.current.server->dst_addr.sa.sa_family;
   auto fam_name = ats_ip_family_name(ip_family);
@@ -5089,6 +5397,7 @@ HttpSM::do_http_server_open(bool raw)
       (t_state.txn_conf->keep_alive_post_out == 1 || t_state.hdr_info.request_content_length <= 0) && !is_private() &&
       ua_txn != nullptr) {
     HSMresult_t shared_result;
+    SMDebug("http_ss", "Try to acquire_session for %s", t_state.current.server->name);
     shared_result = httpSessionManager.acquire_session(this,                                 // state machine
                                                        &t_state.current.server->dst_addr.sa, // ip + port
                                                        t_state.current.server->name,         // hostname
@@ -5168,6 +5477,18 @@ HttpSM::do_http_server_open(bool raw)
       ink_release_assert(ua_txn == nullptr);
     }
   }
+
+  bool multiplexed_origin = !only_direct && !raw && this->origin_multiplexed() && !is_private();
+  if (multiplexed_origin) {
+    SMDebug("http_ss", "Check for existing connect request");
+    if (this->add_to_existing_request()) {
+      SMDebug("http_ss", "Queue behind existing request");
+      // We are queued up behind an existing connect request
+      // Go away and wait.
+      return;
+    }
+  }
+
   // Check to see if we have reached the max number of connections.
   // Atomically read the current number of connections and check to see
   // if we have gone above the max allowed.
@@ -5331,7 +5652,7 @@ HttpSM::do_http_server_open(bool raw)
   opt.ssl_client_private_key_name = t_state.txn_conf->ssl_client_private_key_filename;
   opt.ssl_client_ca_cert_name     = t_state.txn_conf->ssl_client_ca_cert_filename;
   if (is_private()) {
-    // If the connection to origin is private, don't try to negotiate higher overhead protocols.
+    // If the connection to origin is private, don't try to negotiate the higher overhead H2
     opt.alpn_protocols_array_size = -1;
     SMDebug("ssl_alpn", "Clear ALPN for private session");
   } else if (t_state.txn_conf->ssl_client_alpn_protocols != nullptr) {
@@ -5341,6 +5662,28 @@ HttpSM::do_http_server_open(bool raw)
                                 opt.alpn_protocols_array_size);
   }
 
+  ConnectingEntry *new_entry = nullptr;
+  if (multiplexed_origin) {
+    EThread *ethread = this_ethread();
+    if (nullptr != ethread->connecting_pool) {
+      SMDebug("http_ss", "Queue multiplexed request");
+      new_entry          = new ConnectingEntry();
+      new_entry->mutex   = this->mutex;
+      new_entry->handler = (ContinuationHandler)&ConnectingEntry::state_http_server_open;
+      new_entry->_ipaddr.assign(&t_state.current.server->dst_addr.sa);
+      new_entry->hostname  = t_state.current.server->name;
+      new_entry->sni       = this->get_outbound_sni();
+      new_entry->cert_name = this->get_outbound_cert();
+      this->t_state.set_connect_fail(EIO);
+      new_entry->_connect_sms.insert(this);
+      ethread->connecting_pool->m_ip_pool.insert(std::make_pair(new_entry->_ipaddr, new_entry));
+    }
+  }
+
+  Continuation *cont = new_entry;
+  if (!cont) {
+    cont = this;
+  }
   if (tls_upstream) {
     SMDebug("http", "calling sslNetProcessor.connect_re");
 
@@ -5361,12 +5704,12 @@ HttpSM::do_http_server_open(bool raw)
       opt.set_ssl_servername(t_state.server_info.name);
     }
 
-    pending_action = sslNetProcessor.connect_re(this,                                 // state machine
+    pending_action = sslNetProcessor.connect_re(cont,                                 // state machine or ConnectingEntry
                                                 &t_state.current.server->dst_addr.sa, // addr + port
                                                 &opt);
   } else {
     SMDebug("http", "calling netProcessor.connect_re");
-    pending_action = netProcessor.connect_re(this,                                 // state machine
+    pending_action = netProcessor.connect_re(cont,                                 // state machine or ConnectingEntry
                                              &t_state.current.server->dst_addr.sa, // addr + port
                                              &opt);
   }
@@ -5659,7 +6002,6 @@ HttpSM::handle_post_failure()
   t_state.client_info.keep_alive     = HTTP_NO_KEEPALIVE;
   t_state.current.server->keep_alive = HTTP_NO_KEEPALIVE;
 
-  ink_assert(server_txn->get_remote_reader()->read_avail() == 0);
   tunnel.deallocate_buffers();
   tunnel.reset();
   // Server died
@@ -5702,15 +6044,18 @@ HttpSM::handle_http_server_open()
       }
     }
     server_txn->set_inactivity_timeout(get_server_inactivity_timeout());
-  }
 
-  int method = t_state.hdr_info.server_request.method_get_wksidx();
-  if (method != HTTP_WKSIDX_TRACE &&
-      (t_state.hdr_info.request_content_length > 0 || t_state.client_info.transfer_encoding == HttpTransact::CHUNKED_ENCODING) &&
-      do_post_transform_open()) {
-    do_setup_post_tunnel(HTTP_TRANSFORM_VC); // Seems like we should be sending the request along this way too
-  } else if (server_txn != nullptr) {
-    setup_server_send_request_api();
+    int method = t_state.hdr_info.server_request.method_get_wksidx();
+    if (method != HTTP_WKSIDX_TRACE &&
+        server_txn->has_request_body(t_state.hdr_info.response_content_length,
+                                     t_state.server_info.transfer_encoding == HttpTransact::CHUNKED_ENCODING) &&
+        do_post_transform_open()) {
+      do_setup_post_tunnel(HTTP_TRANSFORM_VC); /* This doesn't seem quite right.  Should be sending the request header */
+    } else {
+      setup_server_send_request_api();
+    }
+  } else {
+    ink_release_assert(!"No server_txn");
   }
 }
 
@@ -5969,6 +6314,10 @@ HttpSM::do_setup_post_tunnel(HttpVC_t to_vc_type)
       client_request_body_bytes = num_body_bytes;
     }
     ua_txn->get_remote_reader()->consume(num_body_bytes);
+    // The user agent has already sent all it has
+    if (ua_txn->is_read_closed()) {
+      post_bytes = num_body_bytes;
+    }
     p = tunnel.add_producer(ua_entry->vc, post_bytes - transfered_bytes, buf_start, &HttpSM::tunnel_handler_post_ua, HT_HTTP_CLIENT,
                             "user agent post");
   }
@@ -6005,14 +6354,22 @@ HttpSM::do_setup_post_tunnel(HttpVC_t to_vc_type)
 
   this->setup_client_request_plugin_agents(p);
 
-  // The user agent may support chunked (HTTP/1.1) or not (HTTP/2)
-  // In either case, the server will support chunked (HTTP/1.1)
+  // The user agent and origin  may support chunked (HTTP/1.1) or not (HTTP/2)
   if (chunked) {
     if (ua_txn->is_chunked_encoding_supported()) {
-      tunnel.set_producer_chunking_action(p, 0, TCA_PASSTHRU_CHUNKED_CONTENT);
+      if (server_txn->is_chunked_encoding_supported()) {
+        tunnel.set_producer_chunking_action(p, 0, TCA_PASSTHRU_CHUNKED_CONTENT);
+      } else {
+        tunnel.set_producer_chunking_action(p, 0, TCA_DECHUNK_CONTENT);
+        tunnel.set_producer_chunking_size(p, 0);
+      }
     } else {
-      tunnel.set_producer_chunking_action(p, 0, TCA_CHUNK_CONTENT);
-      tunnel.set_producer_chunking_size(p, 0);
+      if (server_txn->is_chunked_encoding_supported()) {
+        tunnel.set_producer_chunking_action(p, 0, TCA_CHUNK_CONTENT);
+        tunnel.set_producer_chunking_size(p, 0);
+      } else {
+        tunnel.set_producer_chunking_action(p, 0, TCA_PASSTHRU_DECHUNKED_CONTENT);
+      }
     }
   }
 
@@ -6168,7 +6525,7 @@ HttpSM::write_header_into_buffer(HTTPHdr *h, MIOBuffer *b)
     int tmp              = dumpoffset;
 
     ink_assert(block->write_avail() > 0);
-    done = h->print(block->start(), block->write_avail(), &bufindex, &tmp);
+    done       = h->print(block->start(), block->write_avail(), &bufindex, &tmp);
     dumpoffset += bufindex;
     ink_assert(bufindex > 0);
     b->fill(bufindex);
@@ -6180,6 +6537,17 @@ HttpSM::write_header_into_buffer(HTTPHdr *h, MIOBuffer *b)
   return dumpoffset;
 }
 
+void
+HttpSM::write_outbound_proxy_protocol()
+{
+  int64_t nbytes = 1;
+  if (t_state.txn_conf->proxy_protocol_out >= 0) {
+    nbytes = do_outbound_proxy_protocol(server_txn->get_remote_reader()->mbuf, server_txn->get_netvc(), ua_txn->get_netvc(),
+                                        t_state.txn_conf->proxy_protocol_out);
+  }
+  server_entry->write_vio = server_txn->do_io_write(this, nbytes, server_txn->get_remote_reader());
+}
+
 void
 HttpSM::attach_server_session()
 {
@@ -6266,13 +6634,15 @@ HttpSM::attach_server_session()
   // Do we need Transfer_Encoding?
   if (ua_txn->has_request_body(t_state.hdr_info.request_content_length,
                                t_state.client_info.transfer_encoding == HttpTransact::CHUNKED_ENCODING)) {
-    // See if we need to insert a chunked header
-    if (!t_state.hdr_info.server_request.presence(MIME_PRESENCE_CONTENT_LENGTH) &&
-        !t_state.hdr_info.server_request.presence(MIME_PRESENCE_TRANSFER_ENCODING)) {
-      // Stuff in a TE setting so we treat this as chunked, sort of.
-      t_state.server_info.transfer_encoding = HttpTransact::CHUNKED_ENCODING;
-      t_state.hdr_info.server_request.value_append(MIME_FIELD_TRANSFER_ENCODING, MIME_LEN_TRANSFER_ENCODING, HTTP_VALUE_CHUNKED,
-                                                   HTTP_LEN_CHUNKED, true);
+    if (server_txn->is_chunked_encoding_supported()) {
+      // See if we need to insert a chunked header
+      if (!t_state.hdr_info.server_request.presence(MIME_PRESENCE_CONTENT_LENGTH) &&
+          !t_state.hdr_info.server_request.presence(MIME_PRESENCE_TRANSFER_ENCODING)) {
+        // Stuff in a TE setting so we treat this as chunked, sort of.
+        t_state.server_info.transfer_encoding = HttpTransact::CHUNKED_ENCODING;
+        t_state.hdr_info.server_request.value_append(MIME_FIELD_TRANSFER_ENCODING, MIME_LEN_TRANSFER_ENCODING, HTTP_VALUE_CHUNKED,
+                                                     HTTP_LEN_CHUNKED, true);
+      }
     }
   }
 
@@ -6319,7 +6689,7 @@ HttpSM::setup_server_send_request()
   // the plugin decided to append a message to the request
   if (t_state.api_server_request_body_set) {
     SMDebug("http", "appending msg of %" PRId64 " bytes to request %s", msg_len, t_state.internal_msg_buffer);
-    hdr_length += server_entry->write_buffer->write(t_state.internal_msg_buffer, msg_len);
+    hdr_length                += server_entry->write_buffer->write(t_state.internal_msg_buffer, msg_len);
     server_request_body_bytes = msg_len;
   }
 
@@ -6362,10 +6732,6 @@ HttpSM::setup_server_read_response_header()
   server_response_hdr_bytes                        = 0;
   milestones[TS_MILESTONE_SERVER_READ_HEADER_DONE] = 0;
 
-  // We already done the READ when we setup the connection to
-  //   read the request header
-  ink_assert(server_entry->read_vio);
-
   // The tunnel from OS to UA is now setup.  Ready to read the response
   server_entry->read_vio = server_txn->do_io_read(this, INT64_MAX, server_txn->get_remote_reader()->mbuf);
 
@@ -6376,6 +6742,7 @@ HttpSM::setup_server_read_response_header()
   if (server_txn->get_remote_reader()->read_avail() > 0) {
     state_read_server_response_header((server_entry->eos) ? VC_EVENT_EOS : VC_EVENT_READ_READY, server_entry->read_vio);
   }
+  ink_assert(server_entry->vc != nullptr);
 }
 
 HttpTunnelProducer *
@@ -6809,36 +7176,6 @@ HttpSM::setup_transfer_from_transform_to_cache_only()
   return p;
 }
 
-void
-HttpSM::setup_server_transfer_to_cache_only()
-{
-  TunnelChunkingAction_t action;
-  int64_t alloc_index;
-  int64_t nbytes;
-
-  alloc_index               = find_server_buffer_size();
-  MIOBuffer *buf            = new_MIOBuffer(alloc_index);
-  IOBufferReader *buf_start = buf->alloc_reader();
-
-  action = (t_state.current.server && t_state.current.server->transfer_encoding == HttpTransact::CHUNKED_ENCODING) ?
-             TCA_DECHUNK_CONTENT :
-             TCA_PASSTHRU_DECHUNKED_CONTENT;
-
-  nbytes = server_transfer_init(buf, 0);
-
-  HTTP_SM_SET_DEFAULT_HANDLER(&HttpSM::tunnel_handler);
-
-  HttpTunnelProducer *p =
-    tunnel.add_producer(server_entry->vc, nbytes, buf_start, &HttpSM::tunnel_handler_server, HT_HTTP_SERVER, "http server");
-
-  tunnel.set_producer_chunking_action(p, 0, action);
-  tunnel.set_producer_chunking_size(p, t_state.txn_conf->http_chunking_size);
-
-  setup_cache_write_transfer(&cache_sm, server_entry->vc, &t_state.cache_info.object_store, 0, "cache write");
-
-  server_entry->in_tunnel = true;
-}
-
 HttpTunnelProducer *
 HttpSM::setup_server_transfer()
 {
@@ -6897,28 +7234,6 @@ HttpSM::setup_server_transfer()
 
   this->setup_client_response_plugin_agents(p, client_response_hdr_bytes);
 
-  // If the incoming server response is chunked and the client does not
-  // expect a chunked response, then dechunk it.  Otherwise, if the
-  // incoming response is not chunked and the client expects a chunked
-  // response, then chunk it.
-  /*
-     // this block is moved up so that we know if we need to remove
-     // Content-Length field from response header before writing the
-     // response header into buffer bz50730
-     TunnelChunkingAction_t action;
-     if (t_state.client_info.receive_chunked_response == false) {
-     if (t_state.current.server->transfer_encoding ==
-     HttpTransact::CHUNKED_ENCODING)
-     action = TCA_DECHUNK_CONTENT;
-     else action = TCA_PASSTHRU_DECHUNKED_CONTENT;
-     }
-     else {
-     if (t_state.current.server->transfer_encoding !=
-     HttpTransact::CHUNKED_ENCODING)
-     action = TCA_CHUNK_CONTENT;
-     else action = TCA_PASSTHRU_CHUNKED_CONTENT;
-     }
-   */
   tunnel.set_producer_chunking_action(p, client_response_hdr_bytes, action);
   tunnel.set_producer_chunking_size(p, t_state.txn_conf->http_chunking_size);
   return p;
@@ -7151,12 +7466,17 @@ HttpSM::kill_this()
     transform_cache_sm.end_both();
     vc_table.cleanup_all();
 
-    // tunnel.deallocate_buffers();
-    // Why don't we just kill the tunnel?  Might still be
-    // active if the state machine is going down hard,
-    // and we should clean it up.
+    // Clean up the tunnel resources. Take
+    // it down if it is still active
     tunnel.kill_tunnel();
 
+    if (_netvc) {
+      _netvc->do_io_close();
+      free_MIOBuffer(_netvc_read_buffer);
+    } else if (server_txn == nullptr) {
+      this->cancel_pending_server_connection();
+    }
+
     // It possible that a plugin added transform hook
     //   but the hook never executed due to a client abort
     //   In that case, we need to manually close all the
@@ -7636,7 +7956,7 @@ HttpSM::set_next_state()
       if (ua_txn && !ua_txn->has_request_body(t_state.hdr_info.request_content_length,
                                               t_state.client_info.transfer_encoding == HttpTransact::CHUNKED_ENCODING)) {
         ua_txn->cancel_inactivity_timeout();
-      } else if (!ua_txn) {
+      } else if (!ua_txn || ua_txn->get_netvc() == nullptr) {
         terminate_sm = true;
         return; // Give up if there is no session
       }
@@ -8250,6 +8570,9 @@ HttpSM::get_http_schedule(int event, void * /* data ATS_UNUSED */)
   return 0;
 }
 
+/*
+ * Used from an InkAPI
+ */
 bool
 HttpSM::set_server_session_private(bool private_session)
 {
@@ -8260,8 +8583,8 @@ HttpSM::set_server_session_private(bool private_session)
   return false;
 }
 
-inline bool
-HttpSM::is_private()
+bool
+HttpSM::is_private() const
 {
   bool res = false;
   if (will_be_private_ss) {
diff --git a/proxy/http/HttpSM.h b/proxy/http/HttpSM.h
index 3a41ad866f9..d126421cdb9 100644
--- a/proxy/http/HttpSM.h
+++ b/proxy/http/HttpSM.h
@@ -47,7 +47,10 @@
 #include "tscore/PendingAction.h"
 
 #define HTTP_API_CONTINUE (INK_API_EVENT_EVENTS_START + 0)
-#define HTTP_API_ERROR (INK_API_EVENT_EVENTS_START + 1)
+#define HTTP_API_ERROR    (INK_API_EVENT_EVENTS_START + 1)
+
+#define CONNECT_EVENT_TXN    (HTTP_NET_CONNECTION_EVENT_EVENTS_START) + 0
+#define CONNECT_EVENT_DIRECT (HTTP_NET_CONNECTION_EVENT_EVENTS_START) + 1
 
 // The default size for http header buffers when we don't
 //   need to include extra space for the document
@@ -60,7 +63,7 @@ static size_t const HTTP_HEADER_BUFFER_SIZE_INDEX = CLIENT_CONNECTION_FIRST_READ
 //   the larger buffer size
 static size_t const HTTP_SERVER_RESP_HDR_BUFFER_INDEX = BUFFER_SIZE_INDEX_8K;
 
-class Http1ServerSession;
+class PoolableSession;
 class AuthHttpAdapter;
 class PreWarmSM;
 
@@ -225,13 +228,15 @@ class HttpSM : public Continuation, public PluginUserArgs
   //  holding the lock for the server session
   void attach_server_session();
 
-  PoolableSession *create_server_session(NetVConnection *netvc);
+  PoolableSession *create_server_session(NetVConnection *netvc, MIOBuffer *netvc_read_buffer, IOBufferReader *netvc_reader);
   bool create_server_txn(PoolableSession *new_session);
 
   HTTPVersion get_server_version(HTTPHdr &hdr) const;
 
   ProxyTransaction *get_ua_txn();
   ProxyTransaction *get_server_txn();
+  // Write out the proxy_protocol information on a new outbound connection
+  void write_outbound_proxy_protocol();
 
   // Called by transact.  Updates are fire and forget
   //  so there are no callbacks and are safe to do
@@ -263,6 +268,8 @@ class HttpSM : public Continuation, public PluginUserArgs
   // A NULL 'r' argument indicates the hostdb lookup failed
   void process_hostdb_info(HostDBRecord *record);
   void process_srv_info(HostDBRecord *record);
+  bool origin_multiplexed() const;
+  bool add_to_existing_request();
 
   // Called by transact.  Synchronous.
   VConnection *do_transform_open();
@@ -288,7 +295,7 @@ class HttpSM : public Continuation, public PluginUserArgs
   void txn_hook_add(TSHttpHookID id, INKContInternal *cont);
   APIHook *txn_hook_get(TSHttpHookID id);
 
-  bool is_private();
+  bool is_private() const;
   bool is_redirect_required();
 
   /// Get the protocol stack for the inbound (client, user agent) connection.
@@ -402,6 +409,7 @@ class HttpSM : public Continuation, public PluginUserArgs
   int tunnel_handler(int event, void *data);
   int tunnel_handler_push(int event, void *data);
   int tunnel_handler_post(int event, void *data);
+  int tunnel_handler_trailer(int event, void *data);
 
   // YTS Team, yamsat Plugin
   int tunnel_handler_for_partial_post(int event, void *data);
@@ -451,6 +459,8 @@ class HttpSM : public Continuation, public PluginUserArgs
   int tunnel_handler_cache_read(int event, HttpTunnelProducer *p);
   int tunnel_handler_post_ua(int event, HttpTunnelProducer *c);
   int tunnel_handler_post_server(int event, HttpTunnelConsumer *c);
+  int tunnel_handler_trailer_ua(int event, HttpTunnelConsumer *c);
+  int tunnel_handler_trailer_server(int event, HttpTunnelProducer *c);
   int tunnel_handler_ssl_producer(int event, HttpTunnelProducer *p);
   int tunnel_handler_ssl_consumer(int event, HttpTunnelConsumer *p);
   int tunnel_handler_transform_write(int event, HttpTunnelConsumer *c);
@@ -460,7 +470,7 @@ class HttpSM : public Continuation, public PluginUserArgs
   void do_hostdb_lookup();
   void do_hostdb_reverse_lookup();
   void do_cache_lookup_and_read();
-  void do_http_server_open(bool raw = false);
+  void do_http_server_open(bool raw = false, bool only_direct = false);
   void send_origin_throttled_response();
   void do_setup_post_tunnel(HttpVC_t to_vc_type);
   void do_cache_prepare_write();
@@ -494,7 +504,6 @@ class HttpSM : public Continuation, public PluginUserArgs
   void setup_server_send_request();
   void setup_server_send_request_api();
   HttpTunnelProducer *setup_server_transfer();
-  void setup_server_transfer_to_cache_only();
   HttpTunnelProducer *setup_cache_read_transfer();
   void setup_internal_transfer(HttpSMHandler handler);
   void setup_error_transfer();
@@ -637,12 +646,17 @@ class HttpSM : public Continuation, public PluginUserArgs
   void rewind_state_machine();
 
 private:
+  void cancel_pending_server_connection();
+
   PostDataBuffers _postbuf;
   int _client_connection_id = -1, _client_transaction_id = -1;
   int _client_transaction_priority_weight = -1, _client_transaction_priority_dependence = -1;
-  bool _from_early_data       = false;
-  SNIRoutingType _tunnel_type = SNIRoutingType::NONE;
-  PreWarmSM *_prewarm_sm      = nullptr;
+  bool _from_early_data         = false;
+  SNIRoutingType _tunnel_type   = SNIRoutingType::NONE;
+  PreWarmSM *_prewarm_sm        = nullptr;
+  NetVConnection *_netvc        = nullptr;
+  IOBufferReader *_netvc_reader = nullptr;
+  MIOBuffer *_netvc_read_buffer = nullptr;
 };
 
 ////
diff --git a/proxy/http/HttpSessionAccept.h b/proxy/http/HttpSessionAccept.h
index 588fa265352..a8ab00ab7b3 100644
--- a/proxy/http/HttpSessionAccept.h
+++ b/proxy/http/HttpSessionAccept.h
@@ -198,6 +198,6 @@ class HttpSessionAccept : public SessionAccept, private detail::HttpSessionAccep
   int mainEvent(int event, void *netvc) override;
 
   // noncopyable
-  HttpSessionAccept(const HttpSessionAccept &) = delete;
+  HttpSessionAccept(const HttpSessionAccept &)            = delete;
   HttpSessionAccept &operator=(const HttpSessionAccept &) = delete;
 };
diff --git a/proxy/http/HttpSessionManager.cc b/proxy/http/HttpSessionManager.cc
index d20a1e9e7fe..09aeb8d73e0 100644
--- a/proxy/http/HttpSessionManager.cc
+++ b/proxy/http/HttpSessionManager.cc
@@ -165,7 +165,9 @@ ServerSessionPool::acquireSession(sockaddr const *addr, CryptoHash const &hostna
     }
     if (zret == HSM_DONE) {
       to_return = first;
-      this->removeSession(to_return);
+      if (!to_return->is_multiplexing()) {
+        this->removeSession(to_return);
+      }
     } else if (first != m_fqdn_pool.end()) {
       Debug("http_ss", "Failed find entry due to name mismatch %s", sm->t_state.current.server->name);
     }
@@ -190,7 +192,9 @@ ServerSessionPool::acquireSession(sockaddr const *addr, CryptoHash const &hostna
     }
     if (zret == HSM_DONE) {
       to_return = first;
-      this->removeSession(to_return);
+      if (!to_return->is_multiplexing()) {
+        this->removeSession(to_return);
+      }
     }
   }
   return zret;
@@ -447,7 +451,10 @@ HttpSessionManager::_acquire_session(sockaddr const *ip, CryptoHash const &hostn
       } else {
         Debug("http_ss", "[%" PRId64 "] [acquire session] failed to get transaction on session from shared pool",
               to_return->connection_id());
-        to_return->do_io_close();
+        // Don't close the H2 origin.  Otherwise you get use-after free with the activity timeout cop
+        if (!to_return->is_multiplexing()) {
+          to_return->do_io_close();
+        }
         retval = HSM_RETRY;
       }
     }
diff --git a/proxy/http/HttpSessionManager.h b/proxy/http/HttpSessionManager.h
index 6375d788c61..b11ad45be9f 100644
--- a/proxy/http/HttpSessionManager.h
+++ b/proxy/http/HttpSessionManager.h
@@ -67,6 +67,8 @@ class ServerSessionPool : public Continuation
   static bool validate_host_sni(HttpSM *sm, NetVConnection *netvc);
   static bool validate_sni(HttpSM *sm, NetVConnection *netvc);
   static bool validate_cert(HttpSM *sm, NetVConnection *netvc);
+  void removeSession(PoolableSession *ssn);
+  void addSession(PoolableSession *ssn);
   int
   count() const
   {
@@ -74,9 +76,6 @@ class ServerSessionPool : public Continuation
   }
 
 private:
-  void removeSession(PoolableSession *ssn);
-  void addSession(PoolableSession *ssn);
-
   using IPTable   = IntrusiveHashMap;
   using FQDNTable = IntrusiveHashMap;
 
diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc
index c79f698e244..5d8670d6474 100644
--- a/proxy/http/HttpTransact.cc
+++ b/proxy/http/HttpTransact.cc
@@ -463,7 +463,7 @@ update_cache_control_information_from_config(HttpTransact::State *s)
 {
   getCacheControl(&s->cache_control, &s->request_data, s->txn_conf);
 
-  s->cache_info.directives.does_config_permit_lookup &= (s->cache_control.never_cache == false);
+  s->cache_info.directives.does_config_permit_lookup  &= (s->cache_control.never_cache == false);
   s->cache_info.directives.does_config_permit_storing &= (s->cache_control.never_cache == false);
 
   s->cache_info.directives.does_client_permit_storing =
@@ -2518,7 +2518,7 @@ HttpTransact::issue_revalidate(State *s)
       const char *etag = c_resp->value_get(MIME_FIELD_ETAG, MIME_LEN_ETAG, &length);
       if (nullptr != etag) {
         if ((length >= 2) && (etag[0] == 'W') && (etag[1] == '/')) {
-          etag += 2;
+          etag   += 2;
           length -= 2;
         }
         s->hdr_info.server_request.value_set(MIME_FIELD_IF_NONE_MATCH, MIME_LEN_IF_NONE_MATCH, etag, length);
@@ -3764,7 +3764,8 @@ HttpTransact::handle_response_from_server(State *s)
 
     TxnDebug("http_trans", "max_connect_retries: %d s->current.attempts: %d", max_connect_retries, s->current.attempts.get());
 
-    if (is_request_retryable(s) && s->current.attempts.get() < max_connect_retries) {
+    if (is_request_retryable(s) && s->current.attempts.get() < max_connect_retries &&
+        !HttpTransact::is_response_valid(s, &s->hdr_info.server_response)) {
       // If this is a round robin DNS entry & we're tried configured
       //    number of times, we should try another node
       if (ResolveInfo::OS_Addr::TRY_CLIENT == s->dns_info.os_addr_style) {
@@ -7859,11 +7860,11 @@ HttpTransact::build_response(State *s, HTTPHdr *base_response, HTTPHdr *outgoing
             int len;
             uint64_t presence;
           } fields[] = {
-            {MIME_FIELD_ETAG, MIME_LEN_ETAG, MIME_PRESENCE_ETAG},
+            {MIME_FIELD_ETAG,             MIME_LEN_ETAG,             MIME_PRESENCE_ETAG            },
             {MIME_FIELD_CONTENT_LOCATION, MIME_LEN_CONTENT_LOCATION, MIME_PRESENCE_CONTENT_LOCATION},
-            {MIME_FIELD_EXPIRES, MIME_LEN_EXPIRES, MIME_PRESENCE_EXPIRES},
-            {MIME_FIELD_CACHE_CONTROL, MIME_LEN_CACHE_CONTROL, MIME_PRESENCE_CACHE_CONTROL},
-            {MIME_FIELD_VARY, MIME_LEN_VARY, MIME_PRESENCE_VARY},
+            {MIME_FIELD_EXPIRES,          MIME_LEN_EXPIRES,          MIME_PRESENCE_EXPIRES         },
+            {MIME_FIELD_CACHE_CONTROL,    MIME_LEN_CACHE_CONTROL,    MIME_PRESENCE_CACHE_CONTROL   },
+            {MIME_FIELD_VARY,             MIME_LEN_VARY,             MIME_PRESENCE_VARY            },
           };
 
           for (size_t i = 0; i < countof(fields); i++) {
diff --git a/proxy/http/HttpTransact.h b/proxy/http/HttpTransact.h
index 61da1211a86..427af0e800e 100644
--- a/proxy/http/HttpTransact.h
+++ b/proxy/http/HttpTransact.h
@@ -60,10 +60,10 @@
       offset = 0;                                               \
       if ((H)->valid()) {                                       \
         do {                                                    \
-          used = 0;                                             \
-          tmp  = offset;                                        \
-          done = (H)->print(b, 4095, &used, &tmp);              \
-          offset += used;                                       \
+          used    = 0;                                          \
+          tmp     = offset;                                     \
+          done    = (H)->print(b, 4095, &used, &tmp);           \
+          offset  += used;                                      \
           b[used] = '\0';                                       \
           fprintf(stderr, "%s", b);                             \
         } while (!done);                                        \
@@ -217,7 +217,7 @@ const int32_t HTTP_UNDEFINED_CL = -1;
 //
 //////////////////////////////////////////////////////////////////////////////
 #define SET_VIA_STRING(I, S) s->via_string[I] = S;
-#define GET_VIA_STRING(I) (s->via_string[I])
+#define GET_VIA_STRING(I)    (s->via_string[I])
 
 class HttpTransact
 {
@@ -925,6 +925,7 @@ class HttpTransact
     void
     set_connect_fail(int e)
     {
+      int const original_connect_result = this->current.server->connect_result;
       if (e == EUSERS) {
         // EUSERS is used when the number of connections exceeds the configured
         // limit. Since this is not a network connectivity issue with the
@@ -937,7 +938,7 @@ class HttpTransact
       if (e != EIO) {
         this->cause_of_death_errno = e;
       }
-      Debug("http", "Setting upstream connection failure %d to %d", e, this->current.server->connect_result);
+      Debug("http", "Setting upstream connection failure %d to %d", original_connect_result, this->current.server->connect_result);
     }
 
     MgmtInt
diff --git a/proxy/http/HttpTransactCache.cc b/proxy/http/HttpTransactCache.cc
index 48b3282e601..9750f450be7 100644
--- a/proxy/http/HttpTransactCache.cc
+++ b/proxy/http/HttpTransactCache.cc
@@ -223,20 +223,20 @@ HttpTransactCache::SelectFromAlternates(CacheHTTPInfoVector *cache_vector, HTTPH
 
         offset = 0;
         do {
-          used = 0;
-          tmp  = offset;
-          done = cached_request->print(b, sizeof(b) - 1, &used, &tmp);
-          offset += used;
+          used    = 0;
+          tmp     = offset;
+          done    = cached_request->print(b, sizeof(b) - 1, &used, &tmp);
+          offset  += used;
           b[used] = '\0';
           fprintf(stderr, "%s", b);
         } while (!done);
 
         offset = 0;
         do {
-          used = 0;
-          tmp  = offset;
-          done = cached_response->print(b, sizeof(b) - 1, &used, &tmp);
-          offset += used;
+          used    = 0;
+          tmp     = offset;
+          done    = cached_response->print(b, sizeof(b) - 1, &used, &tmp);
+          offset  += used;
           b[used] = '\0';
           fprintf(stderr, "%s", b);
         } while (!done);
diff --git a/proxy/http/HttpTransactHeaders.cc b/proxy/http/HttpTransactHeaders.cc
index 8f8b00f63aa..3ea841128a3 100644
--- a/proxy/http/HttpTransactHeaders.cc
+++ b/proxy/http/HttpTransactHeaders.cc
@@ -135,7 +135,7 @@ HttpTransactHeaders::insert_supported_methods_in_response(HTTPHdr *response, int
     if (is_supported) {
       ++num_methods_supported;
       method_output_lengths[i] = hdrtoken_wks_to_length(method_wks);
-      bytes += method_output_lengths[i];
+      bytes                    += method_output_lengths[i];
       if (num_methods_supported > 1) {
         bytes += 2; // +2 if need leading ", "
       }
@@ -781,7 +781,7 @@ HttpTransactHeaders::insert_via_header_in_request(HttpTransact::State *s, HTTPHd
 
   *via_string++ = '[';
   memcpy(via_string, Machine::instance()->uuid.getString(), TS_UUID_STRING_LEN);
-  via_string += TS_UUID_STRING_LEN;
+  via_string    += TS_UUID_STRING_LEN;
   *via_string++ = ']';
   *via_string++ = ' ';
   *via_string++ = '(';
@@ -867,7 +867,7 @@ HttpTransactHeaders::insert_via_header_in_response(HttpTransact::State *s, HTTPH
     write_hdr_protocol_stack(via_string, via_limit - via_string, ProtocolStackDetail::Standard, proto_buf.data(), n_proto);
   *via_string++ = ' ';
 
-  via_string += nstrcpy(via_string, s->http_config_param->proxy_hostname);
+  via_string    += nstrcpy(via_string, s->http_config_param->proxy_hostname);
   *via_string++ = ' ';
   *via_string++ = '(';
 
diff --git a/proxy/http/HttpTunnel.cc b/proxy/http/HttpTunnel.cc
index 9071d29133e..9d6a6b32fd7 100644
--- a/proxy/http/HttpTunnel.cc
+++ b/proxy/http/HttpTunnel.cc
@@ -223,9 +223,9 @@ ChunkedHandler::transfer_bytes()
 
     if (moved > 0) {
       chunked_reader->consume(moved);
-      bytes_left = bytes_left - moved;
+      bytes_left     = bytes_left - moved;
       dechunked_size += moved;
-      total_moved += moved;
+      total_moved    += moved;
     } else {
       break;
     }
@@ -725,6 +725,7 @@ HttpTunnel::chain(HttpTunnelConsumer *c, HttpTunnelProducer *p)
 void
 HttpTunnel::tunnel_run(HttpTunnelProducer *p_arg)
 {
+  ++reentrancy_count;
   Debug("http_tunnel", "tunnel_run started, p_arg is %s", p_arg ? "provided" : "NULL");
   if (p_arg) {
     producer_run(p_arg);
@@ -740,6 +741,7 @@ HttpTunnel::tunnel_run(HttpTunnelProducer *p_arg)
       }
     }
   }
+  --reentrancy_count;
 
   // It is possible that there was nothing to do
   //   due to a all transfers being zero length
@@ -984,11 +986,14 @@ HttpTunnel::producer_run(HttpTunnelProducer *p)
           p->handler_state = HTTP_SM_POST_SUCCESS;
         }
       }
+      Debug("http_tunnel", "Start write vio %ld bytes", c_write);
       // Start the writes now that we know we will consume all the initial data
       c->write_vio = c->vc->do_io_write(this, c_write, c->buffer_reader);
       ink_assert(c_write > 0);
       if (c->write_vio == nullptr) {
         consumer_handler(VC_EVENT_ERROR, c);
+      } else if (c->write_vio->ntodo() == 0 && c->alive) {
+        consumer_handler(VC_EVENT_WRITE_COMPLETE, c);
       }
     }
   }
@@ -1008,7 +1013,16 @@ HttpTunnel::producer_run(HttpTunnelProducer *p)
       if (read_start_pos > 0) {
         p->read_vio = ((CacheVC *)p->vc)->do_io_pread(this, producer_n, p->read_buffer, read_start_pos);
       } else {
+        Debug("http_tunnel", "Start read vio %ld bytes", producer_n);
         p->read_vio = p->vc->do_io_read(this, producer_n, p->read_buffer);
+        p->read_vio->reenable();
+      }
+    }
+  } else {
+    // If the producer is not alive (precomplete) make sure to kick the consumers
+    for (c = p->consumer_list.head; c; c = c->link.next) {
+      if (c->alive && c->write_vio) {
+        c->write_vio->reenable();
       }
     }
   }
@@ -1136,14 +1150,6 @@ HttpTunnel::producer_handler(int event, HttpTunnelProducer *p)
   // Handle chunking/dechunking/chunked-passthrough if necessary.
   if (p->do_chunking) {
     event = producer_handler_dechunked(event, p);
-
-    // If we were in PRECOMPLETE when this function was called
-    // and we are doing chunking, then we just wrote the last
-    // chunk in the function call above.  We are done with the
-    // tunnel.
-    if (event == HTTP_TUNNEL_EVENT_PRECOMPLETE) {
-      event = VC_EVENT_EOS;
-    }
   } else if (p->do_dechunking || p->do_chunked_passthru) {
     event = producer_handler_chunked(event, p);
   } else {
@@ -1186,6 +1192,7 @@ HttpTunnel::producer_handler(int event, HttpTunnelProducer *p)
     // Data read from producer, reenable consumers
     for (c = p->consumer_list.head; c; c = c->link.next) {
       if (c->alive && c->write_vio) {
+        Debug("http_redirect", "Read ready alive");
         c->write_vio->reenable();
       }
     }
@@ -1195,6 +1202,8 @@ HttpTunnel::producer_handler(int event, HttpTunnelProducer *p)
     // If the write completes on the stack (as it can for http2), then
     // consumer could have called back by this point.  Must treat this as
     // a regular read complete (falling through to the following cases).
+    p->bytes_read = p->init_bytes_done;
+    [[fallthrough]];
 
   case VC_EVENT_READ_COMPLETE:
   case VC_EVENT_EOS:
@@ -1208,7 +1217,6 @@ HttpTunnel::producer_handler(int event, HttpTunnelProducer *p)
       //   the message length being a property of the encoding)
       //   In that case, we won't have done a do_io so there
       //   will not be vio
-      p->bytes_read = 0;
     }
 
     // callback the SM to notify of completion
@@ -1223,9 +1231,12 @@ HttpTunnel::producer_handler(int event, HttpTunnelProducer *p)
     sm_callback = true;
     p->update_state_if_not_set(HTTP_SM_POST_SUCCESS);
 
-    // Data read from producer, reenable consumers
+    // Kick off the consumers if appropriate
     for (c = p->consumer_list.head; c; c = c->link.next) {
       if (c->alive && c->write_vio) {
+        if (c->write_vio->nbytes == INT64_MAX) {
+          c->write_vio->nbytes = p->bytes_read + p->init_bytes_done - c->skip_bytes;
+        }
         c->write_vio->reenable();
       }
     }
@@ -1361,6 +1372,9 @@ HttpTunnel::consumer_handler(int event, HttpTunnelConsumer *c)
   case VC_EVENT_INACTIVITY_TIMEOUT:
     ink_assert(c->alive);
     ink_assert(c->buffer_reader);
+    if (c->write_vio) {
+      c->write_vio->reenable();
+    }
     c->alive = false;
 
     c->bytes_written = c->write_vio ? c->write_vio->ndone : 0;
diff --git a/proxy/http/HttpTunnel.h b/proxy/http/HttpTunnel.h
index 0bd1be84511..895d65adb65 100644
--- a/proxy/http/HttpTunnel.h
+++ b/proxy/http/HttpTunnel.h
@@ -45,16 +45,16 @@
 #define MAX_PRODUCERS 2
 #define MAX_CONSUMERS 4
 
-#define HTTP_TUNNEL_EVENT_DONE (HTTP_TUNNEL_EVENTS_START + 1)
-#define HTTP_TUNNEL_EVENT_PRECOMPLETE (HTTP_TUNNEL_EVENTS_START + 2)
+#define HTTP_TUNNEL_EVENT_DONE            (HTTP_TUNNEL_EVENTS_START + 1)
+#define HTTP_TUNNEL_EVENT_PRECOMPLETE     (HTTP_TUNNEL_EVENTS_START + 2)
 #define HTTP_TUNNEL_EVENT_CONSUMER_DETACH (HTTP_TUNNEL_EVENTS_START + 3)
-#define HTTP_TUNNEL_EVENT_ACTIVITY_CHECK (HTTP_TUNNEL_EVENTS_START + 4)
+#define HTTP_TUNNEL_EVENT_ACTIVITY_CHECK  (HTTP_TUNNEL_EVENTS_START + 4)
 
 #define HTTP_TUNNEL_STATIC_PRODUCER (VConnection *)!0
 
 // YTS Team, yamsat Plugin
 #define ALLOCATE_AND_WRITE_TO_BUF 1
-#define WRITE_TO_BUF 2
+#define WRITE_TO_BUF              2
 
 struct HttpTunnelProducer;
 class HttpSM;
@@ -518,7 +518,7 @@ HttpTunnel::append_message_to_producer_buffer(HttpTunnelProducer *p, const char
   }
 
   p->read_buffer->write(msg, msg_len);
-  p->nbytes += msg_len;
+  p->nbytes     += msg_len;
   p->bytes_read += msg_len;
 }
 
diff --git a/proxy/http/Makefile.am b/proxy/http/Makefile.am
index dab3678f01d..22cee4ac76a 100644
--- a/proxy/http/Makefile.am
+++ b/proxy/http/Makefile.am
@@ -41,6 +41,8 @@ noinst_HEADERS = HttpProxyServerMain.h
 noinst_LIBRARIES = libhttp.a
 
 libhttp_a_SOURCES = \
+	ConnectingEntry.cc \
+	ConnectingEntry.h \
 	HttpSessionAccept.cc \
 	HttpSessionAccept.h \
 	HttpBodyFactory.cc \
diff --git a/proxy/http/PreWarmConfig.h b/proxy/http/PreWarmConfig.h
index 12b22100f58..e199722e103 100644
--- a/proxy/http/PreWarmConfig.h
+++ b/proxy/http/PreWarmConfig.h
@@ -27,7 +27,7 @@ struct PreWarmConfigParams : public ConfigInfo {
   PreWarmConfigParams();
 
   // noncopyable
-  PreWarmConfigParams(const HttpConfigParams &) = delete;
+  PreWarmConfigParams(const HttpConfigParams &)            = delete;
   PreWarmConfigParams &operator=(const HttpConfigParams &) = delete;
 
   // Config Params
diff --git a/proxy/http/PreWarmManager.cc b/proxy/http/PreWarmManager.cc
index dd67fc9cf66..f06c3cb57ae 100644
--- a/proxy/http/PreWarmManager.cc
+++ b/proxy/http/PreWarmManager.cc
@@ -34,7 +34,7 @@
 
 #include 
 
-#define PreWarmSMDebug(fmt, ...) Debug("prewarm_sm", "[%p] " fmt, this, ##__VA_ARGS__);
+#define PreWarmSMDebug(fmt, ...)  Debug("prewarm_sm", "[%p] " fmt, this, ##__VA_ARGS__);
 #define PreWarmSMVDebug(fmt, ...) Debug("v_prewarm_sm", "[%p] " fmt, this, ##__VA_ARGS__);
 
 ClassAllocator preWarmSMAllocator("preWarmSMAllocator");
diff --git a/proxy/http/RegressionHttpTransact.cc b/proxy/http/RegressionHttpTransact.cc
index 7008edea955..dc62d066383 100644
--- a/proxy/http/RegressionHttpTransact.cc
+++ b/proxy/http/RegressionHttpTransact.cc
@@ -72,25 +72,27 @@ REGRESSION_TEST(HttpTransact_is_request_valid)(RegressionTest *t, int /* level *
     const char *scheme;
     const char *req;
     bool result;
-  } requests[] = {// missing host header
-                  {"http", "GET / HTTP/1.1\r\n\r\n", false},
-                  // good get request
-                  {"http", "GET / HTTP/1.1\r\nHost: abc.com\r\n\r\n", true},
-                  // good trace request
-                  {"http", "TRACE / HTTP/1.1\r\nHost: abc.com\r\n\r\n", true},
-                  // content len < 0
-                  {"http", "POST / HTTP/1.1\r\nHost: abc.com\r\nContent-Length: -1\r\n\r\n", false},
-                  {"http", "PUSH / HTTP/1.1\r\nHost: abc.com\r\nContent-Length: -1\r\n\r\n", false},
-                  {"http", "PUT / HTTP/1.1\r\nHost: abc.com\r\nContent-Length: -1\r\n\r\n", false},
-                  // valid content len
-                  {"http", "POST / HTTP/1.1\r\nHost: abc.com\r\nContent-Length: 10\r\n\r\n", true},
-                  {"http", "PUSH / HTTP/1.1\r\nHost: abc.com\r\nContent-Length: 10\r\n\r\n", true},
-                  {"http", "PUT / HTTP/1.1\r\nHost: abc.com\r\nContent-Length: 10\r\n\r\n", true},
-                  // Content Length missing
-                  {"http", "POST / HTTP/1.1\r\nHost: abc.com\r\n\r\n", false},
-                  {"http", "PUSH / HTTP/1.1\r\nHost: abc.com\r\n\r\n", false},
-                  {"http", "PUT / HTTP/1.1\r\nHost: abc.com\r\n\r\n", false},
-                  {nullptr, nullptr, false}};
+  } requests[] = {
+  // missing host header
+    {"http",  "GET / HTTP/1.1\r\n\r\n",                                         false},
+ // good get request
+    {"http",  "GET / HTTP/1.1\r\nHost: abc.com\r\n\r\n",                        true },
+ // good trace request
+    {"http",  "TRACE / HTTP/1.1\r\nHost: abc.com\r\n\r\n",                      true },
+ // content len < 0
+    {"http",  "POST / HTTP/1.1\r\nHost: abc.com\r\nContent-Length: -1\r\n\r\n", false},
+    {"http",  "PUSH / HTTP/1.1\r\nHost: abc.com\r\nContent-Length: -1\r\n\r\n", false},
+    {"http",  "PUT / HTTP/1.1\r\nHost: abc.com\r\nContent-Length: -1\r\n\r\n",  false},
+ // valid content len
+    {"http",  "POST / HTTP/1.1\r\nHost: abc.com\r\nContent-Length: 10\r\n\r\n", true },
+    {"http",  "PUSH / HTTP/1.1\r\nHost: abc.com\r\nContent-Length: 10\r\n\r\n", true },
+    {"http",  "PUT / HTTP/1.1\r\nHost: abc.com\r\nContent-Length: 10\r\n\r\n",  true },
+ // Content Length missing
+    {"http",  "POST / HTTP/1.1\r\nHost: abc.com\r\n\r\n",                       false},
+    {"http",  "PUSH / HTTP/1.1\r\nHost: abc.com\r\n\r\n",                       false},
+    {"http",  "PUT / HTTP/1.1\r\nHost: abc.com\r\n\r\n",                        false},
+    {nullptr, nullptr,                                                          false}
+  };
   for (int i = 0; requests[i].req; i++) {
     setup_client_request(&sm, requests[i].scheme, requests[i].req);
 
@@ -112,9 +114,11 @@ REGRESSION_TEST(HttpTransact_handle_trace_and_options_requests)(RegressionTest *
     const char *scheme;
     const char *req;
     bool result;
-  } requests[] = {// good trace request
-                  {"http", "TRACE www.abc.com/ HTTP/1.1\r\nHost: abc.com\r\nMax-Forwards: 0\r\n\r\n", true},
-                  {nullptr, nullptr, false}};
+  } requests[] = {
+  // good trace request
+    {"http",  "TRACE www.abc.com/ HTTP/1.1\r\nHost: abc.com\r\nMax-Forwards: 0\r\n\r\n", true },
+    {nullptr, nullptr,                                                                   false}
+  };
   for (int i = 0; requests[i].req; i++) {
     setup_client_request(&sm, requests[i].scheme, requests[i].req);
 
diff --git a/proxy/http/remap/AclFiltering.h b/proxy/http/remap/AclFiltering.h
index ceba59a7c2c..c62339311c8 100644
--- a/proxy/http/remap/AclFiltering.h
+++ b/proxy/http/remap/AclFiltering.h
@@ -70,10 +70,10 @@ class acl_filter_rule
   acl_filter_rule *next = nullptr;
   char *filter_name     = nullptr; // optional filter name
   unsigned int allow_flag : 1,     // action allow deny
-    src_ip_valid : 1,              // src_ip range valid
-    in_ip_valid : 1,
-    active_queue_flag : 1, // filter is in active state (used by .useflt directive)
-    internal : 1;          // filter internal HTTP requests
+    src_ip_valid          : 1,     // src_ip range valid
+    in_ip_valid           : 1,
+    active_queue_flag     : 1, // filter is in active state (used by .useflt directive)
+    internal              : 1; // filter internal HTTP requests
 
   // we need arguments as string array for directive processing
   int argc = 0;                    // argument counter (only for filter defs)
diff --git a/proxy/http/remap/NextHopSelectionStrategy.h b/proxy/http/remap/NextHopSelectionStrategy.h
index e63a3a4f23c..1fe49cb701f 100644
--- a/proxy/http/remap/NextHopSelectionStrategy.h
+++ b/proxy/http/remap/NextHopSelectionStrategy.h
@@ -32,9 +32,9 @@
 
 #ifndef _NH_UNIT_TESTS_
 #define NH_Debug(tag, ...) Debug(tag, __VA_ARGS__)
-#define NH_Error(...) DiagsError(DL_Error, __VA_ARGS__)
-#define NH_Note(...) DiagsError(DL_Note, __VA_ARGS__)
-#define NH_Warn(...) DiagsError(DL_Warning, __VA_ARGS__)
+#define NH_Error(...)      DiagsError(DL_Error, __VA_ARGS__)
+#define NH_Note(...)       DiagsError(DL_Note, __VA_ARGS__)
+#define NH_Warn(...)       DiagsError(DL_Warning, __VA_ARGS__)
 #define NH_GetConfig(v, n) REC_ReadConfigInteger(v, n)
 #else
 #include "unit-tests/nexthop_test_stubs.h"
@@ -125,7 +125,7 @@ struct HostRecord : public ATSConsistentHashNode, public HostRecordCfg {
   explicit HostRecord(HostRecordCfg &&o) : HostRecordCfg(std::move(o)) {}
 
   // No copying or moving.
-  HostRecord(const HostRecord &) = delete;
+  HostRecord(const HostRecord &)            = delete;
   HostRecord &operator=(const HostRecord &) = delete;
 
   // locks the record when marking this host down.
diff --git a/proxy/http/remap/RemapConfig.cc b/proxy/http/remap/RemapConfig.cc
index 9df1c0f406b..2798517bb4a 100644
--- a/proxy/http/remap/RemapConfig.cc
+++ b/proxy/http/remap/RemapConfig.cc
@@ -375,26 +375,26 @@ struct remap_directive {
 
 static const remap_directive directives[] = {
 
-  {".definefilter", parse_define_directive},
-  {".deffilter", parse_define_directive},
-  {".defflt", parse_define_directive},
+  {".definefilter",     parse_define_directive    },
+  {".deffilter",        parse_define_directive    },
+  {".defflt",           parse_define_directive    },
 
-  {".deletefilter", parse_delete_directive},
-  {".delfilter", parse_delete_directive},
-  {".delflt", parse_delete_directive},
+  {".deletefilter",     parse_delete_directive    },
+  {".delfilter",        parse_delete_directive    },
+  {".delflt",           parse_delete_directive    },
 
-  {".usefilter", parse_activate_directive},
-  {".activefilter", parse_activate_directive},
-  {".activatefilter", parse_activate_directive},
-  {".useflt", parse_activate_directive},
+  {".usefilter",        parse_activate_directive  },
+  {".activefilter",     parse_activate_directive  },
+  {".activatefilter",   parse_activate_directive  },
+  {".useflt",           parse_activate_directive  },
 
-  {".unusefilter", parse_deactivate_directive},
+  {".unusefilter",      parse_deactivate_directive},
   {".deactivatefilter", parse_deactivate_directive},
-  {".unactivefilter", parse_deactivate_directive},
-  {".deuseflt", parse_deactivate_directive},
-  {".unuseflt", parse_deactivate_directive},
+  {".unactivefilter",   parse_deactivate_directive},
+  {".deuseflt",         parse_deactivate_directive},
+  {".unuseflt",         parse_deactivate_directive},
 
-  {".include", parse_include_directive},
+  {".include",          parse_include_directive   },
 };
 
 const char *
@@ -746,7 +746,7 @@ remap_load_plugin(const char **argv, int argc, url_mapping *mp, char *errbuf, in
   ink_assert((unsigned)argc < countof(new_argv));
 
   if (jump_to_argc != 0) {
-    argc -= jump_to_argc;
+    argc  -= jump_to_argc;
     int i = 0;
     while (argv[i + jump_to_argc]) {
       new_argv[i] = argv[i + jump_to_argc];
@@ -1078,7 +1078,7 @@ remap_parse_config_bti(const char *path, BUILD_TABLE_INFO *bti)
     //   the beginning of the string
     if ((tmp = (map_from_start = map_from)) != nullptr && length > 2 && tmp[length - 1] == '/' && tmp[length - 2] == '/') {
       new_mapping->unique = true;
-      length -= 2;
+      length              -= 2;
     }
 
     new_mapping->fromURL.create(nullptr);
diff --git a/proxy/http/remap/RemapConfig.h b/proxy/http/remap/RemapConfig.h
index 20c7d07c0ef..247e5e0c913 100644
--- a/proxy/http/remap/RemapConfig.h
+++ b/proxy/http/remap/RemapConfig.h
@@ -30,18 +30,18 @@ class UrlRewrite;
 #define BUILD_TABLE_MAX_ARGS 2048
 
 // Remap inline options
-#define REMAP_OPTFLG_MAP_WITH_REFERER 0x0001u /* "map_with_referer" option */
-#define REMAP_OPTFLG_PLUGIN 0x0002u           /* "plugin=" option (per remap plugin) */
-#define REMAP_OPTFLG_PPARAM 0x0004u           /* "pparam=" option (per remap plugin option) */
-#define REMAP_OPTFLG_METHOD 0x0008u           /* "method=" option (used for ACL filtering) */
-#define REMAP_OPTFLG_SRC_IP 0x0010u           /* "src_ip=" option (used for ACL filtering) */
-#define REMAP_OPTFLG_ACTION 0x0020u           /* "action=" option (used for ACL filtering) */
-#define REMAP_OPTFLG_INTERNAL 0x0040u         /* only allow internal requests to hit this remap */
-#define REMAP_OPTFLG_IN_IP 0x0080u            /* "in_ip=" option (used for ACL filtering)*/
-#define REMAP_OPTFLG_STRATEGY 0x0100u         /* "strategy=" the name of the nexthop selection strategy */
-#define REMAP_OPTFLG_MAP_ID 0x0800u           /* associate a map ID with this rule */
-#define REMAP_OPTFLG_INVERT 0x80000000u       /* "invert" the rule (for src_ip at least) */
-#define REMAP_OPTFLG_ALL_FILTERS (REMAP_OPTFLG_METHOD | REMAP_OPTFLG_SRC_IP | REMAP_OPTFLG_ACTION | REMAP_OPTFLG_INTERNAL)
+#define REMAP_OPTFLG_MAP_WITH_REFERER 0x0001u     /* "map_with_referer" option */
+#define REMAP_OPTFLG_PLUGIN           0x0002u     /* "plugin=" option (per remap plugin) */
+#define REMAP_OPTFLG_PPARAM           0x0004u     /* "pparam=" option (per remap plugin option) */
+#define REMAP_OPTFLG_METHOD           0x0008u     /* "method=" option (used for ACL filtering) */
+#define REMAP_OPTFLG_SRC_IP           0x0010u     /* "src_ip=" option (used for ACL filtering) */
+#define REMAP_OPTFLG_ACTION           0x0020u     /* "action=" option (used for ACL filtering) */
+#define REMAP_OPTFLG_INTERNAL         0x0040u     /* only allow internal requests to hit this remap */
+#define REMAP_OPTFLG_IN_IP            0x0080u     /* "in_ip=" option (used for ACL filtering)*/
+#define REMAP_OPTFLG_STRATEGY         0x0100u     /* "strategy=" the name of the nexthop selection strategy */
+#define REMAP_OPTFLG_MAP_ID           0x0800u     /* associate a map ID with this rule */
+#define REMAP_OPTFLG_INVERT           0x80000000u /* "invert" the rule (for src_ip at least) */
+#define REMAP_OPTFLG_ALL_FILTERS      (REMAP_OPTFLG_METHOD | REMAP_OPTFLG_SRC_IP | REMAP_OPTFLG_ACTION | REMAP_OPTFLG_INTERNAL)
 
 struct BUILD_TABLE_INFO {
   BUILD_TABLE_INFO();
@@ -62,7 +62,7 @@ struct BUILD_TABLE_INFO {
   void reset();
 
   // noncopyable
-  BUILD_TABLE_INFO(const BUILD_TABLE_INFO &) = delete;            // disabled
+  BUILD_TABLE_INFO(const BUILD_TABLE_INFO &)            = delete; // disabled
   BUILD_TABLE_INFO &operator=(const BUILD_TABLE_INFO &) = delete; // disabled
 };
 
diff --git a/proxy/http/remap/RemapPlugins.cc b/proxy/http/remap/RemapPlugins.cc
index 68ba8742ea3..3757d774cf0 100644
--- a/proxy/http/remap/RemapPlugins.cc
+++ b/proxy/http/remap/RemapPlugins.cc
@@ -87,7 +87,10 @@ RemapPlugins::run_single_remap()
   TSRemapStatus plugin_retcode = TSREMAP_NO_REMAP;
   bool zret                    = true; // default - last iteration.
   Debug("url_rewrite", "running single remap rule id %d for the %d%s time", map->map_id, _cur,
-        _cur == 1 ? "st" : _cur == 2 ? "nd" : _cur == 3 ? "rd" : "th");
+        _cur == 1 ? "st" :
+        _cur == 2 ? "nd" :
+        _cur == 3 ? "rd" :
+                    "th");
 
   if (0 == _cur) {
     Debug("url_rewrite", "setting the remapped url by copying from mapping rule");
diff --git a/proxy/http/remap/RemapProcessor.h b/proxy/http/remap/RemapProcessor.h
index e21aee5f697..5afb4e08dbd 100644
--- a/proxy/http/remap/RemapProcessor.h
+++ b/proxy/http/remap/RemapProcessor.h
@@ -31,8 +31,8 @@
 #include "RemapPluginInfo.h"
 #include "ReverseProxy.h"
 
-#define EVENT_REMAP_START (REMAP_EVENT_EVENTS_START + 0)
-#define EVENT_REMAP_ERROR (REMAP_EVENT_EVENTS_START + 1)
+#define EVENT_REMAP_START    (REMAP_EVENT_EVENTS_START + 0)
+#define EVENT_REMAP_ERROR    (REMAP_EVENT_EVENTS_START + 1)
 #define EVENT_REMAP_COMPLETE (REMAP_EVENT_EVENTS_START + 2)
 
 class RemapProcessor
diff --git a/proxy/http/remap/UrlMapping.h b/proxy/http/remap/UrlMapping.h
index bb25e36ad75..b864cae9b1f 100644
--- a/proxy/http/remap/UrlMapping.h
+++ b/proxy/http/remap/UrlMapping.h
@@ -218,7 +218,7 @@ class UrlMappingContainer
   }
 
   // noncopyable, non-assignable
-  UrlMappingContainer(const UrlMappingContainer &orig) = delete;
+  UrlMappingContainer(const UrlMappingContainer &orig)           = delete;
   UrlMappingContainer &operator=(const UrlMappingContainer &rhs) = delete;
 
 private:
diff --git a/proxy/http/remap/UrlRewrite.cc b/proxy/http/remap/UrlRewrite.cc
index 2fede9c16cc..00858e2058e 100644
--- a/proxy/http/remap/UrlRewrite.cc
+++ b/proxy/http/remap/UrlRewrite.cc
@@ -182,7 +182,10 @@ UrlRewrite::PrintStore(const MappingsStore &store) const
 
   if (!store.regex_list.empty()) {
     printf("    Regex mappings:\n");
-    forl_LL(RegexMapping, list_iter, store.regex_list) { list_iter->url_map->Print(); }
+    forl_LL(RegexMapping, list_iter, store.regex_list)
+    {
+      list_iter->url_map->Print();
+    }
   }
 }
 
@@ -352,10 +355,12 @@ UrlRewrite::ReverseMap(HTTPHdr *response_header)
   const struct {
     const char *const field;
     const int len;
-  } url_headers[N_URL_HEADERS] = {{MIME_FIELD_LOCATION, MIME_LEN_LOCATION},
-                                  {MIME_FIELD_CONTENT_LOCATION, MIME_LEN_CONTENT_LOCATION},
-                                  {"URI", 3},
-                                  {"Destination", 11}};
+  } url_headers[N_URL_HEADERS] = {
+    {MIME_FIELD_LOCATION,         MIME_LEN_LOCATION        },
+    {MIME_FIELD_CONTENT_LOCATION, MIME_LEN_CONTENT_LOCATION},
+    {"URI",                       3                        },
+    {"Destination",               11                       }
+  };
 
   if (unlikely(num_rules_reverse == 0)) {
     ink_assert(reverse_mappings.empty());
diff --git a/proxy/http/remap/UrlRewrite.h b/proxy/http/remap/UrlRewrite.h
index b413825add8..6a8b7953e22 100644
--- a/proxy/http/remap/UrlRewrite.h
+++ b/proxy/http/remap/UrlRewrite.h
@@ -34,8 +34,8 @@
 
 #include 
 
-#define URL_REMAP_FILTER_NONE 0x00000000
-#define URL_REMAP_FILTER_REFERER 0x00000001      /* enable "referer" header validation */
+#define URL_REMAP_FILTER_NONE         0x00000000
+#define URL_REMAP_FILTER_REFERER      0x00000001 /* enable "referer" header validation */
 #define URL_REMAP_FILTER_REDIRECT_FMT 0x00010000 /* enable redirect URL formatting */
 
 struct BUILD_TABLE_INFO;
diff --git a/proxy/http/remap/unit-tests/nexthop_test_stubs.h b/proxy/http/remap/unit-tests/nexthop_test_stubs.h
index 28df079b270..c6abe37b887 100644
--- a/proxy/http/remap/unit-tests/nexthop_test_stubs.h
+++ b/proxy/http/remap/unit-tests/nexthop_test_stubs.h
@@ -41,10 +41,10 @@ extern "C" {
 #endif /* __cplusplus */
 
 #define NH_Debug(tag, fmt, ...) PrintToStdErr("%s %s:%d:%s() " fmt "\n", tag, __FILE__, __LINE__, __func__, ##__VA_ARGS__)
-#define NH_Error(fmt, ...) PrintToStdErr("%s:%d:%s() " fmt "\n", __FILE__, __LINE__, __func__, ##__VA_ARGS__)
-#define NH_Note(fmt, ...) PrintToStdErr("%s:%d:%s() " fmt "\n", __FILE__, __LINE__, __func__, ##__VA_ARGS__)
-#define NH_Warn(fmt, ...) PrintToStdErr("%s:%d:%s() " fmt "\n", __FILE__, __LINE__, __func__, ##__VA_ARGS__)
-#define NH_GetConfig(v, n) GetConfigInteger(&v, n)
+#define NH_Error(fmt, ...)      PrintToStdErr("%s:%d:%s() " fmt "\n", __FILE__, __LINE__, __func__, ##__VA_ARGS__)
+#define NH_Note(fmt, ...)       PrintToStdErr("%s:%d:%s() " fmt "\n", __FILE__, __LINE__, __func__, ##__VA_ARGS__)
+#define NH_Warn(fmt, ...)       PrintToStdErr("%s:%d:%s() " fmt "\n", __FILE__, __LINE__, __func__, ##__VA_ARGS__)
+#define NH_GetConfig(v, n)      GetConfigInteger(&v, n)
 
 class HttpRequestData;
 
diff --git a/proxy/http/remap/unit-tests/plugin_testing_common.cc b/proxy/http/remap/unit-tests/plugin_testing_common.cc
index 6231d70c322..c586c1ad49c 100644
--- a/proxy/http/remap/unit-tests/plugin_testing_common.cc
+++ b/proxy/http/remap/unit-tests/plugin_testing_common.cc
@@ -43,7 +43,7 @@ getTemporaryDir()
 {
   std::error_code ec;
   fs::path tmpDir = fs::canonical(fs::temp_directory_path(), ec);
-  tmpDir /= "sandbox_XXXXXX";
+  tmpDir          /= "sandbox_XXXXXX";
 
   char dirNameTemplate[tmpDir.string().length() + 1];
   memcpy(dirNameTemplate, tmpDir.c_str(), sizeof(dirNameTemplate));
diff --git a/proxy/http/remap/unit-tests/test_RemapPlugin.cc b/proxy/http/remap/unit-tests/test_RemapPlugin.cc
index 45bf70734ab..0035eafdb30 100644
--- a/proxy/http/remap/unit-tests/test_RemapPlugin.cc
+++ b/proxy/http/remap/unit-tests/test_RemapPlugin.cc
@@ -378,7 +378,10 @@ SCENARIO("unloading the plugin", "[plugin][core]")
 
       plugin->done();
 
-      THEN("expect it to run") { CHECK(1 == debugObject->doneCalled); }
+      THEN("expect it to run")
+      {
+        CHECK(1 == debugObject->doneCalled);
+      }
       cleanupSandBox(plugin);
     }
   }
diff --git a/proxy/http/unit_tests/test_ForwardedConfig.cc b/proxy/http/unit_tests/test_ForwardedConfig.cc
index 02f2ff7b620..7168b227d43 100644
--- a/proxy/http/unit_tests/test_ForwardedConfig.cc
+++ b/proxy/http/unit_tests/test_ForwardedConfig.cc
@@ -73,11 +73,11 @@ class XS
     bool upper{true};
     for (; *in; ++in) {
       if (islower(*in)) {
-        s += upper ? toupper(*in) : *in;
+        s     += upper ? toupper(*in) : *in;
         upper = !upper;
 
       } else if (isupper(*in)) {
-        s += upper ? *in : tolower(*in);
+        s     += upper ? *in : tolower(*in);
         upper = !upper;
 
       } else {
diff --git a/proxy/http/unit_tests/test_error_page_selection.cc b/proxy/http/unit_tests/test_error_page_selection.cc
index 7656cbe6c51..edad4da03af 100644
--- a/proxy/http/unit_tests/test_error_page_selection.cc
+++ b/proxy/http/unit_tests/test_error_page_selection.cc
@@ -33,16 +33,18 @@ TEST_CASE("error page selection test", "[http]")
     const char *content_charset;
   };
 
-  std::array sets = {{{"default", "en", "iso-8859-1"},
-                                {"en-cockney", "en-cockney", "iso-8859-1"},
-                                {"en0", "en", "iso-8859-1"},
-                                {"en-us", "en-us", "us-ascii"},
-                                {"en1", "en", "unicode"},
-                                {"en-cockney-slang", "en-cockney-slang", "iso-8859-1"},
-                                {"ko0", "ko", "iso-8859-1"},
-                                {"ko1", "ko", "iso-2022-kr"},
-                                {"jp", "jp", "shift-jis"},
-                                {"es", "es", "unicode"}}};
+  std::array sets = {
+    {{"default", "en", "iso-8859-1"},
+     {"en-cockney", "en-cockney", "iso-8859-1"},
+     {"en0", "en", "iso-8859-1"},
+     {"en-us", "en-us", "us-ascii"},
+     {"en1", "en", "unicode"},
+     {"en-cockney-slang", "en-cockney-slang", "iso-8859-1"},
+     {"ko0", "ko", "iso-8859-1"},
+     {"ko1", "ko", "iso-2022-kr"},
+     {"jp", "jp", "shift-jis"},
+     {"es", "es", "unicode"}}
+  };
 
   struct Tests {
     const char *accept_language;
@@ -53,34 +55,36 @@ TEST_CASE("error page selection test", "[http]")
     int expected_I;
   };
 
-  std::array tests = {{
-    {nullptr, nullptr, "default", 1, 0, INT_MAX},
-    {"en", "iso-8859-1", "en0", 1, 2, 1},
-    {"en", "unicode", "en1", 1, 2, 1},
-    {"ko", "iso-8859-1", "ko0", 1, 2, 1},
-    {"ko", "iso-2022-kr", "ko1", 1, 2, 1},
-    {"en-us", nullptr, "en-us", 1, 5, 1},
-    {"en-US", nullptr, "en-us", 1, 5, 1},
-    {"jp,es", nullptr, "jp", 1, 2, 1},
-    {"es,jp", nullptr, "es", 1, 2, 1},
-    {"jp;q=0.7,es", nullptr, "es", 1, 2, 2},
-    {"jp;q=.7,es", nullptr, "es", 1, 2, 2},
-    {"jp;q=.7,es;q=.7", nullptr, "jp", 0.7, 2, 1},
-    {"jp;q=.7,es;q=.701", nullptr, "es", 0.701, 2, 2},
-    {"jp;q=.7  ,  es;q=.701", nullptr, "es", 0.701, 2, 2},
-    {"jp  ;  q=.7  ,  es  ;  ;  ;  ; q=.701", nullptr, "es", 0.701, 2, 2},
-    {"jp,es;q=.7", nullptr, "jp", 1, 2, 1},
-    {"jp;q=1,es;q=.7", nullptr, "jp", 1, 2, 1},
-    {"jp;;;q=1,es;q=.7", nullptr, "jp", 1, 2, 1},
-    {"jp;;;q=1,,,,es;q=.7", nullptr, "jp", 1, 2, 1},
-    {"jp;;;q=.7,,,,es;q=.7", nullptr, "jp", 0.7, 2, 1},
-    {"jp;;;q=.699,,,,es;q=.7", nullptr, "es", 0.7, 2, 5},
-    {"jp;q=0,es;q=1", nullptr, "es", 1, 2, 2},
-    {"jp;q=0, es;q=1", nullptr, "es", 1, 2, 2},
-    {"jp;q=0,es;q=.5", nullptr, "es", 0.5, 2, 2},
-    {"jp;q=0, es;q=.5", nullptr, "es", 0.5, 2, 2},
-    {"jp;q=000000000.00000000000000000000,es;q=1.0000000000000000000", nullptr, "es", 1, 2, 2},
-  }};
+  std::array tests = {
+    {
+     {nullptr, nullptr, "default", 1, 0, INT_MAX},
+     {"en", "iso-8859-1", "en0", 1, 2, 1},
+     {"en", "unicode", "en1", 1, 2, 1},
+     {"ko", "iso-8859-1", "ko0", 1, 2, 1},
+     {"ko", "iso-2022-kr", "ko1", 1, 2, 1},
+     {"en-us", nullptr, "en-us", 1, 5, 1},
+     {"en-US", nullptr, "en-us", 1, 5, 1},
+     {"jp,es", nullptr, "jp", 1, 2, 1},
+     {"es,jp", nullptr, "es", 1, 2, 1},
+     {"jp;q=0.7,es", nullptr, "es", 1, 2, 2},
+     {"jp;q=.7,es", nullptr, "es", 1, 2, 2},
+     {"jp;q=.7,es;q=.7", nullptr, "jp", 0.7, 2, 1},
+     {"jp;q=.7,es;q=.701", nullptr, "es", 0.701, 2, 2},
+     {"jp;q=.7  ,  es;q=.701", nullptr, "es", 0.701, 2, 2},
+     {"jp  ;  q=.7  ,  es  ;  ;  ;  ; q=.701", nullptr, "es", 0.701, 2, 2},
+     {"jp,es;q=.7", nullptr, "jp", 1, 2, 1},
+     {"jp;q=1,es;q=.7", nullptr, "jp", 1, 2, 1},
+     {"jp;;;q=1,es;q=.7", nullptr, "jp", 1, 2, 1},
+     {"jp;;;q=1,,,,es;q=.7", nullptr, "jp", 1, 2, 1},
+     {"jp;;;q=.7,,,,es;q=.7", nullptr, "jp", 0.7, 2, 1},
+     {"jp;;;q=.699,,,,es;q=.7", nullptr, "es", 0.7, 2, 5},
+     {"jp;q=0,es;q=1", nullptr, "es", 1, 2, 2},
+     {"jp;q=0, es;q=1", nullptr, "es", 1, 2, 2},
+     {"jp;q=0,es;q=.5", nullptr, "es", 0.5, 2, 2},
+     {"jp;q=0, es;q=.5", nullptr, "es", 0.5, 2, 2},
+     {"jp;q=000000000.00000000000000000000,es;q=1.0000000000000000000", nullptr, "es", 1, 2, 2},
+     }
+  };
 
   // (1) build fake hash table of sets
   std::unique_ptr table_of_sets;
diff --git a/proxy/http2/HPACK.cc b/proxy/http2/HPACK.cc
index 57c53fe8857..3b2edaef395 100644
--- a/proxy/http2/HPACK.cc
+++ b/proxy/http2/HPACK.cc
@@ -128,68 +128,70 @@ constexpr int HPACK_STATIC_TABLE_OFFSET[26] = {
   TS_HPACK_STATIC_TABLE_ENTRY_NUM,
 };
 
-constexpr HpackHeaderField STATIC_TABLE[] = {{"", ""},
-                                             {":authority", ""},
-                                             {":method", "GET"},
-                                             {":method", "POST"},
-                                             {":path", "/"},
-                                             {":path", "/index.html"},
-                                             {":scheme", "http"},
-                                             {":scheme", "https"},
-                                             {":status", "200"},
-                                             {":status", "204"},
-                                             {":status", "206"},
-                                             {":status", "304"},
-                                             {":status", "400"},
-                                             {":status", "404"},
-                                             {":status", "500"},
-                                             {"accept-charset", ""},
-                                             {"accept-encoding", "gzip, deflate"},
-                                             {"accept-language", ""},
-                                             {"accept-ranges", ""},
-                                             {"accept", ""},
-                                             {"access-control-allow-origin", ""},
-                                             {"age", ""},
-                                             {"allow", ""},
-                                             {"authorization", ""},
-                                             {"cache-control", ""},
-                                             {"content-disposition", ""},
-                                             {"content-encoding", ""},
-                                             {"content-language", ""},
-                                             {"content-length", ""},
-                                             {"content-location", ""},
-                                             {"content-range", ""},
-                                             {"content-type", ""},
-                                             {"cookie", ""},
-                                             {"date", ""},
-                                             {"etag", ""},
-                                             {"expect", ""},
-                                             {"expires", ""},
-                                             {"from", ""},
-                                             {"host", ""},
-                                             {"if-match", ""},
-                                             {"if-modified-since", ""},
-                                             {"if-none-match", ""},
-                                             {"if-range", ""},
-                                             {"if-unmodified-since", ""},
-                                             {"last-modified", ""},
-                                             {"link", ""},
-                                             {"location", ""},
-                                             {"max-forwards", ""},
-                                             {"proxy-authenticate", ""},
-                                             {"proxy-authorization", ""},
-                                             {"range", ""},
-                                             {"referer", ""},
-                                             {"refresh", ""},
-                                             {"retry-after", ""},
-                                             {"server", ""},
-                                             {"set-cookie", ""},
-                                             {"strict-transport-security", ""},
-                                             {"transfer-encoding", ""},
-                                             {"user-agent", ""},
-                                             {"vary", ""},
-                                             {"via", ""},
-                                             {"www-authenticate", ""}};
+constexpr HpackHeaderField STATIC_TABLE[] = {
+  {"",                            ""             },
+  {":authority",                  ""             },
+  {":method",                     "GET"          },
+  {":method",                     "POST"         },
+  {":path",                       "/"            },
+  {":path",                       "/index.html"  },
+  {":scheme",                     "http"         },
+  {":scheme",                     "https"        },
+  {":status",                     "200"          },
+  {":status",                     "204"          },
+  {":status",                     "206"          },
+  {":status",                     "304"          },
+  {":status",                     "400"          },
+  {":status",                     "404"          },
+  {":status",                     "500"          },
+  {"accept-charset",              ""             },
+  {"accept-encoding",             "gzip, deflate"},
+  {"accept-language",             ""             },
+  {"accept-ranges",               ""             },
+  {"accept",                      ""             },
+  {"access-control-allow-origin", ""             },
+  {"age",                         ""             },
+  {"allow",                       ""             },
+  {"authorization",               ""             },
+  {"cache-control",               ""             },
+  {"content-disposition",         ""             },
+  {"content-encoding",            ""             },
+  {"content-language",            ""             },
+  {"content-length",              ""             },
+  {"content-location",            ""             },
+  {"content-range",               ""             },
+  {"content-type",                ""             },
+  {"cookie",                      ""             },
+  {"date",                        ""             },
+  {"etag",                        ""             },
+  {"expect",                      ""             },
+  {"expires",                     ""             },
+  {"from",                        ""             },
+  {"host",                        ""             },
+  {"if-match",                    ""             },
+  {"if-modified-since",           ""             },
+  {"if-none-match",               ""             },
+  {"if-range",                    ""             },
+  {"if-unmodified-since",         ""             },
+  {"last-modified",               ""             },
+  {"link",                        ""             },
+  {"location",                    ""             },
+  {"max-forwards",                ""             },
+  {"proxy-authenticate",          ""             },
+  {"proxy-authorization",         ""             },
+  {"range",                       ""             },
+  {"referer",                     ""             },
+  {"refresh",                     ""             },
+  {"retry-after",                 ""             },
+  {"server",                      ""             },
+  {"set-cookie",                  ""             },
+  {"strict-transport-security",   ""             },
+  {"transfer-encoding",           ""             },
+  {"user-agent",                  ""             },
+  {"vary",                        ""             },
+  {"via",                         ""             },
+  {"www-authenticate",            ""             }
+};
 
 constexpr std::string_view HPACK_HDR_FIELD_COOKIE        = STATIC_TABLE[TS_HPACK_STATIC_TABLE_COOKIE].name;
 constexpr std::string_view HPACK_HDR_FIELD_AUTHORIZATION = STATIC_TABLE[TS_HPACK_STATIC_TABLE_AUTHORIZATION].name;
@@ -612,7 +614,7 @@ encode_indexed_header_field(uint8_t *buf_start, const uint8_t *buf_end, uint32_t
   }
 
   *p |= 0x80;
-  p += len;
+  p  += len;
 
   Debug("hpack_encode", "Encoded field: %d", index);
   return p - buf_start;
@@ -658,7 +660,7 @@ encode_literal_header_field_with_indexed_name(uint8_t *buf_start, const uint8_t
     return -1;
   }
   *p |= flag;
-  p += len;
+  p  += len;
 
   // Value String
   len = xpack_encode_string(p, buf_end, header.value.data(), header.value.size());
@@ -913,7 +915,7 @@ hpack_decode_header_block(HpackIndexingTable &indexing_table, HTTPHdr *hdr, cons
       if (read_bytes == HPACK_ERROR_COMPRESSION_ERROR) {
         return HPACK_ERROR_COMPRESSION_ERROR;
       }
-      cursor += read_bytes;
+      cursor               += read_bytes;
       header_field_started = true;
       break;
     case HpackField::INDEXED_LITERAL:
@@ -927,7 +929,7 @@ hpack_decode_header_block(HpackIndexingTable &indexing_table, HTTPHdr *hdr, cons
         has_http2_violation = true;
         read_bytes          = -read_bytes;
       }
-      cursor += read_bytes;
+      cursor               += read_bytes;
       header_field_started = true;
       break;
     case HpackField::TABLESIZE_UPDATE:
diff --git a/proxy/http2/HPACK.h b/proxy/http2/HPACK.h
index 8c538efa6cb..f5413cfa2e7 100644
--- a/proxy/http2/HPACK.h
+++ b/proxy/http2/HPACK.h
@@ -115,7 +115,7 @@ class HpackDynamicTable
   ~HpackDynamicTable();
 
   // noncopyable
-  HpackDynamicTable(HpackDynamicTable &) = delete;
+  HpackDynamicTable(HpackDynamicTable &)                  = delete;
   HpackDynamicTable &operator=(const HpackDynamicTable &) = delete;
 
   const MIMEField *get_header_field(uint32_t index) const;
@@ -148,7 +148,7 @@ class HpackIndexingTable
   ~HpackIndexingTable() {}
 
   // noncopyable
-  HpackIndexingTable(HpackIndexingTable &) = delete;
+  HpackIndexingTable(HpackIndexingTable &)                  = delete;
   HpackIndexingTable &operator=(const HpackIndexingTable &) = delete;
 
   HpackLookupResult lookup(const HpackHeaderField &header) const;
diff --git a/proxy/http2/HTTP2.cc b/proxy/http2/HTTP2.cc
index 65622a8189d..e3a5a1b806d 100644
--- a/proxy/http2/HTTP2.cc
+++ b/proxy/http2/HTTP2.cc
@@ -49,11 +49,16 @@ static VersionConverter hvc;
 // Statistics
 RecRawStatBlock *http2_rsb;
 static const char *const HTTP2_STAT_CURRENT_CLIENT_CONNECTION_NAME        = "proxy.process.http2.current_client_connections";
+static const char *const HTTP2_STAT_CURRENT_SERVER_CONNECTION_NAME        = "proxy.process.http2.current_server_connections";
 static const char *const HTTP2_STAT_CURRENT_ACTIVE_CLIENT_CONNECTION_NAME = "proxy.process.http2.current_active_client_connections";
+static const char *const HTTP2_STAT_CURRENT_ACTIVE_SERVER_CONNECTION_NAME = "proxy.process.http2.current_active_server_connections";
 static const char *const HTTP2_STAT_CURRENT_CLIENT_STREAM_NAME            = "proxy.process.http2.current_client_streams";
+static const char *const HTTP2_STAT_CURRENT_SERVER_STREAM_NAME            = "proxy.process.http2.current_server_streams";
 static const char *const HTTP2_STAT_TOTAL_CLIENT_STREAM_NAME              = "proxy.process.http2.total_client_streams";
+static const char *const HTTP2_STAT_TOTAL_SERVER_STREAM_NAME              = "proxy.process.http2.total_server_streams";
 static const char *const HTTP2_STAT_TOTAL_TRANSACTIONS_TIME_NAME          = "proxy.process.http2.total_transactions_time";
 static const char *const HTTP2_STAT_TOTAL_CLIENT_CONNECTION_NAME          = "proxy.process.http2.total_client_connections";
+static const char *const HTTP2_STAT_TOTAL_SERVER_CONNECTION_NAME          = "proxy.process.http2.total_server_connections";
 static const char *const HTTP2_STAT_CONNECTION_ERRORS_NAME                = "proxy.process.http2.connection_errors";
 static const char *const HTTP2_STAT_STREAM_ERRORS_NAME                    = "proxy.process.http2.stream_errors";
 static const char *const HTTP2_STAT_SESSION_DIE_DEFAULT_NAME              = "proxy.process.http2.session_die_default";
@@ -216,10 +221,10 @@ http2_parse_frame_header(IOVec iov, Http2FrameHeader &hdr)
   memcpy_and_advance(hdr.flags, ptr);
   memcpy_and_advance(streamid.bytes, ptr);
 
-  hdr.length = ntohl(length_and_type.value) >> 8;
-  hdr.type   = ntohl(length_and_type.value) & 0xff;
+  hdr.length        = ntohl(length_and_type.value) >> 8;
+  hdr.type          = ntohl(length_and_type.value) & 0xff;
   streamid.bytes[0] &= 0x7f; // Clear the high reserved bit
-  hdr.streamid = ntohl(streamid.value);
+  hdr.streamid      = ntohl(streamid.value);
 
   return true;
 }
@@ -339,7 +344,7 @@ http2_parse_priority_parameter(IOVec iov, Http2Priority &priority)
 
   priority.exclusive_flag = dependency.bytes[0] & 0x80;
 
-  dependency.bytes[0] &= 0x7f; // Clear the highest bit for exclusive flag
+  dependency.bytes[0]        &= 0x7f; // Clear the highest bit for exclusive flag
   priority.stream_dependency = ntohl(dependency.value);
 
   memcpy_and_advance(priority.weight, ptr);
@@ -463,14 +468,13 @@ http2_encode_header_blocks(HTTPHdr *in, uint8_t *out, uint32_t out_len, uint32_t
  */
 Http2ErrorCode
 http2_decode_header_blocks(HTTPHdr *hdr, const uint8_t *buf_start, const uint32_t buf_len, uint32_t *len_read, HpackHandle &handle,
-                           bool &trailing_header, uint32_t maximum_table_size)
+                           bool is_trailing_header, uint32_t maximum_table_size, bool is_outbound)
 {
-  const MIMEField *field  = nullptr;
-  const char *name        = nullptr;
-  int name_len            = 0;
-  const char *value       = nullptr;
-  int value_len           = 0;
-  bool is_trailing_header = trailing_header;
+  const MIMEField *field = nullptr;
+  const char *name       = nullptr;
+  int name_len           = 0;
+  const char *value      = nullptr;
+  int value_len          = 0;
   int64_t result = hpack_decode_header_block(handle, hdr, buf_start, buf_len, Http2::max_header_list_size, maximum_table_size);
 
   if (result < 0) {
@@ -487,7 +491,7 @@ http2_decode_header_blocks(HTTPHdr *hdr, const uint8_t *buf_start, const uint32_
   }
 
   MIMEFieldIter iter;
-  unsigned int expected_pseudo_header_count = 4;
+  unsigned int expected_pseudo_header_count = is_outbound ? 1 : 4;
   unsigned int pseudo_header_count          = 0;
 
   if (is_trailing_header) {
@@ -515,7 +519,6 @@ http2_decode_header_blocks(HTTPHdr *hdr, const uint8_t *buf_start, const uint32_
   if (hdr->field_find(MIME_FIELD_CONNECTION, MIME_LEN_CONNECTION) != nullptr ||
       hdr->field_find(MIME_FIELD_KEEP_ALIVE, MIME_LEN_KEEP_ALIVE) != nullptr ||
       hdr->field_find(MIME_FIELD_PROXY_CONNECTION, MIME_LEN_PROXY_CONNECTION) != nullptr ||
-      hdr->field_find(MIME_FIELD_TRANSFER_ENCODING, MIME_LEN_TRANSFER_ENCODING) != nullptr ||
       hdr->field_find(MIME_FIELD_UPGRADE, MIME_LEN_UPGRADE) != nullptr) {
     return Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR;
   }
@@ -529,13 +532,6 @@ http2_decode_header_blocks(HTTPHdr *hdr, const uint8_t *buf_start, const uint32_
     }
   }
 
-  // turn on that we have a trailer header
-  const char trailer_name[] = "trailer";
-  field                     = hdr->field_find(trailer_name, sizeof(trailer_name) - 1);
-  if (field) {
-    trailing_header = true;
-  }
-
   // when The TE header field is received, it MUST NOT contain any
   // value other than "trailers".
   field = hdr->field_find(MIME_FIELD_TE, MIME_LEN_TE);
@@ -548,18 +544,29 @@ http2_decode_header_blocks(HTTPHdr *hdr, const uint8_t *buf_start, const uint32_
 
   if (!is_trailing_header) {
     // Check pseudo headers
-    if (hdr->fields_count() >= 4) {
-      if (hdr->field_find(PSEUDO_HEADER_SCHEME.data(), PSEUDO_HEADER_SCHEME.size()) == nullptr ||
-          hdr->field_find(PSEUDO_HEADER_METHOD.data(), PSEUDO_HEADER_METHOD.size()) == nullptr ||
-          hdr->field_find(PSEUDO_HEADER_PATH.data(), PSEUDO_HEADER_PATH.size()) == nullptr ||
-          hdr->field_find(PSEUDO_HEADER_AUTHORITY.data(), PSEUDO_HEADER_AUTHORITY.size()) == nullptr ||
-          hdr->field_find(PSEUDO_HEADER_STATUS.data(), PSEUDO_HEADER_STATUS.size()) != nullptr) {
-        // Decoded header field is invalid
+    if (is_outbound) {
+      if (hdr->fields_count() >= 1) {
+        if (hdr->field_find(PSEUDO_HEADER_STATUS.data(), PSEUDO_HEADER_STATUS.size()) == nullptr) {
+          return Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR;
+        }
+      } else {
+        // There should at least be :status pseudo header.
         return Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR;
       }
     } else {
-      // Pseudo headers is insufficient
-      return Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR;
+      if (hdr->fields_count() >= 4) {
+        if (hdr->field_find(PSEUDO_HEADER_SCHEME.data(), PSEUDO_HEADER_SCHEME.size()) == nullptr ||
+            hdr->field_find(PSEUDO_HEADER_METHOD.data(), PSEUDO_HEADER_METHOD.size()) == nullptr ||
+            hdr->field_find(PSEUDO_HEADER_PATH.data(), PSEUDO_HEADER_PATH.size()) == nullptr ||
+            hdr->field_find(PSEUDO_HEADER_AUTHORITY.data(), PSEUDO_HEADER_AUTHORITY.size()) == nullptr ||
+            hdr->field_find(PSEUDO_HEADER_STATUS.data(), PSEUDO_HEADER_STATUS.size()) != nullptr) {
+          // Decoded header field is invalid
+          return Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR;
+        }
+      } else {
+        // Pseudo headers is insufficient
+        return Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR;
+      }
     }
   }
 
@@ -582,31 +589,42 @@ uint32_t Http2::no_activity_timeout_in               = 120;
 uint32_t Http2::active_timeout_in                    = 0;
 uint32_t Http2::push_diary_size                      = 256;
 uint32_t Http2::zombie_timeout_in                    = 0;
-float Http2::stream_error_rate_threshold             = 0.1;
-uint32_t Http2::stream_error_sampling_threshold      = 10;
-uint32_t Http2::max_settings_per_frame               = 7;
-uint32_t Http2::max_settings_per_minute              = 14;
-uint32_t Http2::max_settings_frames_per_minute       = 14;
-uint32_t Http2::max_ping_frames_per_minute           = 60;
-uint32_t Http2::max_priority_frames_per_minute       = 120;
-float Http2::min_avg_window_update                   = 2560.0;
-uint32_t Http2::con_slow_log_threshold               = 0;
-uint32_t Http2::stream_slow_log_threshold            = 0;
-uint32_t Http2::header_table_size_limit              = 65536;
-uint32_t Http2::write_buffer_block_size              = 262144;
-float Http2::write_size_threshold                    = 0.5;
-uint32_t Http2::write_time_threshold                 = 100;
-uint32_t Http2::buffer_water_mark                    = 0;
+
+uint32_t Http2::max_concurrent_streams_out            = 100;
+uint32_t Http2::min_concurrent_streams_out            = 10;
+uint32_t Http2::max_active_streams_out                = 0;
+uint32_t Http2::initial_window_size_out               = 65535;
+Http2FlowControlPolicy Http2::flow_control_policy_out = Http2FlowControlPolicy::STATIC_SESSION_AND_STATIC_STREAM;
+uint32_t Http2::no_activity_timeout_out               = 120;
+
+float Http2::stream_error_rate_threshold        = 0.1;
+uint32_t Http2::stream_error_sampling_threshold = 10;
+uint32_t Http2::max_settings_per_frame          = 7;
+uint32_t Http2::max_settings_per_minute         = 14;
+uint32_t Http2::max_settings_frames_per_minute  = 14;
+uint32_t Http2::max_ping_frames_per_minute      = 60;
+uint32_t Http2::max_priority_frames_per_minute  = 120;
+float Http2::min_avg_window_update              = 2560.0;
+uint32_t Http2::con_slow_log_threshold          = 0;
+uint32_t Http2::stream_slow_log_threshold       = 0;
+uint32_t Http2::header_table_size_limit         = 65536;
+uint32_t Http2::write_buffer_block_size         = 262144;
+float Http2::write_size_threshold               = 0.5;
+uint32_t Http2::write_time_threshold            = 100;
+uint32_t Http2::buffer_water_mark               = 0;
 
 void
 Http2::init()
 {
   REC_EstablishStaticConfigInt32U(max_concurrent_streams_in, "proxy.config.http2.max_concurrent_streams_in");
   REC_EstablishStaticConfigInt32U(min_concurrent_streams_in, "proxy.config.http2.min_concurrent_streams_in");
+  REC_EstablishStaticConfigInt32U(max_concurrent_streams_out, "proxy.config.http2.max_concurrent_streams_out");
+  REC_EstablishStaticConfigInt32U(min_concurrent_streams_out, "proxy.config.http2.min_concurrent_streams_out");
+
   REC_EstablishStaticConfigInt32U(max_active_streams_in, "proxy.config.http2.max_active_streams_in");
   REC_EstablishStaticConfigInt32U(stream_priority_enabled, "proxy.config.http2.stream_priority_enabled");
-  REC_EstablishStaticConfigInt32U(initial_window_size_in, "proxy.config.http2.initial_window_size_in");
 
+  REC_EstablishStaticConfigInt32U(initial_window_size_in, "proxy.config.http2.initial_window_size_in");
   uint32_t flow_control_policy_in_int = 0;
   REC_EstablishStaticConfigInt32U(flow_control_policy_in_int, "proxy.config.http2.flow_control.policy_in");
   if (flow_control_policy_in_int > 2) {
@@ -615,11 +633,21 @@ Http2::init()
   }
   flow_control_policy_in = static_cast(flow_control_policy_in_int);
 
+  REC_EstablishStaticConfigInt32U(initial_window_size_out, "proxy.config.http2.initial_window_size_out");
+  uint32_t flow_control_policy_out_int = 0;
+  REC_EstablishStaticConfigInt32U(flow_control_policy_out_int, "proxy.config.http2.flow_control.policy_out");
+  if (flow_control_policy_out_int > 2) {
+    Error("Invalid value for proxy.config.http2.flow_control.policy_out: %d", flow_control_policy_out_int);
+    flow_control_policy_out_int = 0;
+  }
+  flow_control_policy_out = static_cast(flow_control_policy_out_int);
+
   REC_EstablishStaticConfigInt32U(max_frame_size, "proxy.config.http2.max_frame_size");
   REC_EstablishStaticConfigInt32U(header_table_size, "proxy.config.http2.header_table_size");
   REC_EstablishStaticConfigInt32U(max_header_list_size, "proxy.config.http2.max_header_list_size");
   REC_EstablishStaticConfigInt32U(accept_no_activity_timeout, "proxy.config.http2.accept_no_activity_timeout");
   REC_EstablishStaticConfigInt32U(no_activity_timeout_in, "proxy.config.http2.no_activity_timeout_in");
+  REC_EstablishStaticConfigInt32U(no_activity_timeout_out, "proxy.config.http2.no_activity_timeout_out");
   REC_EstablishStaticConfigInt32U(active_timeout_in, "proxy.config.http2.active_timeout_in");
   REC_EstablishStaticConfigInt32U(push_diary_size, "proxy.config.http2.push_diary_size");
   REC_EstablishStaticConfigInt32U(zombie_timeout_in, "proxy.config.http2.zombie_debug_timeout_in");
@@ -642,6 +670,8 @@ Http2::init()
   // If any settings is broken, ATS should not start
   ink_release_assert(http2_settings_parameter_is_valid({HTTP2_SETTINGS_MAX_CONCURRENT_STREAMS, max_concurrent_streams_in}));
   ink_release_assert(http2_settings_parameter_is_valid({HTTP2_SETTINGS_MAX_CONCURRENT_STREAMS, min_concurrent_streams_in}));
+  ink_release_assert(http2_settings_parameter_is_valid({HTTP2_SETTINGS_MAX_CONCURRENT_STREAMS, max_concurrent_streams_out}));
+  ink_release_assert(http2_settings_parameter_is_valid({HTTP2_SETTINGS_MAX_CONCURRENT_STREAMS, min_concurrent_streams_out}));
   ink_release_assert(http2_settings_parameter_is_valid({HTTP2_SETTINGS_INITIAL_WINDOW_SIZE, initial_window_size_in}));
   ink_release_assert(http2_settings_parameter_is_valid({HTTP2_SETTINGS_MAX_FRAME_SIZE, max_frame_size}));
   ink_release_assert(http2_settings_parameter_is_valid({HTTP2_SETTINGS_HEADER_TABLE_SIZE, header_table_size}));
@@ -658,18 +688,31 @@ Http2::init()
   RecRegisterRawStat(http2_rsb, RECT_PROCESS, HTTP2_STAT_CURRENT_CLIENT_CONNECTION_NAME, RECD_INT, RECP_NON_PERSISTENT,
                      static_cast(HTTP2_STAT_CURRENT_CLIENT_SESSION_COUNT), RecRawStatSyncSum);
   HTTP2_CLEAR_DYN_STAT(HTTP2_STAT_CURRENT_CLIENT_SESSION_COUNT);
+  RecRegisterRawStat(http2_rsb, RECT_PROCESS, HTTP2_STAT_CURRENT_SERVER_CONNECTION_NAME, RECD_INT, RECP_NON_PERSISTENT,
+                     static_cast(HTTP2_STAT_CURRENT_SERVER_SESSION_COUNT), RecRawStatSyncSum);
+  HTTP2_CLEAR_DYN_STAT(HTTP2_STAT_CURRENT_SERVER_SESSION_COUNT);
   RecRegisterRawStat(http2_rsb, RECT_PROCESS, HTTP2_STAT_CURRENT_ACTIVE_CLIENT_CONNECTION_NAME, RECD_INT, RECP_NON_PERSISTENT,
                      static_cast(HTTP2_STAT_CURRENT_ACTIVE_CLIENT_CONNECTION_COUNT), RecRawStatSyncSum);
   HTTP2_CLEAR_DYN_STAT(HTTP2_STAT_CURRENT_ACTIVE_CLIENT_CONNECTION_COUNT);
+  RecRegisterRawStat(http2_rsb, RECT_PROCESS, HTTP2_STAT_CURRENT_ACTIVE_SERVER_CONNECTION_NAME, RECD_INT, RECP_NON_PERSISTENT,
+                     static_cast(HTTP2_STAT_CURRENT_ACTIVE_SERVER_CONNECTION_COUNT), RecRawStatSyncSum);
+  HTTP2_CLEAR_DYN_STAT(HTTP2_STAT_CURRENT_ACTIVE_SERVER_CONNECTION_COUNT);
   RecRegisterRawStat(http2_rsb, RECT_PROCESS, HTTP2_STAT_CURRENT_CLIENT_STREAM_NAME, RECD_INT, RECP_NON_PERSISTENT,
                      static_cast(HTTP2_STAT_CURRENT_CLIENT_STREAM_COUNT), RecRawStatSyncSum);
   HTTP2_CLEAR_DYN_STAT(HTTP2_STAT_CURRENT_CLIENT_STREAM_COUNT);
+  RecRegisterRawStat(http2_rsb, RECT_PROCESS, HTTP2_STAT_CURRENT_SERVER_STREAM_NAME, RECD_INT, RECP_NON_PERSISTENT,
+                     static_cast(HTTP2_STAT_CURRENT_SERVER_STREAM_COUNT), RecRawStatSyncSum);
+  HTTP2_CLEAR_DYN_STAT(HTTP2_STAT_CURRENT_SERVER_STREAM_COUNT);
   RecRegisterRawStat(http2_rsb, RECT_PROCESS, HTTP2_STAT_TOTAL_CLIENT_STREAM_NAME, RECD_INT, RECP_PERSISTENT,
                      static_cast(HTTP2_STAT_TOTAL_CLIENT_STREAM_COUNT), RecRawStatSyncCount);
+  RecRegisterRawStat(http2_rsb, RECT_PROCESS, HTTP2_STAT_TOTAL_SERVER_STREAM_NAME, RECD_INT, RECP_PERSISTENT,
+                     static_cast(HTTP2_STAT_TOTAL_SERVER_STREAM_COUNT), RecRawStatSyncCount);
   RecRegisterRawStat(http2_rsb, RECT_PROCESS, HTTP2_STAT_TOTAL_TRANSACTIONS_TIME_NAME, RECD_INT, RECP_PERSISTENT,
                      static_cast(HTTP2_STAT_TOTAL_TRANSACTIONS_TIME), RecRawStatSyncSum);
   RecRegisterRawStat(http2_rsb, RECT_PROCESS, HTTP2_STAT_TOTAL_CLIENT_CONNECTION_NAME, RECD_INT, RECP_PERSISTENT,
                      static_cast(HTTP2_STAT_TOTAL_CLIENT_CONNECTION_COUNT), RecRawStatSyncSum);
+  RecRegisterRawStat(http2_rsb, RECT_PROCESS, HTTP2_STAT_TOTAL_SERVER_CONNECTION_NAME, RECD_INT, RECP_PERSISTENT,
+                     static_cast(HTTP2_STAT_TOTAL_SERVER_CONNECTION_COUNT), RecRawStatSyncSum);
   RecRegisterRawStat(http2_rsb, RECT_PROCESS, HTTP2_STAT_CONNECTION_ERRORS_NAME, RECD_INT, RECP_PERSISTENT,
                      static_cast(HTTP2_STAT_CONNECTION_ERRORS_COUNT), RecRawStatSyncSum);
   RecRegisterRawStat(http2_rsb, RECT_PROCESS, HTTP2_STAT_STREAM_ERRORS_NAME, RECD_INT, RECP_PERSISTENT,
diff --git a/proxy/http2/HTTP2.h b/proxy/http2/HTTP2.h
index d55e3804c7b..7c092adb51b 100644
--- a/proxy/http2/HTTP2.h
+++ b/proxy/http2/HTTP2.h
@@ -73,12 +73,17 @@ const uint8_t HTTP2_PRIORITY_DEFAULT_WEIGHT             = 15;
 
 // Statistics
 enum {
-  HTTP2_STAT_CURRENT_CLIENT_SESSION_COUNT,           // Current # of HTTP2 connections
-  HTTP2_STAT_CURRENT_ACTIVE_CLIENT_CONNECTION_COUNT, // Current # of active HTTP2 connections
-  HTTP2_STAT_CURRENT_CLIENT_STREAM_COUNT,            // Current # of active HTTP2 streams
+  HTTP2_STAT_CURRENT_CLIENT_SESSION_COUNT,           // Current # of inbound HTTP2 connections
+  HTTP2_STAT_CURRENT_SERVER_SESSION_COUNT,           // Current # of outbound HTTP2 connections
+  HTTP2_STAT_CURRENT_ACTIVE_CLIENT_CONNECTION_COUNT, // Current # of active inbound HTTP2 connections
+  HTTP2_STAT_CURRENT_ACTIVE_SERVER_CONNECTION_COUNT, // Current # of active outbound HTTP2 connections
+  HTTP2_STAT_CURRENT_CLIENT_STREAM_COUNT,            // Current # of active inbound HTTP2 streams
+  HTTP2_STAT_CURRENT_SERVER_STREAM_COUNT,            // Current # of active outboundHTTP2 streams
   HTTP2_STAT_TOTAL_CLIENT_STREAM_COUNT,
+  HTTP2_STAT_TOTAL_SERVER_STREAM_COUNT,
   HTTP2_STAT_TOTAL_TRANSACTIONS_TIME,       // Total stream time and streams
-  HTTP2_STAT_TOTAL_CLIENT_CONNECTION_COUNT, // Total connections running http2
+  HTTP2_STAT_TOTAL_CLIENT_CONNECTION_COUNT, // Total inbound connections running http2
+  HTTP2_STAT_TOTAL_SERVER_CONNECTION_COUNT, // Total outbound connections running http2
   HTTP2_STAT_STREAM_ERRORS_COUNT,
   HTTP2_STAT_CONNECTION_ERRORS_COUNT,
   HTTP2_STAT_SESSION_DIE_DEFAULT,
@@ -102,7 +107,7 @@ enum {
 
 #define HTTP2_INCREMENT_THREAD_DYN_STAT(_s, _t) RecIncrRawStat(http2_rsb, _t, (int)_s, 1);
 #define HTTP2_DECREMENT_THREAD_DYN_STAT(_s, _t) RecIncrRawStat(http2_rsb, _t, (int)_s, -1);
-#define HTTP2_SUM_THREAD_DYN_STAT(_s, _t, _v) RecIncrRawStat(http2_rsb, _t, (int)_s, _v);
+#define HTTP2_SUM_THREAD_DYN_STAT(_s, _t, _v)   RecIncrRawStat(http2_rsb, _t, (int)_s, _v);
 extern RecRawStatBlock *http2_rsb; // Container for statistics.
 
 // [RFC 7540] 6.9.1. The Flow Control Window
@@ -236,8 +241,7 @@ enum Http2SettingsIdentifier {
   HTTP2_SETTINGS_INITIAL_WINDOW_SIZE    = 4,
   HTTP2_SETTINGS_MAX_FRAME_SIZE         = 5,
   HTTP2_SETTINGS_MAX_HEADER_LIST_SIZE   = 6,
-
-  HTTP2_SETTINGS_MAX
+  HTTP2_SETTINGS_MAX, // Really just the max of the "densely numbered" core id's
 };
 
 // [RFC 7540] 4.1. Frame Format
@@ -353,7 +357,8 @@ bool http2_parse_goaway(IOVec, Http2Goaway &);
 
 bool http2_parse_window_update(IOVec, uint32_t &);
 
-Http2ErrorCode http2_decode_header_blocks(HTTPHdr *, const uint8_t *, const uint32_t, uint32_t *, HpackHandle &, bool &, uint32_t);
+Http2ErrorCode http2_decode_header_blocks(HTTPHdr *, const uint8_t *, const uint32_t, uint32_t *, HpackHandle &, bool, uint32_t,
+                                          bool is_outbound = false);
 
 Http2ErrorCode http2_encode_header_blocks(HTTPHdr *, uint8_t *, uint32_t, uint32_t *, HpackHandle &, int32_t);
 
@@ -393,6 +398,14 @@ class Http2
   static uint32_t active_timeout_in;
   static uint32_t push_diary_size;
   static uint32_t zombie_timeout_in;
+
+  static uint32_t max_concurrent_streams_out;
+  static uint32_t min_concurrent_streams_out;
+  static uint32_t max_active_streams_out;
+  static uint32_t no_activity_timeout_out;
+  static uint32_t initial_window_size_out;
+  static Http2FlowControlPolicy flow_control_policy_out;
+
   static float stream_error_rate_threshold;
   static uint32_t stream_error_sampling_threshold;
   static uint32_t max_settings_per_frame;
diff --git a/proxy/http2/Http2ClientSession.cc b/proxy/http2/Http2ClientSession.cc
index 897e7a545db..42300aa2a68 100644
--- a/proxy/http2/Http2ClientSession.cc
+++ b/proxy/http2/Http2ClientSession.cc
@@ -46,6 +46,10 @@ Http2ClientSession::destroy()
     in_destroy = true;
     REMEMBER(NO_EVENT, this->recursion)
     Http2SsnDebug("session destroy");
+    if (_vc) {
+      _vc->do_io_close();
+      _vc = nullptr;
+    }
     // Let everyone know we are going down
     do_api_callout(TS_HTTP_SSN_CLOSE_HOOK);
   }
@@ -54,14 +58,10 @@ Http2ClientSession::destroy()
 void
 Http2ClientSession::free()
 {
-  if (_vc) {
-    _vc->do_io_close();
-    _vc = nullptr;
-  }
   auto mutex_thread = this->mutex->thread_holding;
   if (Http2CommonSession::common_free(this)) {
     HTTP2_DECREMENT_THREAD_DYN_STAT(HTTP2_STAT_CURRENT_CLIENT_SESSION_COUNT, mutex_thread);
-    THREAD_FREE(this, http2ClientSessionAllocator, this_ethread());
+    THREAD_FREE(this, http2ClientSessionAllocator, mutex_thread);
   }
 }
 
@@ -98,7 +98,6 @@ Http2ClientSession::new_connection(NetVConnection *new_vc, MIOBuffer *iobuf, IOB
   _vc->set_inactivity_timeout(HRTIME_SECONDS(Http2::accept_no_activity_timeout));
   this->schedule_event = nullptr;
   this->mutex          = new_vc->mutex;
-  this->in_destroy     = false;
 
   this->connection_state.mutex = this->mutex;
 
@@ -145,17 +144,20 @@ void
 Http2ClientSession::do_io_close(int alerrno)
 {
   REMEMBER(NO_EVENT, this->recursion)
-  Http2SsnDebug("session closed");
 
-  ink_assert(this->mutex->thread_holding == this_ethread());
-  send_connection_event(&this->connection_state, HTTP2_SESSION_EVENT_FINI, this);
+  if (!this->connection_state.is_state_closed()) {
+    Http2SsnDebug("session closed");
 
-  this->connection_state.release_stream();
+    ink_assert(this->mutex->thread_holding == this_ethread());
+    send_connection_event(&this->connection_state, HTTP2_SESSION_EVENT_FINI, this);
 
-  this->clear_session_active();
+    this->connection_state.release_stream();
 
-  // Clean up the write VIO in case of inactivity timeout
-  this->do_io_write(this, 0, nullptr);
+    this->clear_session_active();
+
+    // Clean up the write VIO in case of inactivity timeout
+    this->do_io_write(this, 0, nullptr);
+  }
 }
 
 int
@@ -163,6 +165,7 @@ Http2ClientSession::main_event_handler(int event, void *edata)
 {
   ink_assert(this->mutex->thread_holding == this_ethread());
   int retval;
+  bool set_closed = false;
 
   recursion++;
 
@@ -196,7 +199,8 @@ Http2ClientSession::main_event_handler(int event, void *edata)
     Http2SsnDebug("Closing event %d", event);
     this->set_dying_event(event);
     this->do_io_close();
-    retval = 0;
+    retval     = 0;
+    set_closed = true;
     break;
 
   case VC_EVENT_WRITE_READY:
@@ -238,7 +242,7 @@ Http2ClientSession::main_event_handler(int event, void *edata)
     }
   }
 
-  if (this->connection_state.get_shutdown_state() == HTTP2_SHUTDOWN_NOT_INITIATED) {
+  if (!set_closed && this->connection_state.get_shutdown_state() == HTTP2_SHUTDOWN_NOT_INITIATED) {
     send_connection_event(&this->connection_state, HTTP2_SESSION_EVENT_SHUTDOWN_INIT, this);
   }
 
@@ -279,17 +283,17 @@ Http2ClientSession::get_transact_count() const
   return connection_state.get_stream_requests();
 }
 
-void
-Http2ClientSession::release(ProxyTransaction *trans)
-{
-}
-
 const char *
 Http2ClientSession::get_protocol_string() const
 {
   return "http/2";
 }
 
+void
+Http2ClientSession::release(ProxyTransaction *trans)
+{
+}
+
 int
 Http2ClientSession::populate_protocol(std::string_view *result, int size) const
 {
@@ -322,6 +326,15 @@ Http2ClientSession::get_proxy_session()
   return this;
 }
 
+void
+Http2ClientSession::set_no_activity_timeout()
+{
+  // Only set if not previously set
+  if (this->_vc->get_inactivity_timeout() == 0) {
+    this->set_inactivity_timeout(HRTIME_SECONDS(Http2::no_activity_timeout_in));
+  }
+}
+
 HTTPVersion
 Http2ClientSession::get_version(HTTPHdr &hdr) const
 {
diff --git a/proxy/http2/Http2ClientSession.h b/proxy/http2/Http2ClientSession.h
index cd4cf0df503..893feb753a8 100644
--- a/proxy/http2/Http2ClientSession.h
+++ b/proxy/http2/Http2ClientSession.h
@@ -33,8 +33,7 @@
 class Http2ClientSession : public ProxySession, public Http2CommonSession
 {
 public:
-  using super          = ProxySession; ///< Parent type.
-  using SessionHandler = int (Http2ClientSession::*)(int, void *);
+  using super = ProxySession; ///< Parent type.
 
   Http2ClientSession();
 
@@ -63,10 +62,12 @@ class Http2ClientSession : public ProxySession, public Http2CommonSession
   void increment_current_active_connections_stat() override;
   void decrement_current_active_connections_stat() override;
 
+  void set_no_activity_timeout() override;
+
   ProxySession *get_proxy_session() override;
 
   // noncopyable
-  Http2ClientSession(Http2ClientSession &) = delete;
+  Http2ClientSession(Http2ClientSession &)                  = delete;
   Http2ClientSession &operator=(const Http2ClientSession &) = delete;
 
 private:
diff --git a/proxy/http2/Http2CommonSession.cc b/proxy/http2/Http2CommonSession.cc
index b151441e481..0484134d203 100644
--- a/proxy/http2/Http2CommonSession.cc
+++ b/proxy/http2/Http2CommonSession.cc
@@ -91,6 +91,7 @@ Http2CommonSession::common_free(ProxySession *ssn)
           ink_hrtime_to_msec(this->_milestones[Http2SsnMilestone::OPEN]),
           this->_milestones.difference_sec(Http2SsnMilestone::OPEN, Http2SsnMilestone::CLOSE));
   }
+
   // Update stats on how we died.  May want to eliminate this.  Was useful for
   // tracking down which cases we were having problems cleaning up.  But for general
   // use probably not worth the effort
@@ -150,9 +151,8 @@ Http2CommonSession::set_half_close_local_flag(bool flag)
 int64_t
 Http2CommonSession::xmit(const Http2TxFrame &frame, bool flush)
 {
-  int64_t len = frame.write_to(this->write_buffer);
+  int64_t len                      = frame.write_to(this->write_buffer);
   this->_pending_sending_data_size += len;
-  // Force flush for some cases
   if (!flush) {
     // Flush if we already use half of the buffer to avoid adding a new block to the chain.
     // A frame size can be 16MB at maximum so blocks can be added, but that's fine.
@@ -160,7 +160,6 @@ Http2CommonSession::xmit(const Http2TxFrame &frame, bool flush)
       flush = true;
     }
   }
-
   if (flush) {
     this->flush();
   }
@@ -259,7 +258,7 @@ Http2CommonSession::do_start_frame_read(Http2ErrorCode &ret_error)
 
   // Check whether data is read from early data
   if (this->read_from_early_data > 0) {
-    this->read_from_early_data -= this->read_from_early_data > nbytes ? nbytes : this->read_from_early_data;
+    this->read_from_early_data      -= this->read_from_early_data > nbytes ? nbytes : this->read_from_early_data;
     this->cur_frame_from_early_data = true;
   }
 
@@ -341,6 +340,8 @@ Http2CommonSession::do_complete_frame_read()
 int
 Http2CommonSession::do_process_frame_read(int event, VIO *vio, bool inside_frame)
 {
+  Http2SsnDebug("do_process_frame_read %" PRId64 " bytes ready", this->_read_buffer_reader->read_avail());
+
   if (inside_frame) {
     do_complete_frame_read();
   }
@@ -354,7 +355,8 @@ Http2CommonSession::do_process_frame_read(int event, VIO *vio, bool inside_frame
     }
 
     Http2ErrorCode err = Http2ErrorCode::HTTP2_ERROR_NO_ERROR;
-    if (this->connection_state.get_stream_error_rate() > std::min(1.0, Http2::stream_error_rate_threshold * 2.0)) {
+    if (this->connection_state.get_stream_error_rate() > std::min(1.0, Http2::stream_error_rate_threshold * 2.0) &&
+        !this->is_outbound()) {
       ip_port_text_buffer ipb;
       const char *peer_ip = ats_ip_ntop(this->get_proxy_session()->get_remote_addr(), ipb, sizeof(ipb));
       SiteThrottledWarning("HTTP/2 session error peer_ip=%s session_id=%" PRId64
@@ -422,7 +424,12 @@ Http2CommonSession::is_write_high_water() const
 void
 Http2CommonSession::write_reenable()
 {
-  write_vio->reenable();
+  if (write_vio) {
+    // Grab the lock for the write_vio.  Holding the lock is
+    // checked eventually via the reenable logic
+    SCOPED_MUTEX_LOCK(lock, write_vio->mutex, this_ethread());
+    write_vio->reenable();
+  }
 }
 
 void
@@ -438,3 +445,14 @@ Http2CommonSession::add_url_to_pushed_table(const char *url, int url_len)
     _h2_pushed_urls->emplace(url);
   }
 }
+
+void
+Http2CommonSession::add_session()
+{
+}
+
+bool
+Http2CommonSession::is_outbound() const
+{
+  return false;
+}
diff --git a/proxy/http2/Http2CommonSession.h b/proxy/http2/Http2CommonSession.h
index 7d4066f7059..6eb42c3dd02 100644
--- a/proxy/http2/Http2CommonSession.h
+++ b/proxy/http2/Http2CommonSession.h
@@ -36,13 +36,13 @@
 // HTTP2_SESSION_EVENT_RECV   Http2Frame *          Received a frame
 // HTTP2_SESSION_EVENT_XMIT   Http2Frame *          Send this frame
 
-#define HTTP2_SESSION_EVENT_INIT (HTTP2_SESSION_EVENTS_START + 1)
-#define HTTP2_SESSION_EVENT_FINI (HTTP2_SESSION_EVENTS_START + 2)
-#define HTTP2_SESSION_EVENT_RECV (HTTP2_SESSION_EVENTS_START + 3)
-#define HTTP2_SESSION_EVENT_XMIT (HTTP2_SESSION_EVENTS_START + 4)
+#define HTTP2_SESSION_EVENT_INIT          (HTTP2_SESSION_EVENTS_START + 1)
+#define HTTP2_SESSION_EVENT_FINI          (HTTP2_SESSION_EVENTS_START + 2)
+#define HTTP2_SESSION_EVENT_RECV          (HTTP2_SESSION_EVENTS_START + 3)
+#define HTTP2_SESSION_EVENT_XMIT          (HTTP2_SESSION_EVENTS_START + 4)
 #define HTTP2_SESSION_EVENT_SHUTDOWN_INIT (HTTP2_SESSION_EVENTS_START + 5)
 #define HTTP2_SESSION_EVENT_SHUTDOWN_CONT (HTTP2_SESSION_EVENTS_START + 6)
-#define HTTP2_SESSION_EVENT_REENABLE (HTTP2_SESSION_EVENTS_START + 7)
+#define HTTP2_SESSION_EVENT_REENABLE      (HTTP2_SESSION_EVENTS_START + 7)
 
 enum class Http2SessionCod : int {
   NOT_PROVIDED,
@@ -109,6 +109,11 @@ class Http2CommonSession
 
   virtual ProxySession *get_proxy_session() = 0;
 
+  virtual void add_session();
+  virtual bool is_outbound() const;
+
+  virtual void set_no_activity_timeout() = 0;
+
   ///////////////////
   // Variables
   Http2ConnectionState connection_state;
@@ -203,7 +208,7 @@ Http2CommonSession::is_url_pushed(const char *url, int url_len)
     return false;
   }
 
-  return _h2_pushed_urls->find(url) != _h2_pushed_urls->end();
+  return _h2_pushed_urls->find(std::string{url, static_cast(url_len)}) != _h2_pushed_urls->end();
 }
 
 inline int64_t
diff --git a/proxy/http2/Http2ConnectionState.cc b/proxy/http2/Http2ConnectionState.cc
index 6e8cc209044..7afdf93a620 100644
--- a/proxy/http2/Http2ConnectionState.cc
+++ b/proxy/http2/Http2ConnectionState.cc
@@ -25,6 +25,7 @@
 #include "HTTP2.h"
 #include "Http2ConnectionState.h"
 #include "Http2ClientSession.h"
+#include "Http2ServerSession.h"
 #include "Http2Stream.h"
 #include "Http2Frame.h"
 #include "Http2DebugNames.h"
@@ -34,6 +35,7 @@
 #include "tscpp/util/PostScript.h"
 #include "tscpp/util/LocalBuffer.h"
 
+#include 
 #include 
 #include 
 
@@ -44,12 +46,10 @@
     }                                                      \
   }
 
-#define Http2ConDebug(session, fmt, ...) \
-  SsnDebug(session->get_proxy_session(), "http2_con", "[%" PRId64 "] " fmt, session->get_connection_id(), ##__VA_ARGS__);
+#define Http2ConDebug(session, fmt, ...) Debug("http2_con", "[%" PRId64 "] " fmt, session->get_connection_id(), ##__VA_ARGS__);
 
-#define Http2StreamDebug(session, stream_id, fmt, ...)                                                                    \
-  SsnDebug(session->get_proxy_session(), "http2_con", "[%" PRId64 "] [%u] " fmt, session->get_connection_id(), stream_id, \
-           ##__VA_ARGS__);
+#define Http2StreamDebug(session, stream_id, fmt, ...) \
+  Debug("http2_con", "[%" PRId64 "] [%u] " fmt, session->get_connection_id(), stream_id, ##__VA_ARGS__);
 
 static const int buffer_size_index[HTTP2_FRAME_TYPE_MAX] = {
   BUFFER_SIZE_INDEX_16K, // HTTP2_FRAME_TYPE_DATA
@@ -105,13 +105,24 @@ Http2ConnectionState::rcv_data_frame(const Http2Frame &frame)
   if (stream == nullptr) {
     if (this->is_valid_streamid(id)) {
       // This error occurs fairly often, and is probably innocuous (SM initiates the shutdown)
-      return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_STREAM, Http2ErrorCode::HTTP2_ERROR_STREAM_CLOSED, nullptr);
+      if (this->session->is_outbound()) {
+        this->send_rst_stream_frame(id, Http2ErrorCode::HTTP2_ERROR_NO_ERROR);
+        return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_NONE);
+      } else {
+        return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_STREAM, Http2ErrorCode::HTTP2_ERROR_STREAM_CLOSED, nullptr);
+      }
     } else {
       return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_CONNECTION, Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR,
                         "recv data stream freed with invalid id");
     }
   }
 
+  if (stream->get_state() == Http2StreamState::HTTP2_STREAM_STATE_CLOSED ||
+      stream->get_state() == Http2StreamState::HTTP2_STREAM_STATE_HALF_CLOSED_REMOTE) {
+    this->send_rst_stream_frame(id, Http2ErrorCode::HTTP2_ERROR_STREAM_CLOSED);
+    return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_NONE);
+  }
+
   // If a DATA frame is received whose stream is not in "open" or "half closed
   // (local)" state,
   // the recipient MUST respond with a stream error of type STREAM_CLOSED.
@@ -147,41 +158,47 @@ Http2ConnectionState::rcv_data_frame(const Http2Frame &frame)
 
     // Pure END_STREAM
     if (payload_length == 0) {
-      stream->signal_read_event(VC_EVENT_READ_COMPLETE);
+      if (stream->read_enabled()) {
+        stream->signal_read_event(VC_EVENT_READ_COMPLETE);
+      }
       return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_NONE);
     }
   } else {
-    // If payload length is 0 without END_STREAM flag, do nothing
-    if (payload_length == 0) {
-      return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_NONE);
-    }
+    // Any headers that show up after we received data are by definition trailing headers
+    stream->set_trailing_header_is_possible();
+  }
+
+  // If payload length is 0 without END_STREAM flag, do nothing
+  if (payload_length == 0 && !stream->receive_end_stream) {
+    return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_NONE);
   }
 
   // Check whether Window Size is acceptable
-  if (!this->_local_rwnd_is_shrinking_in && this->get_local_rwnd_in() < payload_length) {
+  if (!this->_local_rwnd_is_shrinking && this->get_local_rwnd() < payload_length) {
     return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_CONNECTION, Http2ErrorCode::HTTP2_ERROR_FLOW_CONTROL_ERROR,
-                      "recv data cstate.server_rwnd < payload_length");
+                      "recv data this->local_rwnd < payload_length");
   }
   if (stream->get_local_rwnd() < payload_length) {
     return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_STREAM, Http2ErrorCode::HTTP2_ERROR_FLOW_CONTROL_ERROR,
-                      "recv data stream->server_rwnd < payload_length");
+                      "recv data stream->local_rwnd < payload_length");
   }
 
   // Update Window size
-  this->decrement_local_rwnd_in(payload_length);
+  this->decrement_local_rwnd(payload_length);
   stream->decrement_local_rwnd(payload_length);
 
   if (is_debug_tag_set("http2_con")) {
     uint32_t const stream_window  = this->acknowledged_local_settings.get(HTTP2_SETTINGS_INITIAL_WINDOW_SIZE);
-    uint32_t const session_window = this->_get_configured_receive_session_window_size_in();
-    Http2StreamDebug(this->session, id, "Received DATA frame: rwnd con=%zd/%" PRId32 " stream=%zd/%" PRId32,
-                     this->get_local_rwnd_in(), session_window, stream->get_local_rwnd(), stream_window);
+    uint32_t const session_window = this->_get_configured_receive_session_window_size();
+    Http2StreamDebug(this->session, id,
+                     "Received DATA frame: payload_length=%" PRId32 " rwnd con=%zd/%" PRId32 " stream=%zd/%" PRId32, payload_length,
+                     this->get_local_rwnd(), session_window, stream->get_local_rwnd(), stream_window);
   }
 
   const uint32_t unpadded_length = payload_length - pad_length;
   MIOBuffer *writer              = stream->read_vio_writer();
   if (writer == nullptr) {
-    return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_STREAM, Http2ErrorCode::HTTP2_ERROR_INTERNAL_ERROR);
+    return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_STREAM, Http2ErrorCode::HTTP2_ERROR_INTERNAL_ERROR, "no writer");
   }
 
   // If we call write() multiple times, we must keep the same reader, so we can
@@ -201,17 +218,30 @@ Http2ConnectionState::rcv_data_frame(const Http2Frame &frame)
     unsigned int num_written = writer->write(myreader, read_len);
     if (num_written != read_len) {
       myreader->writer()->dealloc_reader(myreader);
-      return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_STREAM, Http2ErrorCode::HTTP2_ERROR_INTERNAL_ERROR);
+      return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_STREAM, Http2ErrorCode::HTTP2_ERROR_INTERNAL_ERROR, "Write mismatch");
     }
     myreader->consume(num_written);
+    stream->read_update(num_written);
   }
   myreader->writer()->dealloc_reader(myreader);
 
   if (frame.header().flags & HTTP2_FLAGS_DATA_END_STREAM) {
     // TODO: set total written size to read_vio.nbytes
-    stream->signal_read_event(VC_EVENT_READ_COMPLETE);
-  } else {
-    stream->signal_read_event(VC_EVENT_READ_READY);
+    stream->read_done();
+  }
+
+  if (stream->read_enabled()) {
+    if (frame.header().flags & HTTP2_FLAGS_DATA_END_STREAM) {
+      if (this->get_peer_stream_count() > 1 && this->get_local_rwnd() == 0) {
+        // This final DATA frame for this stream consumed all the bytes for the
+        // session window. Send a WINDOW_UPDATE frame in order to open up the
+        // session window for other streams.
+        restart_receiving(nullptr);
+      }
+      stream->signal_read_event(VC_EVENT_READ_COMPLETE);
+    } else {
+      stream->signal_read_event(VC_EVENT_READ_READY);
+    }
   }
 
   return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_NONE);
@@ -239,28 +269,50 @@ Http2ConnectionState::rcv_headers_frame(const Http2Frame &frame)
                       "recv headers bad client id");
   }
 
-  Http2Stream *stream = nullptr;
-  bool new_stream     = false;
+  Http2Stream *stream              = nullptr;
+  bool new_stream                  = false;
+  bool reset_header_after_decoding = false;
+  bool free_stream_after_decoding  = false;
 
   if (this->is_valid_streamid(stream_id)) {
     stream = this->find_stream(stream_id);
-    if (stream == nullptr) {
+    if (!this->session->is_outbound() && (stream == nullptr || !stream->trailing_header_is_possible())) {
       return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_CONNECTION, Http2ErrorCode::HTTP2_ERROR_STREAM_CLOSED,
-                        "recv headers cannot find existing stream_id");
-    } else if (stream->get_state() == Http2StreamState::HTTP2_STREAM_STATE_CLOSED) {
-      return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_CONNECTION, Http2ErrorCode::HTTP2_ERROR_STREAM_CLOSED,
-                        "recv_header to closed stream");
-    } else if (!stream->has_trailing_header()) {
-      return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_CONNECTION, Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR,
                         "stream not expecting trailer header");
+    } else if (stream == nullptr || stream->get_state() == Http2StreamState::HTTP2_STREAM_STATE_CLOSED) {
+      if (this->session->is_outbound()) {
+        reset_header_after_decoding = true;
+        // return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_NONE);
+        // return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_STREAM, Http2ErrorCode::HTTP2_ERROR_STREAM_CLOSED,
+        //                  "recv_header to closed stream");
+      } else {
+        return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_CONNECTION, Http2ErrorCode::HTTP2_ERROR_STREAM_CLOSED,
+                          "recv_header to closed stream");
+      }
     }
-  } else {
-    // Create new stream
-    Http2Error error(Http2ErrorClass::HTTP2_ERROR_CLASS_NONE);
-    stream     = this->create_stream(stream_id, error);
-    new_stream = true;
-    if (!stream) {
-      return error;
+  }
+
+  if (!http2_is_client_streamid(stream_id)) {
+    return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_CONNECTION, Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR,
+                      "recv headers bad client id");
+  }
+
+  if (!stream) {
+    if (reset_header_after_decoding) {
+      free_stream_after_decoding                 = true;
+      uint32_t const initial_local_stream_window = this->acknowledged_local_settings.get(HTTP2_SETTINGS_INITIAL_WINDOW_SIZE);
+      ink_assert(dynamic_cast(this->session->get_proxy_session())->is_outbound() == true);
+      stream = THREAD_ALLOC_INIT(http2StreamAllocator, this_ethread(), this->session->get_proxy_session(), stream_id,
+                                 this->peer_settings.get(HTTP2_SETTINGS_INITIAL_WINDOW_SIZE), initial_local_stream_window,
+                                 !STREAM_IS_REGISTERED);
+    } else {
+      // Create new stream
+      Http2Error error(Http2ErrorClass::HTTP2_ERROR_CLASS_NONE);
+      stream     = this->create_stream(stream_id, error);
+      new_stream = true;
+      if (!stream) {
+        return error;
+      }
     }
   }
 
@@ -352,28 +404,37 @@ Http2ConnectionState::rcv_headers_frame(const Http2Frame &frame)
 
   if (frame.header().flags & HTTP2_FLAGS_HEADERS_END_HEADERS) {
     // NOTE: If there are END_HEADERS flag, decode stored Header Blocks.
-    if (!stream->change_state(HTTP2_FRAME_TYPE_HEADERS, frame.header().flags) && stream->has_trailing_header() == false) {
+    if (!stream->change_state(HTTP2_FRAME_TYPE_HEADERS, frame.header().flags)) {
       return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_CONNECTION, Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR,
                         "recv headers end headers and not trailing header");
     }
 
-    bool empty_request = false;
-    if (stream->has_trailing_header()) {
+    if (stream->trailing_header_is_possible()) {
       if (!(frame.header().flags & HTTP2_FLAGS_HEADERS_END_STREAM)) {
         return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_STREAM, Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR,
                           "recv headers tailing header without endstream");
       }
-      // If the flag has already been set before decoding header blocks, this is the trailing header.
-      // Set a flag to avoid initializing fetcher for now.
-      // Decoding header blocks is still needed to maintain a HPACK dynamic table.
-      // TODO: TS-3812
-      empty_request = true;
     }
 
-    stream->mark_milestone(Http2StreamMilestone::START_DECODE_HEADERS);
+    if (stream->trailing_header_is_possible()) {
+      stream->reset_receive_headers();
+    } else {
+      stream->mark_milestone(Http2StreamMilestone::START_DECODE_HEADERS);
+    }
     Http2ErrorCode result = stream->decode_header_blocks(*this->local_hpack_handle,
                                                          this->acknowledged_local_settings.get(HTTP2_SETTINGS_HEADER_TABLE_SIZE));
 
+    // If this was an outbound connection and the state was already closed, just clear the
+    // headers after processing.  We just processed the heaer blocks to keep the dynamic table in
+    // sync with peer to avoid future HPACK compression errors
+    if (reset_header_after_decoding) {
+      stream->reset_receive_headers();
+      if (free_stream_after_decoding) {
+        THREAD_FREE(stream, http2StreamAllocator, this_ethread());
+      }
+      return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_NONE);
+    }
+
     if (result != Http2ErrorCode::HTTP2_ERROR_NO_ERROR) {
       if (result == Http2ErrorCode::HTTP2_ERROR_COMPRESSION_ERROR) {
         return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_CONNECTION, Http2ErrorCode::HTTP2_ERROR_COMPRESSION_ERROR,
@@ -394,15 +455,22 @@ Http2ConnectionState::rcv_headers_frame(const Http2Frame &frame)
     }
 
     // Set up the State Machine
-    if (!empty_request) {
+    if (!stream->is_outbound_connection() && !stream->trailing_header_is_possible()) {
       SCOPED_MUTEX_LOCK(stream_lock, stream->mutex, this_ethread());
       stream->mark_milestone(Http2StreamMilestone::START_TXN);
       stream->new_transaction(frame.is_from_early_data());
       // Send request header to SM
       stream->send_request(*this);
     } else {
-      // Signal VC_EVENT_READ_COMPLETE because received trailing header fields with END_STREAM flag
-      stream->signal_read_event(VC_EVENT_READ_COMPLETE);
+      // If this is a trailer, first signal to the SM that the body is done
+      if (stream->trailing_header_is_possible()) {
+        stream->set_expect_receive_trailer();
+        // Propagate the  trailer header
+        stream->send_request(*this);
+      } else {
+        // Propagate the response
+        stream->send_request(*this);
+      }
     }
   } else {
     // NOTE: Expect CONTINUATION Frame. Do NOT change state of stream or decode
@@ -494,7 +562,7 @@ Http2ConnectionState::rcv_priority_frame(const Http2Frame &frame)
 
     // Restrict number of inactive node in dependency tree smaller than max_concurrent_streams.
     // Current number of inactive node is size of tree minus active node count.
-    if (Http2::max_concurrent_streams_in > this->dependency_tree->size() - this->get_peer_stream_count() + 1) {
+    if (this->_get_configured_max_concurrent_streams() > this->dependency_tree->size() - this->get_peer_stream_count() + 1) {
       this->dependency_tree->add(priority.stream_dependency, stream_id, priority.weight, priority.exclusive_flag, nullptr);
     }
   }
@@ -553,9 +621,10 @@ Http2ConnectionState::rcv_rst_stream_frame(const Http2Frame &frame)
   }
 
   if (stream != nullptr) {
-    Http2StreamDebug(this->session, stream_id, "RST_STREAM: Error Code: %u", rst_stream.error_code);
+    Http2StreamDebug(this->session, stream_id, "Parsed RST_STREAM: Error Code: %u", rst_stream.error_code);
 
     stream->set_rx_error_code({ProxyErrorClass::TXN, static_cast(rst_stream.error_code)});
+    stream->signal_read_event(VC_EVENT_EOS);
     stream->initiating_close();
   }
 
@@ -576,7 +645,7 @@ Http2ConnectionState::rcv_settings_frame(const Http2Frame &frame)
     Warning("Setting frame for zombied session %" PRId64, this->session->get_connection_id());
   }
 
-  // Update SETTIGNS frame count per minute
+  // Update SETTINGS frame count per minute
   this->increment_received_settings_frame_count();
   // Close this connection if its SETTINGS frame count exceeds a limit
   if (this->get_received_settings_frame_count() > Http2::max_settings_frames_per_minute) {
@@ -650,7 +719,7 @@ Http2ConnectionState::rcv_settings_frame(const Http2Frame &frame)
     // windows that it maintains by the difference between the new value and
     // the old value.
     if (param.id == HTTP2_SETTINGS_INITIAL_WINDOW_SIZE) {
-      this->update_initial_peer_rwnd_in(param.value);
+      this->update_initial_peer_rwnd(param.value);
     }
 
     this->peer_settings.set(static_cast(param.id), param.value);
@@ -671,8 +740,8 @@ Http2ConnectionState::rcv_settings_frame(const Http2Frame &frame)
   // [RFC 7540] 6.5. Once all values have been applied, the recipient MUST
   // immediately emit a SETTINGS frame with the ACK flag set.
   Http2SettingsFrame ack_frame(HTTP2_CONNECTION_CONTROL_STREAM, HTTP2_FLAGS_SETTINGS_ACK);
+  Http2StreamDebug(this->session, stream_id, "Send SETTINGS ACK");
   this->session->xmit(ack_frame);
-
   return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_NONE);
 }
 
@@ -803,7 +872,7 @@ Http2ConnectionState::rcv_window_update_frame(const Http2Frame &frame)
   if (stream_id == HTTP2_CONNECTION_CONTROL_STREAM) {
     // Connection level window update
     Http2StreamDebug(this->session, stream_id, "Received WINDOW_UPDATE frame - updated to: %zd delta: %u",
-                     (this->get_peer_rwnd_in() + size), size);
+                     (this->get_peer_rwnd() + size), size);
 
     // A sender MUST NOT allow a flow-control window to exceed 2^31-1
     // octets.  If a sender receives a WINDOW_UPDATE that causes a flow-
@@ -812,16 +881,15 @@ Http2ConnectionState::rcv_window_update_frame(const Http2Frame &frame)
     // sends a RST_STREAM with an error code of FLOW_CONTROL_ERROR; for the
     // connection, a GOAWAY frame with an error code of FLOW_CONTROL_ERROR
     // is sent.
-    if (size > HTTP2_MAX_WINDOW_SIZE - this->get_peer_rwnd_in()) {
+    if (size > HTTP2_MAX_WINDOW_SIZE - this->get_peer_rwnd()) {
       return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_CONNECTION, Http2ErrorCode::HTTP2_ERROR_FLOW_CONTROL_ERROR,
                         "window update too big");
     }
 
-    auto error = this->increment_peer_rwnd_in(size);
+    auto error = this->increment_peer_rwnd(size);
     if (error != Http2ErrorCode::HTTP2_ERROR_NO_ERROR) {
       return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_CONNECTION, error, "Erroneous client window update");
     }
-
     this->restart_streams();
   } else {
     // Stream level window update
@@ -853,11 +921,11 @@ Http2ConnectionState::rcv_window_update_frame(const Http2Frame &frame)
 
     auto error = stream->increment_peer_rwnd(size);
     if (error != Http2ErrorCode::HTTP2_ERROR_NO_ERROR) {
-      return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_STREAM, error);
+      return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_STREAM, error, "Bad stream rwnd");
     }
 
-    ssize_t wnd = std::min(this->get_peer_rwnd_in(), stream->get_peer_rwnd());
-    if (!stream->is_closed() && stream->get_state() == Http2StreamState::HTTP2_STREAM_STATE_HALF_CLOSED_REMOTE && wnd > 0) {
+    ssize_t wnd = std::min(this->get_peer_rwnd(), stream->get_peer_rwnd());
+    if (wnd > 0) {
       SCOPED_MUTEX_LOCK(lock, stream->mutex, this_ethread());
       stream->restart_sending();
     }
@@ -914,7 +982,7 @@ Http2ConnectionState::rcv_continuation_frame(const Http2Frame &frame)
   }
 
   uint32_t header_blocks_offset = stream->header_blocks_length;
-  stream->header_blocks_length += payload_length;
+  stream->header_blocks_length  += payload_length;
 
   // ATS advertises SETTINGS_MAX_HEADER_LIST_SIZE as a limit of total header blocks length. (Details in [RFC 7560] 10.5.1.)
   // Make it double to relax the limit in cases of 1) HPACK is used naively, or 2) Huffman Encoding generates large header blocks.
@@ -974,6 +1042,64 @@ Http2ConnectionState::rcv_continuation_frame(const Http2Frame &frame)
   return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_NONE);
 }
 
+////////
+// Configuration Getters.
+//
+uint32_t
+Http2ConnectionState::_get_configured_max_concurrent_streams() const
+{
+  ink_assert(this->session != nullptr);
+  if (this->session->is_outbound()) {
+    return Http2::max_concurrent_streams_out;
+  } else {
+    return Http2::max_concurrent_streams_in;
+  }
+}
+
+uint32_t
+Http2ConnectionState::_get_configured_min_concurrent_streams() const
+{
+  ink_assert(this->session != nullptr);
+  if (this->session->is_outbound()) {
+    return Http2::min_concurrent_streams_out;
+  } else {
+    return Http2::min_concurrent_streams_in;
+  }
+}
+
+uint32_t
+Http2ConnectionState::_get_configured_max_active_streams() const
+{
+  ink_assert(this->session != nullptr);
+  if (this->session->is_outbound()) {
+    return Http2::max_active_streams_out;
+  } else {
+    return Http2::max_active_streams_in;
+  }
+}
+
+uint32_t
+Http2ConnectionState::_get_configured_initial_window_size() const
+{
+  ink_assert(this->session != nullptr);
+  if (this->session->is_outbound()) {
+    return Http2::initial_window_size_out;
+  } else {
+    return Http2::initial_window_size_in;
+  }
+}
+
+Http2FlowControlPolicy
+Http2ConnectionState::_get_configured_flow_control_policy() const
+{
+  ink_assert(this->session != nullptr);
+  if (this->session->is_outbound()) {
+    return Http2::flow_control_policy_out;
+  } else {
+    return Http2::flow_control_policy_in;
+  }
+}
+
 ////////
 // Http2ConnectionSettings
 //
@@ -991,13 +1117,18 @@ Http2ConnectionSettings::Http2ConnectionSettings()
 }
 
 void
-Http2ConnectionSettings::settings_from_configs()
+Http2ConnectionSettings::settings_from_configs(bool is_outbound)
 {
-  settings[indexof(HTTP2_SETTINGS_MAX_CONCURRENT_STREAMS)] = Http2::max_concurrent_streams_in;
-  settings[indexof(HTTP2_SETTINGS_INITIAL_WINDOW_SIZE)]    = Http2::initial_window_size_in;
-  settings[indexof(HTTP2_SETTINGS_MAX_FRAME_SIZE)]         = Http2::max_frame_size;
-  settings[indexof(HTTP2_SETTINGS_HEADER_TABLE_SIZE)]      = Http2::header_table_size;
-  settings[indexof(HTTP2_SETTINGS_MAX_HEADER_LIST_SIZE)]   = Http2::max_header_list_size;
+  if (is_outbound) {
+    settings[indexof(HTTP2_SETTINGS_MAX_CONCURRENT_STREAMS)] = Http2::max_concurrent_streams_out;
+    settings[indexof(HTTP2_SETTINGS_INITIAL_WINDOW_SIZE)]    = Http2::initial_window_size_out;
+  } else {
+    settings[indexof(HTTP2_SETTINGS_MAX_CONCURRENT_STREAMS)] = Http2::max_concurrent_streams_in;
+    settings[indexof(HTTP2_SETTINGS_INITIAL_WINDOW_SIZE)]    = Http2::initial_window_size_in;
+  }
+  settings[indexof(HTTP2_SETTINGS_MAX_FRAME_SIZE)]       = Http2::max_frame_size;
+  settings[indexof(HTTP2_SETTINGS_HEADER_TABLE_SIZE)]    = Http2::header_table_size;
+  settings[indexof(HTTP2_SETTINGS_MAX_HEADER_LIST_SIZE)] = Http2::max_header_list_size;
 }
 
 unsigned
@@ -1044,23 +1175,23 @@ void
 Http2ConnectionState::init(Http2CommonSession *ssn)
 {
   session                                  = ssn;
-  uint32_t const configured_session_window = this->_get_configured_receive_session_window_size_in();
+  uint32_t const configured_session_window = this->_get_configured_receive_session_window_size();
 
   if (configured_session_window < HTTP2_INITIAL_WINDOW_SIZE) {
     // There is no HTTP/2 specified way to shrink the connection window size
     // other than to receive data and not send WINDOW_UPDATE frames for a
     // while.
-    this->_local_rwnd_in              = HTTP2_INITIAL_WINDOW_SIZE;
-    this->_local_rwnd_is_shrinking_in = true;
+    this->_local_rwnd              = HTTP2_INITIAL_WINDOW_SIZE;
+    this->_local_rwnd_is_shrinking = true;
   } else {
-    this->_local_rwnd_in              = configured_session_window;
-    this->_local_rwnd_is_shrinking_in = false;
+    this->_local_rwnd              = configured_session_window;
+    this->_local_rwnd_is_shrinking = false;
   }
 
   local_hpack_handle = new HpackHandle(HTTP2_HEADER_TABLE_SIZE);
   peer_hpack_handle  = new HpackHandle(HTTP2_HEADER_TABLE_SIZE);
   if (Http2::stream_priority_enabled) {
-    dependency_tree = new DependencyTree(Http2::max_concurrent_streams_in);
+    dependency_tree = new DependencyTree(this->_get_configured_max_concurrent_streams());
   }
 
   _cop = ActivityCop(this->mutex, &stream_list, 1);
@@ -1083,15 +1214,22 @@ Http2ConnectionState::send_connection_preface()
   REMEMBER(NO_EVENT, this->recursion)
 
   Http2ConnectionSettings configured_settings;
-  configured_settings.settings_from_configs();
+  configured_settings.settings_from_configs(session->is_outbound());
+
+  // We do not have PUSH_PROMISE implemented, so we communicate to the peer
+  // that they should not send such frames to us. RFC 9113 6.5.2 says that
+  // servers can send this too, but they  must always set a value of 0. Thus we
+  // send a value of 0 for both inbound and outbound connections.
+  configured_settings.set(HTTP2_SETTINGS_ENABLE_PUSH, 0);
+
   configured_settings.set(HTTP2_SETTINGS_MAX_CONCURRENT_STREAMS, _adjust_concurrent_stream());
 
+  uint32_t const configured_initial_window_size = this->_get_configured_receive_session_window_size();
   if (this->_has_dynamic_stream_window()) {
     // Since this is the beginning of the connection and there are no streams
     // yet, we can just set the stream window size to fill the entire session
     // window size.
-    uint32_t const stream_window = this->_get_configured_receive_session_window_size_in();
-    configured_settings.set(HTTP2_SETTINGS_INITIAL_WINDOW_SIZE, stream_window);
+    configured_settings.set(HTTP2_SETTINGS_INITIAL_WINDOW_SIZE, configured_initial_window_size);
   }
 
   send_settings_frame(configured_settings);
@@ -1099,8 +1237,8 @@ Http2ConnectionState::send_connection_preface()
   // If the session window size is non-default, send a WINDOW_UPDATE right
   // away. Note that there is no session window size setting in HTTP/2. The
   // session window size is controlled entirely by WINDOW_UPDATE frames.
-  if (this->_get_configured_receive_session_window_size_in() > HTTP2_INITIAL_WINDOW_SIZE) {
-    auto const diff = this->_get_configured_receive_session_window_size_in() - HTTP2_INITIAL_WINDOW_SIZE;
+  if (configured_initial_window_size > HTTP2_INITIAL_WINDOW_SIZE) {
+    auto const diff = configured_initial_window_size - HTTP2_INITIAL_WINDOW_SIZE;
     Http2ConDebug(session, "Updating the session window with a WINDOW_UPDATE frame: %u", diff);
     send_window_update_frame(HTTP2_CONNECTION_CONTROL_STREAM, diff);
   }
@@ -1283,7 +1421,6 @@ Http2ConnectionState::main_event_handler(int event, void *edata)
       }
     }
   }
-
   return 0;
 }
 
@@ -1303,6 +1440,112 @@ Http2ConnectionState::state_closed(int event, void *edata)
   return 0;
 }
 
+bool
+Http2ConnectionState::is_peer_concurrent_stream_ub() const
+{
+  return peer_streams_count_in >= (peer_settings.get(HTTP2_SETTINGS_MAX_CONCURRENT_STREAMS)) * 0.9;
+}
+
+bool
+Http2ConnectionState::is_peer_concurrent_stream_lb() const
+{
+  return peer_streams_count_in <= (peer_settings.get(HTTP2_SETTINGS_MAX_CONCURRENT_STREAMS)) / 2;
+}
+
+void
+Http2ConnectionState::set_stream_id(Http2Stream *stream)
+{
+  if (stream->get_transaction_id() < 0) {
+    Http2StreamId stream_id = (latest_streamid_in == 0) ? 3 : latest_streamid_in + 2;
+    stream->set_transaction_id(stream_id);
+    latest_streamid_in = stream_id;
+  }
+}
+
+Http2Stream *
+Http2ConnectionState::create_initiating_stream(Http2Error &error)
+{
+  // first check if we've hit the active connection limit
+  if (!session->get_netvc()->add_to_active_queue()) {
+    error = Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_CONNECTION, Http2ErrorCode::HTTP2_ERROR_NO_ERROR,
+                       "refused to create new stream, maxed out active connections");
+    return nullptr;
+  }
+
+  // In half_close state, TS doesn't create new stream. Because GOAWAY frame is sent to client
+  if (session->get_half_close_local_flag()) {
+    error = Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_STREAM, Http2ErrorCode::HTTP2_ERROR_REFUSED_STREAM,
+                       "refused to create new stream, because session is in half_close state");
+    return nullptr;
+  }
+
+  // Endpoints MUST NOT exceed the limit set by their peer.  An endpoint
+  // that receives a HEADERS frame that causes their advertised concurrent
+  // stream limit to be exceeded MUST treat this as a stream error.
+  int check_max_concurrent_limit;
+  int check_count;
+  check_count = peer_streams_count_in;
+  // If this is an outbound client stream, must check against the peer's max_concurrent
+  if (session->is_outbound()) {
+    check_max_concurrent_limit = peer_settings.get(HTTP2_SETTINGS_MAX_CONCURRENT_STREAMS);
+  } else { // Inbound client streamm check against our own max_connecurent limits
+    check_max_concurrent_limit = local_settings.get(HTTP2_SETTINGS_MAX_CONCURRENT_STREAMS);
+  }
+  ink_release_assert(check_max_concurrent_limit != 0);
+
+  // If we haven't got the peers settings yet, just hope for the best
+  if (check_max_concurrent_limit >= 0) {
+    if (session->is_outbound() && Http2ConnectionState::is_peer_concurrent_stream_ub()) {
+      error = Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_STREAM, Http2ErrorCode::HTTP2_ERROR_REFUSED_STREAM,
+                         "recv headers creating stream beyond max_concurrent limit");
+      return nullptr;
+    } else if (check_count >= check_max_concurrent_limit) {
+      error = Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_STREAM, Http2ErrorCode::HTTP2_ERROR_REFUSED_STREAM,
+                         "recv headers creating stream beyond max_concurrent limit");
+      return nullptr;
+    }
+  }
+
+  ink_assert(dynamic_cast(this->session->get_proxy_session())->is_outbound() == true);
+  uint32_t const initial_stream_window = this->acknowledged_local_settings.get(HTTP2_SETTINGS_INITIAL_WINDOW_SIZE);
+  Http2Stream *new_stream =
+    THREAD_ALLOC_INIT(http2StreamAllocator, this_ethread(), session->get_proxy_session(), -1,
+                      peer_settings.get(HTTP2_SETTINGS_INITIAL_WINDOW_SIZE), initial_stream_window, STREAM_IS_REGISTERED);
+
+  ink_assert(nullptr != new_stream);
+  ink_assert(!stream_list.in(new_stream));
+
+  stream_list.enqueue(new_stream);
+  ink_assert(peer_streams_count_in < UINT32_MAX);
+  ++peer_streams_count_in;
+  ++total_peer_streams_count;
+
+  if (zombie_event != nullptr) {
+    zombie_event->cancel();
+    zombie_event = nullptr;
+  }
+
+  new_stream->mutex                     = new_ProxyMutex();
+  new_stream->is_first_transaction_flag = get_stream_requests() == 0;
+  increment_stream_requests();
+
+  // Clear the session timeout.  Let the transaction timeouts reign
+  session->get_proxy_session()->cancel_inactivity_timeout();
+
+  if (session->is_outbound() && this->_has_dynamic_stream_window()) {
+    // See the comment in create_stream() concerning the difference between the
+    // initial window size and the target window size for dynamic stream window
+    // sizes.
+    Http2ConnectionSettings new_settings = local_settings;
+    uint32_t const initial_stream_window_target =
+      this->_get_configured_receive_session_window_size() / (peer_streams_count_in.load());
+    new_settings.set(HTTP2_SETTINGS_INITIAL_WINDOW_SIZE, initial_stream_window_target);
+    send_settings_frame(new_settings);
+  }
+
+  return new_stream;
+}
+
 Http2Stream *
 Http2ConnectionState::create_stream(Http2StreamId new_id, Http2Error &error)
 {
@@ -1345,22 +1588,37 @@ Http2ConnectionState::create_stream(Http2StreamId new_id, Http2Error &error)
   // Endpoints MUST NOT exceed the limit set by their peer.  An endpoint
   // that receives a HEADERS frame that causes their advertised concurrent
   // stream limit to be exceeded MUST treat this as a stream error.
+  int check_max_concurrent_limit = 0;
+  int check_count                = 0;
+  int max_streams_stat           = 0;
   if (is_client_streamid) {
-    if (peer_streams_count_in >= acknowledged_local_settings.get(HTTP2_SETTINGS_MAX_CONCURRENT_STREAMS)) {
-      HTTP2_INCREMENT_THREAD_DYN_STAT(HTTP2_STAT_MAX_CONCURRENT_STREAMS_EXCEEDED_IN, this_ethread());
-      error = Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_STREAM, Http2ErrorCode::HTTP2_ERROR_REFUSED_STREAM,
-                         "recv headers creating inbound stream beyond max_concurrent limit");
-      return nullptr;
-    }
-  } else {
-    if (peer_streams_count_out >= peer_settings.get(HTTP2_SETTINGS_MAX_CONCURRENT_STREAMS)) {
-      HTTP2_INCREMENT_THREAD_DYN_STAT(HTTP2_STAT_MAX_CONCURRENT_STREAMS_EXCEEDED_OUT, this_ethread());
-      error = Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_STREAM, Http2ErrorCode::HTTP2_ERROR_REFUSED_STREAM,
-                         "recv headers creating outbound stream beyond max_concurrent limit");
-      return nullptr;
-    }
+    check_count      = peer_streams_count_in;
+    max_streams_stat = HTTP2_STAT_MAX_CONCURRENT_STREAMS_EXCEEDED_IN;
+    // If this is an outbound client stream, must check against the peer's max_concurrent
+    if (session->is_outbound()) {
+      check_max_concurrent_limit = peer_settings.get(HTTP2_SETTINGS_MAX_CONCURRENT_STREAMS);
+    } else { // Inbound client streamm check against our own max_connecurent limits
+      check_max_concurrent_limit = acknowledged_local_settings.get(HTTP2_SETTINGS_MAX_CONCURRENT_STREAMS);
+    }
+  } else { // Not a client stream (i.e. a push)
+    check_count      = peer_streams_count_out;
+    max_streams_stat = HTTP2_STAT_MAX_CONCURRENT_STREAMS_EXCEEDED_OUT;
+    // If this is an outbound non-client stream, must check against the local max_concurrent
+    if (session->is_outbound()) {
+      check_max_concurrent_limit = acknowledged_local_settings.get(HTTP2_SETTINGS_MAX_CONCURRENT_STREAMS);
+    } else { // Inbound non-client streamm check against the peer's max_connecurent limits
+      check_max_concurrent_limit = peer_settings.get(HTTP2_SETTINGS_MAX_CONCURRENT_STREAMS);
+    }
+  }
+  // If we haven't got the peers settings yet, just hope for the best
+  if (check_max_concurrent_limit >= 0 && check_count >= check_max_concurrent_limit) {
+    HTTP2_INCREMENT_THREAD_DYN_STAT(max_streams_stat, this_ethread());
+    error = Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_STREAM, Http2ErrorCode::HTTP2_ERROR_REFUSED_STREAM,
+                       "recv headers creating stream beyond max_concurrent limit");
+    return nullptr;
   }
 
+  ink_release_assert(dynamic_cast(this->session->get_proxy_session())->is_outbound() == false);
   uint32_t initial_stream_window        = this->acknowledged_local_settings.get(HTTP2_SETTINGS_INITIAL_WINDOW_SIZE);
   uint32_t initial_stream_window_target = initial_stream_window;
   if (is_client_streamid && this->_has_dynamic_stream_window()) {
@@ -1375,10 +1633,11 @@ Http2ConnectionState::create_stream(Http2StreamId new_id, Http2Error &error)
     //
     // The situation of dynamic stream window sizes is described in [RFC 9113]
     // 6.9.3.
-    initial_stream_window_target = this->_get_configured_receive_session_window_size_in() / (peer_streams_count_in.load() + 1);
+    initial_stream_window_target = this->_get_configured_receive_session_window_size() / (peer_streams_count_in.load() + 1);
   }
-  Http2Stream *new_stream = THREAD_ALLOC_INIT(http2StreamAllocator, this_ethread(), session->get_proxy_session(), new_id,
-                                              peer_settings.get(HTTP2_SETTINGS_INITIAL_WINDOW_SIZE), initial_stream_window);
+  Http2Stream *new_stream =
+    THREAD_ALLOC_INIT(http2StreamAllocator, this_ethread(), session->get_proxy_session(), new_id,
+                      peer_settings.get(HTTP2_SETTINGS_INITIAL_WINDOW_SIZE), initial_stream_window, STREAM_IS_REGISTERED);
 
   ink_assert(nullptr != new_stream);
   ink_assert(!stream_list.in(new_stream));
@@ -1409,6 +1668,9 @@ Http2ConnectionState::create_stream(Http2StreamId new_id, Http2Error &error)
   }
   increment_stream_requests();
 
+  // Clear the session timeout.  Let the transaction timeouts reign
+  session->get_proxy_session()->cancel_inactivity_timeout();
+
   return new_stream;
 }
 
@@ -1424,6 +1686,17 @@ Http2ConnectionState::find_stream(Http2StreamId id) const
   return nullptr;
 }
 
+void
+Http2ConnectionState::start_streams()
+{
+  Http2Stream *s = stream_list.head;
+  while (s) {
+    Http2Stream *next = static_cast(s->link.next);
+    s->reenable_write();
+    s = next;
+  }
+}
+
 void
 Http2ConnectionState::restart_streams()
 {
@@ -1435,7 +1708,6 @@ Http2ConnectionState::restart_streams()
     // It doesn't need to be initialized with rand() nor time(), and doesn't need to be accessed with a lock, because it doesn't
     // need that randomness and accuracy.
     static uint16_t starting_point = 0;
-
     // Change the start point randomly
     for (int i = starting_point % total_peer_streams_count; i >= 0; --i) {
       end = static_cast(end->link.next ? end->link.next : stream_list.head);
@@ -1445,16 +1717,17 @@ Http2ConnectionState::restart_streams()
     // Call send_response_body() for each streams
     while (s != end) {
       Http2Stream *next = static_cast(s->link.next ? s->link.next : stream_list.head);
-      if (!s->is_closed() && s->get_state() == Http2StreamState::HTTP2_STREAM_STATE_HALF_CLOSED_REMOTE &&
-          std::min(this->get_peer_rwnd_in(), s->get_peer_rwnd()) > 0) {
+      if (std::min(this->get_peer_rwnd(), s->get_peer_rwnd()) > 0) {
         SCOPED_MUTEX_LOCK(lock, s->mutex, this_ethread());
         s->restart_sending();
       }
       ink_assert(s != next);
       s = next;
     }
-    if (!s->is_closed() && s->get_state() == Http2StreamState::HTTP2_STREAM_STATE_HALF_CLOSED_REMOTE &&
-        std::min(this->get_peer_rwnd_in(), s->get_peer_rwnd()) > 0) {
+
+    // The above stopped at end, so we need to call send_response_body() one
+    // last time for the stream pointed to by end.
+    if (std::min(this->get_peer_rwnd(), s->get_peer_rwnd()) > 0) {
       SCOPED_MUTEX_LOCK(lock, s->mutex, this_ethread());
       s->restart_sending();
     }
@@ -1467,14 +1740,14 @@ void
 Http2ConnectionState::restart_receiving(Http2Stream *stream)
 {
   // Connection level WINDOW UPDATE
-  uint32_t const configured_session_window = this->_get_configured_receive_session_window_size_in();
+  uint32_t const configured_session_window = this->_get_configured_receive_session_window_size();
   uint32_t const min_session_window =
     std::min(configured_session_window, this->acknowledged_local_settings.get(HTTP2_SETTINGS_MAX_FRAME_SIZE));
-  if (this->get_local_rwnd_in() < min_session_window) {
-    Http2WindowSize diff_size = configured_session_window - this->get_local_rwnd_in();
+  if (this->get_local_rwnd() < min_session_window) {
+    Http2WindowSize diff_size = configured_session_window - this->get_local_rwnd();
     if (diff_size > 0) {
-      this->increment_local_rwnd_in(diff_size);
-      this->_local_rwnd_is_shrinking_in = false;
+      this->increment_local_rwnd(diff_size);
+      this->_local_rwnd_is_shrinking = false;
       this->send_window_update_frame(HTTP2_CONNECTION_CONTROL_STREAM, diff_size);
     }
   }
@@ -1486,12 +1759,8 @@ Http2ConnectionState::restart_receiving(Http2Stream *stream)
     return;
   }
 
-  // If read_vio is buffering data, do not fully update window
   uint32_t const initial_stream_window = this->acknowledged_local_settings.get(HTTP2_SETTINGS_INITIAL_WINDOW_SIZE);
   int64_t data_size                    = stream->read_vio_read_avail();
-  if (data_size >= initial_stream_window) {
-    return;
-  }
 
   Http2WindowSize diff_size = 0;
   if (stream->get_local_rwnd() < 0) {
@@ -1501,7 +1770,7 @@ Http2ConnectionState::restart_receiving(Http2Stream *stream)
     // target initial_stream_window size.
     diff_size = initial_stream_window - stream->get_local_rwnd();
   } else {
-    diff_size = initial_stream_window - std::max(static_cast(stream->get_local_rwnd()), data_size);
+    diff_size = initial_stream_window - std::min(static_cast(stream->get_local_rwnd()), data_size);
   }
 
   // Dynamic stream window sizes may result in negative values. In this case,
@@ -1555,7 +1824,9 @@ Http2ConnectionState::delete_stream(Http2Stream *stream)
   REMEMBER(NO_EVENT, this->recursion);
 
   if (Http2::stream_priority_enabled) {
-    Http2DependencyTree::Node *node = stream->priority_node;
+    Http2DependencyTree::Node *node       = stream->priority_node;
+    Http2DependencyTree::Node *node_by_id = this->dependency_tree->find(stream->get_id());
+    ink_assert(node == node_by_id);
     if (node != nullptr) {
       if (node->active) {
         dependency_tree->deactivate(node, 0);
@@ -1577,13 +1848,16 @@ Http2ConnectionState::delete_stream(Http2Stream *stream)
 
   stream_list.remove(stream);
   if (http2_is_client_streamid(stream->get_id())) {
-    ink_assert(peer_streams_count_in > 0);
+    ink_release_assert(peer_streams_count_in > 0);
     --peer_streams_count_in;
+    if (!fini_received && is_peer_concurrent_stream_lb()) {
+      session->add_session();
+    }
   } else {
     ink_assert(peer_streams_count_out > 0);
     --peer_streams_count_out;
   }
-  // total_client_streams_count will be decremented in release_stream(), because it's a counter include streams in the process of
+  // total_peer_streams_count will be decremented in release_stream(), because it's a counter include streams in the process of
   // shutting down.
 
   stream->initiating_close();
@@ -1616,6 +1890,7 @@ Http2ConnectionState::release_stream()
         // If the number of clients is 0, HTTP2_SESSION_EVENT_FINI is not received or sent, and session is active,
         // then mark the connection as inactive
         session->do_clear_session_active();
+        session->set_no_activity_timeout();
         UnixNetVConnection *vc = static_cast(session->get_netvc());
         if (vc && vc->active_timeout_in == 0) {
           // With heavy traffic, session could be destroyed. Do not touch session after this.
@@ -1631,7 +1906,7 @@ Http2ConnectionState::release_stream()
 }
 
 void
-Http2ConnectionState::update_initial_peer_rwnd_in(Http2WindowSize new_size)
+Http2ConnectionState::update_initial_peer_rwnd(Http2WindowSize new_size)
 {
   // Update stream level window sizes
   for (Http2Stream *s = stream_list.head; s; s = static_cast(s->link.next)) {
@@ -1652,7 +1927,7 @@ Http2ConnectionState::update_initial_peer_rwnd_in(Http2WindowSize new_size)
 }
 
 void
-Http2ConnectionState::update_initial_local_rwnd_in(Http2WindowSize new_size)
+Http2ConnectionState::update_initial_local_rwnd(Http2WindowSize new_size)
 {
   // Update stream level window sizes
   for (Http2Stream *s = stream_list.head; s; s = static_cast(s->link.next)) {
@@ -1697,16 +1972,18 @@ Http2ConnectionState::send_data_frames_depends_on_priority()
   Http2DependencyTree::Node *node = dependency_tree->top();
 
   // No node to send or no connection level window left
-  if (node == nullptr || _peer_rwnd_in <= 0) {
+  if (node == nullptr || _peer_rwnd <= 0) {
     return;
   }
 
   Http2Stream *stream = static_cast(node->t);
   ink_release_assert(stream != nullptr);
+  ink_release_assert(stream->priority_node == node);
   Http2StreamDebug(session, stream->get_id(), "top node, point=%d", node->point);
 
   size_t len                      = 0;
   Http2SendDataFrameResult result = send_a_data_frame(stream, len);
+  ink_release_assert(stream->priority_node != nullptr);
 
   switch (result) {
   case Http2SendDataFrameResult::NO_ERROR: {
@@ -1715,9 +1992,8 @@ Http2ConnectionState::send_data_frames_depends_on_priority()
       dependency_tree->deactivate(node, len);
     } else {
       dependency_tree->update(node, len);
-
       SCOPED_MUTEX_LOCK(stream_lock, stream->mutex, this_ethread());
-      stream->signal_write_event(Http2Stream::CALL_UPDATE);
+      stream->signal_write_event(stream->is_write_vio_done() ? VC_EVENT_WRITE_COMPLETE : VC_EVENT_WRITE_READY);
     }
     break;
   }
@@ -1739,7 +2015,7 @@ Http2ConnectionState::send_data_frames_depends_on_priority()
 Http2SendDataFrameResult
 Http2ConnectionState::send_a_data_frame(Http2Stream *stream, size_t &payload_length)
 {
-  const ssize_t window_size         = std::min(this->get_peer_rwnd_in(), stream->get_peer_rwnd());
+  const ssize_t window_size         = std::min(this->get_peer_rwnd(), stream->get_peer_rwnd());
   const size_t buf_len              = BUFFER_SIZE_FOR_INDEX(buffer_size_index[HTTP2_FRAME_TYPE_DATA]);
   const size_t write_available_size = std::min(buf_len, static_cast(window_size));
   payload_length                    = 0;
@@ -1758,7 +2034,17 @@ Http2ConnectionState::send_a_data_frame(Http2Stream *stream, size_t &payload_len
   if (resp_reader->is_read_avail_more_than(0)) {
     // We only need to check for window size when there is a payload
     if (window_size <= 0) {
-      Http2StreamDebug(this->session, stream->get_id(), "No window");
+      if (session->is_outbound()) {
+        ip_port_text_buffer ipb;
+        const char *server_ip = ats_ip_ntop(session->get_proxy_session()->get_remote_addr(), ipb, sizeof(ipb));
+        // Warn the user to give them visibility that their server-side
+        // connection is being limited by their server's flow control. Maybe
+        // they can make adjustments.
+        Warning("No window server_ip=%s session_wnd=%zd stream_wnd=%zd peer_initial_window=%u", server_ip, get_peer_rwnd(),
+                stream->get_peer_rwnd(), this->peer_settings.get(HTTP2_SETTINGS_INITIAL_WINDOW_SIZE));
+      }
+      Http2StreamDebug(this->session, stream->get_id(), "No window session_wnd=%zd stream_wnd=%zd peer_initial_window=%u",
+                       get_peer_rwnd(), stream->get_peer_rwnd(), this->peer_settings.get(HTTP2_SETTINGS_INITIAL_WINDOW_SIZE));
       this->session->flush();
       return Http2SendDataFrameResult::NO_WINDOW;
     }
@@ -1772,8 +2058,11 @@ Http2ConnectionState::send_a_data_frame(Http2Stream *stream, size_t &payload_len
     payload_length = 0;
   }
 
+  // For HTTP/2 sessions, is_write_high_water() returning true correlates to
+  // our write buffer exceeding HTTP2_SETTINGS_MAX_FRAME_SIZE. Thus we will
+  // hold off on processing the payload until the write buffer is drained.
   if (payload_length > 0 && this->session->is_write_high_water()) {
-    Http2StreamDebug(this->session, stream->get_id(), "Not write avail");
+    Http2StreamDebug(this->session, stream->get_id(), "Not write avail, payload_length=%zu", payload_length);
     this->session->flush();
     return Http2SendDataFrameResult::NOT_WRITE_AVAIL;
   }
@@ -1790,19 +2079,20 @@ Http2ConnectionState::send_a_data_frame(Http2Stream *stream, size_t &payload_len
   }
 
   if (stream->is_write_vio_done()) {
+    Http2StreamDebug(this->session, stream->get_id(), "End of Data Frame");
     flags |= HTTP2_FLAGS_DATA_END_STREAM;
   }
 
   // Update window size
-  this->decrement_peer_rwnd_in(payload_length);
+  this->decrement_peer_rwnd(payload_length);
   stream->decrement_peer_rwnd(payload_length);
 
   // Create frame
-  Http2StreamDebug(session, stream->get_id(), "Send a DATA frame - client window con: %5zd stream: %5zd payload: %5zd",
-                   _peer_rwnd_in, stream->get_peer_rwnd(), payload_length);
+  Http2StreamDebug(session, stream->get_id(), "Send a DATA frame - peer window con: %5zd stream: %5zd payload: %5zd flags: 0x%x",
+                   _peer_rwnd, stream->get_peer_rwnd(), payload_length, flags);
 
   Http2DataFrame data(stream->get_id(), flags, resp_reader, payload_length);
-  this->session->xmit(data, flags & HTTP2_FLAGS_DATA_END_STREAM);
+  this->session->xmit(data);
 
   if (flags & HTTP2_FLAGS_DATA_END_STREAM) {
     Http2StreamDebug(session, stream->get_id(), "END_STREAM");
@@ -1828,20 +2118,38 @@ Http2ConnectionState::send_data_frames(Http2Stream *stream)
     return;
   }
 
+  if (zombie_event != nullptr) {
+    zombie_event->cancel();
+    zombie_event = nullptr;
+  }
+
   size_t len                      = 0;
   Http2SendDataFrameResult result = Http2SendDataFrameResult::NO_ERROR;
-  while (result == Http2SendDataFrameResult::NO_ERROR) {
-    result = send_a_data_frame(stream, len);
+  bool more_data                  = true;
+  IOBufferReader *resp_reader     = stream->get_data_reader_for_send();
+  while (more_data && result == Http2SendDataFrameResult::NO_ERROR) {
+    result    = send_a_data_frame(stream, len);
+    more_data = resp_reader->is_read_avail_more_than(0);
 
     if (result == Http2SendDataFrameResult::DONE) {
-      // Delete a stream immediately
-      // TODO its should not be deleted for a several time to handling
-      // RST_STREAM and WINDOW_UPDATE.
-      // See 'closed' state written at [RFC 7540] 5.1.
-      Http2StreamDebug(this->session, stream->get_id(), "Shutdown stream");
-      stream->initiating_close();
+      if (!stream->is_outbound_connection()) {
+        // Delete a stream immediately
+        // TODO its should not be deleted for a several time to handling
+        // RST_STREAM and WINDOW_UPDATE.
+        // See 'closed' state written at [RFC 7540] 5.1.
+        Http2StreamDebug(this->session, stream->get_id(), "Shutdown stream");
+        stream->signal_write_event(VC_EVENT_WRITE_COMPLETE);
+        stream->do_io_close();
+      } else if (stream->is_outbound_connection() && stream->is_write_vio_done()) {
+        stream->signal_write_event(VC_EVENT_WRITE_COMPLETE);
+      } else {
+        ink_release_assert(!"What case is this?");
+      }
     }
   }
+  if (!more_data && result != Http2SendDataFrameResult::DONE) {
+    stream->signal_write_event(VC_EVENT_WRITE_READY);
+  }
 
   return;
 }
@@ -1855,15 +2163,25 @@ Http2ConnectionState::send_headers_frame(Http2Stream *stream)
 
   Http2StreamDebug(session, stream->get_id(), "Send HEADERS frame");
 
-  HTTPHdr *resp_hdr = &stream->_send_header;
-  http2_convert_header_from_1_1_to_2(resp_hdr);
+  // For outbound streams, set the ID if it has not yet already been set
+  // Need to defer setting the stream ID to avoid another later created stream
+  // sending out first.  This may cause the peer to issue a stream or connection
+  // error (new stream less that the greatest we have seen so far)
+  this->set_stream_id(stream);
+
+  HTTPHdr *send_hdr = stream->get_send_header();
+  if (stream->expect_send_trailer()) {
+    // Which is a no-op conversion
+  } else {
+    http2_convert_header_from_1_1_to_2(send_hdr);
+  }
 
-  uint32_t buf_len = resp_hdr->length_get() * 2; // Make it double just in case
+  uint32_t buf_len = send_hdr->length_get() * 2; // Make it double just in case
   ts::LocalBuffer local_buffer(buf_len);
   uint8_t *buf = local_buffer.data();
 
   stream->mark_milestone(Http2StreamMilestone::START_ENCODE_HEADERS);
-  Http2ErrorCode result = http2_encode_header_blocks(resp_hdr, buf, buf_len, &header_blocks_size, *(this->peer_hpack_handle),
+  Http2ErrorCode result = http2_encode_header_blocks(send_hdr, buf, buf_len, &header_blocks_size, *(this->peer_hpack_handle),
                                                      peer_settings.get(HTTP2_SETTINGS_HEADER_TABLE_SIZE));
   if (result != Http2ErrorCode::HTTP2_ERROR_NO_ERROR) {
     return;
@@ -1872,12 +2190,38 @@ Http2ConnectionState::send_headers_frame(Http2Stream *stream)
   // Send a HEADERS frame
   if (header_blocks_size <= static_cast(BUFFER_SIZE_FOR_INDEX(buffer_size_index[HTTP2_FRAME_TYPE_HEADERS]))) {
     payload_length = header_blocks_size;
-    flags |= HTTP2_FLAGS_HEADERS_END_HEADERS;
-    if ((resp_hdr->presence(MIME_PRESENCE_CONTENT_LENGTH) && resp_hdr->get_content_length() == 0) ||
-        (!resp_hdr->expect_final_response() && stream->is_write_vio_done())) {
-      Http2StreamDebug(session, stream->get_id(), "END_STREAM");
-      flags |= HTTP2_FLAGS_HEADERS_END_STREAM;
-      stream->send_end_stream = true;
+    flags          |= HTTP2_FLAGS_HEADERS_END_HEADERS;
+    if (stream->is_outbound_connection()) { // Will be sending a request_header
+      int method = send_hdr->method_get_wksidx();
+
+      // Set END_STREAM on request headers for POST, etc. methods combined with
+      // an explicit length 0. Some origins RST on request headers with
+      // explicit zero length and no end stream flag, causing the request to
+      // fail. We emulate chromium behaviour here prevent such RSTs.
+      bool content_method       = method == HTTP_WKSIDX_POST || method == HTTP_WKSIDX_PUSH || method == HTTP_WKSIDX_PUT;
+      bool is_transfer_encoded  = send_hdr->presence(MIME_PRESENCE_TRANSFER_ENCODING);
+      bool has_content_header   = send_hdr->presence(MIME_PRESENCE_CONTENT_LENGTH);
+      bool explicit_zero_length = has_content_header && send_hdr->get_content_length() == 0;
+
+      bool expect_content_stream =
+        is_transfer_encoded ||                                              // transfer encoded content length is unknown
+        (!content_method && has_content_header && !explicit_zero_length) || // non zero content with GET,etc
+        (content_method && !explicit_zero_length);                          // content-length >0 or empty with POST etc
+
+      // send END_STREAM if we don't expect any content
+      if (!expect_content_stream) {
+        // TODO deal with the chunked encoding case
+        Http2StreamDebug(session, stream->get_id(), "request END_STREAM");
+        flags                   |= HTTP2_FLAGS_HEADERS_END_STREAM;
+        stream->send_end_stream = true;
+      }
+    } else {
+      if ((send_hdr->presence(MIME_PRESENCE_CONTENT_LENGTH) && send_hdr->get_content_length() == 0) ||
+          (!send_hdr->expect_final_response() && stream->is_write_vio_done())) {
+        Http2StreamDebug(session, stream->get_id(), "response END_STREAM");
+        flags                   |= HTTP2_FLAGS_HEADERS_END_STREAM;
+        stream->send_end_stream = true;
+      }
     }
     stream->mark_milestone(Http2StreamMilestone::START_TX_HEADERS_FRAMES);
   } else {
@@ -1895,6 +2239,7 @@ Http2ConnectionState::send_headers_frame(Http2Stream *stream)
     return;
   }
 
+  Http2StreamDebug(session, stream->get_id(), "Send HEADERS frame flags: 0x%x length: %d", flags, payload_length);
   Http2HeadersFrame headers(stream->get_id(), flags, buf, payload_length);
   this->session->xmit(headers);
   uint64_t sent = payload_length;
@@ -1923,6 +2268,8 @@ Http2ConnectionState::send_push_promise_frame(Http2Stream *stream, URL &url, con
   int payload_length          = 0;
   uint8_t flags               = 0x00;
 
+  // It makes no sense to send a PUSH_PROMISE toward the server.
+  ink_release_assert(!this->session->is_outbound());
   if (peer_settings.get(HTTP2_SETTINGS_ENABLE_PUSH) == 0) {
     return false;
   }
@@ -1964,7 +2311,7 @@ Http2ConnectionState::send_push_promise_frame(Http2Stream *stream, URL &url, con
   if (header_blocks_size <=
       BUFFER_SIZE_FOR_INDEX(buffer_size_index[HTTP2_FRAME_TYPE_PUSH_PROMISE]) - sizeof(push_promise.promised_streamid)) {
     payload_length = header_blocks_size;
-    flags |= HTTP2_FLAGS_PUSH_PROMISE_END_HEADERS;
+    flags          |= HTTP2_FLAGS_PUSH_PROMISE_END_HEADERS;
   } else {
     payload_length =
       BUFFER_SIZE_FOR_INDEX(buffer_size_index[HTTP2_FRAME_TYPE_PUSH_PROMISE]) - sizeof(push_promise.promised_streamid);
@@ -2046,6 +2393,7 @@ Http2ConnectionState::send_rst_stream_frame(Http2StreamId id, Http2ErrorCode ec)
     }
   }
 
+  Http2StreamDebug(session, id, "Sending RST_STREAM: Error Code: %u", static_cast(ec));
   Http2RstStreamFrame rst_stream(id, static_cast(ec));
   this->session->xmit(rst_stream);
 }
@@ -2078,8 +2426,8 @@ Http2ConnectionState::send_settings_frame(const Http2ConnectionSettings &new_set
 
   Http2SettingsFrame settings(stream_id, HTTP2_FRAME_NO_FLAG, params, params_size);
 
-  this->_outstanding_settings_frames_in.emplace(new_settings);
-  this->session->xmit(settings);
+  this->_outstanding_settings_frames.emplace(new_settings);
+  this->session->xmit(settings, true);
 }
 
 void
@@ -2087,12 +2435,12 @@ Http2ConnectionState::_process_incoming_settings_ack_frame()
 {
   constexpr Http2StreamId stream_id = HTTP2_CONNECTION_CONTROL_STREAM;
   Http2StreamDebug(session, stream_id, "Processing SETTINGS ACK frame with a queue size of %zu",
-                   this->_outstanding_settings_frames_in.size());
+                   this->_outstanding_settings_frames.size());
 
   // Do not update this->acknowledged_local_settings yet as
-  // update_initial_server_rwnd relies upon it still pointing to the old value.
+  // update_initial_local_rwnd relies upon it still pointing to the old value.
   Http2ConnectionSettings const &old_settings = this->acknowledged_local_settings;
-  Http2ConnectionSettings const &new_settings = this->_outstanding_settings_frames_in.front().get_outstanding_settings();
+  Http2ConnectionSettings const &new_settings = this->_outstanding_settings_frames.front().get_outstanding_settings();
 
   for (int i = HTTP2_SETTINGS_HEADER_TABLE_SIZE; i < HTTP2_SETTINGS_MAX; ++i) {
     Http2SettingsIdentifier id = static_cast(i);
@@ -2108,11 +2456,11 @@ Http2ConnectionState::_process_incoming_settings_ack_frame()
 
     if (id == HTTP2_SETTINGS_INITIAL_WINDOW_SIZE) {
       // Update all the streams for the newly acknowledged window size.
-      this->update_initial_local_rwnd_in(new_value);
+      this->update_initial_local_rwnd(new_value);
     }
   }
   this->acknowledged_local_settings = new_settings;
-  this->_outstanding_settings_frames_in.pop();
+  this->_outstanding_settings_frames.pop();
 }
 
 void
@@ -2213,9 +2561,13 @@ Http2ConnectionState::get_received_priority_frame_count()
 unsigned
 Http2ConnectionState::_adjust_concurrent_stream()
 {
-  if (Http2::max_active_streams_in == 0) {
+  uint32_t const max_concurrent_streams = this->_get_configured_max_concurrent_streams();
+  uint32_t const max_active_streams     = this->_get_configured_max_active_streams();
+  uint32_t const min_concurrent_streams = this->_get_configured_min_concurrent_streams();
+
+  if (max_active_streams == 0) {
     // Throttling down is disabled.
-    return Http2::max_concurrent_streams_in;
+    return max_concurrent_streams;
   }
 
   int64_t current_client_streams = 0;
@@ -2223,43 +2575,43 @@ Http2ConnectionState::_adjust_concurrent_stream()
 
   Http2ConDebug(session, "current client streams: %" PRId64, current_client_streams);
 
-  if (current_client_streams >= Http2::max_active_streams_in) {
+  if (current_client_streams >= max_active_streams) {
     if (!Http2::throttling) {
       Warning("too many streams: %" PRId64 ", reduce SETTINGS_MAX_CONCURRENT_STREAMS to %d", current_client_streams,
-              Http2::min_concurrent_streams_in);
+              min_concurrent_streams);
       Http2::throttling = true;
     }
 
-    return Http2::min_concurrent_streams_in;
+    return min_concurrent_streams;
   } else {
     if (Http2::throttling) {
-      Note("revert SETTINGS_MAX_CONCURRENT_STREAMS to %d", Http2::max_concurrent_streams_in);
+      Note("revert SETTINGS_MAX_CONCURRENT_STREAMS to %d", max_concurrent_streams);
       Http2::throttling = false;
     }
   }
 
-  return Http2::max_concurrent_streams_in;
+  return max_concurrent_streams;
 }
 
 uint32_t
-Http2ConnectionState::_get_configured_receive_session_window_size_in() const
+Http2ConnectionState::_get_configured_receive_session_window_size() const
 {
-  switch (Http2::flow_control_policy_in) {
+  switch (this->_get_configured_flow_control_policy()) {
   case Http2FlowControlPolicy::STATIC_SESSION_AND_STATIC_STREAM:
-    return Http2::initial_window_size_in;
+    return this->_get_configured_initial_window_size();
   case Http2FlowControlPolicy::LARGE_SESSION_AND_STATIC_STREAM:
   case Http2FlowControlPolicy::LARGE_SESSION_AND_DYNAMIC_STREAM:
-    return Http2::initial_window_size_in * Http2::max_concurrent_streams_in;
+    return this->_get_configured_initial_window_size() * this->_get_configured_max_concurrent_streams();
   }
 
   // This is unreachable, but adding a return here quiets a compiler warning.
-  return Http2::initial_window_size_in;
+  return this->_get_configured_initial_window_size();
 }
 
 bool
 Http2ConnectionState::_has_dynamic_stream_window() const
 {
-  switch (Http2::flow_control_policy_in) {
+  switch (this->_get_configured_flow_control_policy()) {
   case Http2FlowControlPolicy::STATIC_SESSION_AND_STATIC_STREAM:
   case Http2FlowControlPolicy::LARGE_SESSION_AND_STATIC_STREAM:
     return false;
@@ -2272,51 +2624,52 @@ Http2ConnectionState::_has_dynamic_stream_window() const
 }
 
 ssize_t
-Http2ConnectionState::get_peer_rwnd_in() const
+Http2ConnectionState::get_peer_rwnd() const
 {
-  return this->_peer_rwnd_in;
+  return this->_peer_rwnd;
 }
 
 Http2ErrorCode
-Http2ConnectionState::increment_peer_rwnd_in(size_t amount)
+Http2ConnectionState::increment_peer_rwnd(size_t amount)
 {
-  this->_peer_rwnd_in += amount;
+  this->_peer_rwnd += amount;
 
   this->_recent_rwnd_increment[this->_recent_rwnd_increment_index] = amount;
   ++this->_recent_rwnd_increment_index;
   this->_recent_rwnd_increment_index %= this->_recent_rwnd_increment.size();
-  double sum = std::accumulate(this->_recent_rwnd_increment.begin(), this->_recent_rwnd_increment.end(), 0.0);
-  double avg = sum / this->_recent_rwnd_increment.size();
-  if (avg < Http2::min_avg_window_update) {
-    HTTP2_INCREMENT_THREAD_DYN_STAT(HTTP2_STAT_INSUFFICIENT_AVG_WINDOW_UPDATE, this_ethread());
-    return Http2ErrorCode::HTTP2_ERROR_ENHANCE_YOUR_CALM;
-  }
+  // SKH Causing problems with gRPC processing.  Python example resulted in amount 8
+  // double sum = std::accumulate(this->_recent_rwnd_increment.begin(), this->_recent_rwnd_increment.end(), 0.0);
+  // double avg = sum / this->_recent_rwnd_increment.size();
+  // if (avg < Http2::min_avg_window_update) {
+  //  HTTP2_INCREMENT_THREAD_DYN_STAT(HTTP2_STAT_INSUFFICIENT_AVG_WINDOW_UPDATE, this_ethread());
+  //  return Http2ErrorCode::HTTP2_ERROR_ENHANCE_YOUR_CALM;
+  //}
   return Http2ErrorCode::HTTP2_ERROR_NO_ERROR;
 }
 
 Http2ErrorCode
-Http2ConnectionState::decrement_peer_rwnd_in(size_t amount)
+Http2ConnectionState::decrement_peer_rwnd(size_t amount)
 {
-  this->_peer_rwnd_in -= amount;
+  this->_peer_rwnd -= amount;
   return Http2ErrorCode::HTTP2_ERROR_NO_ERROR;
 }
 
 ssize_t
-Http2ConnectionState::get_local_rwnd_in() const
+Http2ConnectionState::get_local_rwnd() const
 {
-  return this->_local_rwnd_in;
+  return this->_local_rwnd;
 }
 
 Http2ErrorCode
-Http2ConnectionState::increment_local_rwnd_in(size_t amount)
+Http2ConnectionState::increment_local_rwnd(size_t amount)
 {
-  this->_local_rwnd_in += amount;
+  this->_local_rwnd += amount;
   return Http2ErrorCode::HTTP2_ERROR_NO_ERROR;
 }
 
 Http2ErrorCode
-Http2ConnectionState::decrement_local_rwnd_in(size_t amount)
+Http2ConnectionState::decrement_local_rwnd(size_t amount)
 {
-  this->_local_rwnd_in -= amount;
+  this->_local_rwnd -= amount;
   return Http2ErrorCode::HTTP2_ERROR_NO_ERROR;
 }
diff --git a/proxy/http2/Http2ConnectionState.h b/proxy/http2/Http2ConnectionState.h
index ee9bc45c705..eae6110bdaf 100644
--- a/proxy/http2/Http2ConnectionState.h
+++ b/proxy/http2/Http2ConnectionState.h
@@ -53,7 +53,7 @@ class Http2ConnectionSettings
 public:
   Http2ConnectionSettings();
 
-  void settings_from_configs();
+  void settings_from_configs(bool is_outbound);
   unsigned get(Http2SettingsIdentifier id) const;
   unsigned set(Http2SettingsIdentifier id, unsigned value);
 
@@ -76,7 +76,7 @@ class Http2ConnectionState : public Continuation
   Http2ConnectionState();
 
   // noncopyable
-  Http2ConnectionState(const Http2ConnectionState &) = delete;
+  Http2ConnectionState(const Http2ConnectionState &)            = delete;
   Http2ConnectionState &operator=(const Http2ConnectionState &) = delete;
 
   ProxyError rx_error_code;
@@ -122,23 +122,28 @@ class Http2ConnectionState : public Continuation
 
   // Stream control interfaces
   Http2Stream *create_stream(Http2StreamId new_id, Http2Error &error);
+  Http2Stream *create_initiating_stream(Http2Error &error);
+  void set_stream_id(Http2Stream *stream);
   Http2Stream *find_stream(Http2StreamId id) const;
   void restart_streams();
+  void start_streams();
   bool delete_stream(Http2Stream *stream);
   void release_stream();
   void cleanup_streams();
   void restart_receiving(Http2Stream *stream);
 
   /** Update all streams for the peer's newly dictated stream window size. */
-  void update_initial_peer_rwnd_in(Http2WindowSize new_size);
+  void update_initial_peer_rwnd(Http2WindowSize new_size);
 
   /** Update all streams for our newly dictated stream window size. */
-  void update_initial_local_rwnd_in(Http2WindowSize new_size);
+  void update_initial_local_rwnd(Http2WindowSize new_size);
 
   Http2StreamId get_latest_stream_id_in() const;
   Http2StreamId get_latest_stream_id_out() const;
   int get_stream_requests() const;
   void increment_stream_requests();
+  bool is_peer_concurrent_stream_ub() const;
+  bool is_peer_concurrent_stream_lb() const;
 
   // Continuated header decoding
   Http2StreamId get_continued_stream_id() const;
@@ -191,12 +196,15 @@ class Http2ConnectionState : public Continuation
   void increment_received_priority_frame_count();
   uint32_t get_received_priority_frame_count();
 
-  ssize_t get_peer_rwnd_in() const;
-  Http2ErrorCode increment_peer_rwnd_in(size_t amount);
-  Http2ErrorCode decrement_peer_rwnd_in(size_t amount);
-  ssize_t get_local_rwnd_in() const;
-  Http2ErrorCode increment_local_rwnd_in(size_t amount);
-  Http2ErrorCode decrement_local_rwnd_in(size_t amount);
+  ssize_t get_peer_rwnd() const;
+  Http2ErrorCode increment_peer_rwnd(size_t amount);
+  Http2ErrorCode decrement_peer_rwnd(size_t amount);
+  ssize_t get_local_rwnd() const;
+  Http2ErrorCode increment_local_rwnd(size_t amount);
+  Http2ErrorCode decrement_local_rwnd(size_t amount);
+
+  bool no_streams() const;
+  bool single_stream() const;
 
 private:
   Http2Error rcv_data_frame(const Http2Frame &);
@@ -233,13 +241,22 @@ class Http2ConnectionState : public Continuation
    */
   void _process_incoming_settings_ack_frame();
 
-  /** Calculate the initial session window size that we communicate to peers.
+  // Getters for stream control configurations that retrieve the inbound or
+  // outbound values per the configured session.
+  uint32_t _get_configured_max_concurrent_streams() const;
+  uint32_t _get_configured_min_concurrent_streams() const;
+  uint32_t _get_configured_max_active_streams() const;
+  uint32_t _get_configured_initial_window_size() const;
+  Http2FlowControlPolicy _get_configured_flow_control_policy() const;
+
+  /** Calculate the initial session window size that we communicate to inbound
+   * peers.
    *
    * @return The initial receive window size.
    */
-  uint32_t _get_configured_receive_session_window_size_in() const;
+  uint32_t _get_configured_receive_session_window_size() const;
 
-  /** Whether our stream window can change over the lifetime of a session.
+  /** Whether the stream window can change over the lifetime of a session.
    *
    * @return @c true if the stream window can change, @c false otherwise.
    */
@@ -271,8 +288,8 @@ class Http2ConnectionState : public Continuation
 
   // Connection level window size
 
-  /** The client-side session level window that we have to respect when we send
-   * data to the peer.
+  /** The session level window that we have to respect when we send data to the
+   * peer.
    *
    * This is the session window configured by the peer via WINDOW_UPDATE
    * frames. Per specification, this defaults to HTTP2_INITIAL_WINDOW_SIZE (see
@@ -281,17 +298,16 @@ class Http2ConnectionState : public Continuation
    * specification. When we receive WINDOW_UPDATE frames, we increment this
    * value.
    */
-  ssize_t _peer_rwnd_in = HTTP2_INITIAL_WINDOW_SIZE;
+  ssize_t _peer_rwnd = HTTP2_INITIAL_WINDOW_SIZE;
 
-  /** The session window we maintain with the client-side peer via
-   * WINDOW_UPDATE frames.
+  /** The session window we maintain with the peer via WINDOW_UPDATE frames.
    *
    * We maintain the window we expect the peer to respect by sending
    * WINDOW_UPDATE frames to the peer. As we receive data, we decrement this
    * value, as we send WINDOW_UPDATE frames, we increment it. If it reaches
    * zero, we generate a connection-level error.
    */
-  ssize_t _local_rwnd_in = 0;
+  ssize_t _local_rwnd = 0;
 
   /** Whether the client-side session window is in a shrinking state before we
    * send the first WINDOW_UPDATE frame.
@@ -303,7 +319,7 @@ class Http2ConnectionState : public Continuation
    * window gets to the desired size, we start maintaining the window via
    * WINDOW_UPDATE frames.
    */
-  bool _local_rwnd_is_shrinking_in = false;
+  bool _local_rwnd_is_shrinking = false;
 
   std::array _recent_rwnd_increment = {SIZE_MAX, SIZE_MAX, SIZE_MAX, SIZE_MAX, SIZE_MAX};
   int _recent_rwnd_increment_index             = 0;
@@ -359,7 +375,7 @@ class Http2ConnectionState : public Continuation
 
   /** The queue of SETTINGS frames that we have sent but have not yet been
    * acknowledged by the peer. */
-  std::queue _outstanding_settings_frames_in;
+  std::queue _outstanding_settings_frames;
 
   // NOTE: Id of stream which MUST receive CONTINUATION frame.
   //   - [RFC 7540] 6.2 HEADERS
diff --git a/proxy/http2/Http2DependencyTree.h b/proxy/http2/Http2DependencyTree.h
index 92a920b8cac..7201447000e 100644
--- a/proxy/http2/Http2DependencyTree.h
+++ b/proxy/http2/Http2DependencyTree.h
@@ -71,7 +71,7 @@ class Node
     }
   }
 
-  Node(const Node &) = delete;
+  Node(const Node &)            = delete;
   Node &operator=(const Node &) = delete;
 
   LINK(Node, link);
diff --git a/proxy/http2/Http2Frame.cc b/proxy/http2/Http2Frame.cc
index a731f09e2a8..4914de4eb9a 100644
--- a/proxy/http2/Http2Frame.cc
+++ b/proxy/http2/Http2Frame.cc
@@ -61,7 +61,7 @@ Http2DataFrame::write_to(MIOBuffer *iobuffer) const
     // Fill current IOBufferBlock as much as possible to reduce SSL_write() calls
     while (written < this->_payload_len) {
       int64_t read_len = std::min(this->_payload_len - written, this->_reader->block_read_avail());
-      written += iobuffer->write(this->_reader->start(), read_len);
+      written          += iobuffer->write(this->_reader->start(), read_len);
       this->_reader->consume(read_len);
     }
     len += written;
diff --git a/proxy/http2/Http2FrequencyCounter.cc b/proxy/http2/Http2FrequencyCounter.cc
index 9fab3e6acc6..42bf930a9de 100644
--- a/proxy/http2/Http2FrequencyCounter.cc
+++ b/proxy/http2/Http2FrequencyCounter.cc
@@ -45,7 +45,7 @@ Http2FrequencyCounter::increment(uint16_t amount)
   }
 
   this->_count[counter_index] += amount;
-  this->_last_update = hrtime_sec;
+  this->_last_update          = hrtime_sec;
 }
 
 uint32_t
diff --git a/proxy/http2/Http2ServerSession.cc b/proxy/http2/Http2ServerSession.cc
new file mode 100644
index 00000000000..42bb4e8e1e9
--- /dev/null
+++ b/proxy/http2/Http2ServerSession.cc
@@ -0,0 +1,418 @@
+/** @file
+
+  Http2ServerSession.
+
+  @section license License
+
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements.  See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership.  The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+ */
+
+#include "Http2ServerSession.h"
+#include "HttpDebugNames.h"
+#include "tscore/ink_base64.h"
+#include "Http2CommonSessionInternal.h"
+#include "HttpSessionManager.h"
+
+ClassAllocator http2ServerSessionAllocator("http2ServerSessionAllocator");
+
+static int
+send_connection_event(Continuation *cont, int event, void *edata)
+{
+  SCOPED_MUTEX_LOCK(lock, cont->mutex, this_ethread());
+  return cont->handleEvent(event, edata);
+}
+
+Http2ServerSession::Http2ServerSession() = default;
+
+void
+Http2ServerSession::destroy()
+{
+  if (!in_destroy) {
+    in_destroy = true;
+    write_vio  = nullptr;
+    this->remove_session();
+    this->release_outbound_connection_tracking();
+    REMEMBER(NO_EVENT, this->recursion)
+    Http2SsnDebug("session destroy");
+    if (_vc) {
+      _vc->do_io_close();
+      _vc = nullptr;
+    }
+    free();
+  }
+}
+
+void
+Http2ServerSession::free()
+{
+  auto mutex_thread = this->mutex->thread_holding;
+  if (Http2CommonSession::common_free(this)) {
+    HTTP2_DECREMENT_THREAD_DYN_STAT(HTTP2_STAT_CURRENT_SERVER_SESSION_COUNT, mutex_thread);
+    THREAD_FREE(this, http2ServerSessionAllocator, mutex_thread);
+  }
+}
+
+void
+Http2ServerSession::start()
+{
+  SCOPED_MUTEX_LOCK(lock, this->mutex, this_ethread());
+
+  SET_HANDLER(&Http2ServerSession::main_event_handler);
+  HTTP2_SET_SESSION_HANDLER(&Http2ServerSession::state_start_frame_read);
+
+  VIO *read_vio = this->do_io_read(this, INT64_MAX, this->read_buffer);
+  write_vio     = this->do_io_write(this, INT64_MAX, this->_write_buffer_reader);
+
+  this->connection_state.init(this);
+
+  // 3.5 HTTP/2 Connection Preface. Upon establishment of a TCP connection and
+  // determination that HTTP/2 will be used by both peers, each endpoint MUST
+  // send a connection preface as a final confirmation ...
+  // This is the preface string sent by the client
+  this->write_buffer->write(HTTP2_CONNECTION_PREFACE, HTTP2_CONNECTION_PREFACE_LEN);
+  write_reenable();
+  this->connection_state.send_connection_preface();
+  Http2SsnDebug("Sent Connection Preface");
+
+  this->handleEvent(VC_EVENT_READ_READY, read_vio);
+}
+
+void
+Http2ServerSession::new_connection(NetVConnection *new_vc, MIOBuffer *iobuf, IOBufferReader *reader)
+{
+  ink_assert(new_vc->mutex->thread_holding == this_ethread());
+  HTTP2_INCREMENT_THREAD_DYN_STAT(HTTP2_STAT_CURRENT_SERVER_SESSION_COUNT, new_vc->mutex->thread_holding);
+  HTTP2_INCREMENT_THREAD_DYN_STAT(HTTP2_STAT_TOTAL_SERVER_CONNECTION_COUNT, new_vc->mutex->thread_holding);
+  this->_milestones.mark(Http2SsnMilestone::OPEN);
+
+  // Unique client session identifier.
+  this->con_id = ProxySession::next_connection_id();
+  this->_vc    = new_vc;
+  _vc->set_inactivity_timeout(HRTIME_SECONDS(Http2::accept_no_activity_timeout));
+  this->schedule_event = nullptr;
+  this->mutex          = new_vc->mutex;
+
+  this->connection_state.mutex = this->mutex;
+
+  // Since we're functioning as a client, we do not need to worry about
+  // TLSEarlyDataSupport.
+
+  Http2SsnDebug("session born, netvc %p", this->_vc);
+
+  this->_vc->set_tcp_congestion_control(CLIENT_SIDE);
+
+  this->read_buffer             = iobuf ? iobuf : new_MIOBuffer(HTTP2_HEADER_BUFFER_SIZE_INDEX);
+  this->read_buffer->water_mark = connection_state.local_settings.get(HTTP2_SETTINGS_MAX_FRAME_SIZE);
+  this->_read_buffer_reader     = reader ? reader : this->read_buffer->alloc_reader();
+
+  // Set write buffer size to max size of TLS record (16KB)
+  // This block size is the buffer size that we pass to SSLWriteBuffer
+  auto buffer_block_size_index = iobuffer_size_to_index(Http2::write_buffer_block_size, MAX_BUFFER_SIZE_INDEX);
+  this->write_buffer           = new_MIOBuffer(buffer_block_size_index);
+  this->_write_buffer_reader   = this->write_buffer->alloc_reader();
+  this->_write_size_threshold  = index_to_buffer_size(buffer_block_size_index) * Http2::write_size_threshold;
+
+  this->_handle_if_ssl(new_vc);
+
+  do_api_callout(TS_HTTP_SSN_START_HOOK);
+
+  this->add_session();
+}
+
+// implement that. After we send a GOAWAY, there
+// are scenarios where we would like to complete the outstanding streams.
+
+void
+Http2ServerSession::do_io_close(int alerrno)
+{
+  REMEMBER(NO_EVENT, this->recursion)
+
+  if (!this->connection_state.is_state_closed()) {
+    Http2SsnDebug("session closed");
+    this->remove_session();
+
+    ink_assert(this->mutex->thread_holding == this_ethread());
+    send_connection_event(&this->connection_state, HTTP2_SESSION_EVENT_FINI, this);
+
+    // Destroy will be called from connection_state.release_stream() once the number of active streams goes to 0
+  }
+}
+
+int
+Http2ServerSession::main_event_handler(int event, void *edata)
+{
+  ink_assert(this->mutex->thread_holding == this_ethread());
+  int retval;
+
+  recursion++;
+
+  Event *e = static_cast(edata);
+  if (e == schedule_event) {
+    schedule_event = nullptr;
+  }
+
+  Http2SsnDebug("main_event_handler=%d edata=%p", event, edata);
+
+  switch (event) {
+  case VC_EVENT_READ_COMPLETE:
+  case VC_EVENT_READ_READY: {
+    bool is_zombie = connection_state.get_zombie_event() != nullptr;
+    retval         = (this->*session_handler)(event, edata);
+    if (is_zombie && connection_state.get_zombie_event() != nullptr) {
+      Warning("Processed read event for zombie session %" PRId64, connection_id());
+    }
+    break;
+  }
+
+  case HTTP2_SESSION_EVENT_REENABLE:
+    // VIO will be reenableed in this handler
+    retval = (this->*session_handler)(VC_EVENT_READ_READY, static_cast(e->cookie));
+    // Clear the event after calling session_handler to not reschedule REENABLE in it
+    this->_reenable_event = nullptr;
+    break;
+
+  case VC_EVENT_ACTIVE_TIMEOUT:
+  case VC_EVENT_INACTIVITY_TIMEOUT:
+  case VC_EVENT_ERROR:
+  case VC_EVENT_EOS:
+    this->set_dying_event(event);
+    this->do_io_close();
+    retval = 0;
+    break;
+
+  case VC_EVENT_WRITE_READY:
+  case VC_EVENT_WRITE_COMPLETE:
+    this->connection_state.restart_streams();
+    if ((Thread::get_hrtime() >= this->_write_buffer_last_flush + HRTIME_MSECONDS(this->_write_time_threshold))) {
+      this->flush();
+    }
+
+    retval = 0;
+    break;
+
+  case HTTP2_SESSION_EVENT_XMIT:
+  default:
+    Http2SsnDebug("unexpected event=%d edata=%p", event, edata);
+    ink_release_assert(0);
+    retval = 0;
+    break;
+  }
+
+  if (!this->is_draining() && this->connection_state.get_shutdown_reason() == Http2ErrorCode::HTTP2_ERROR_MAX) {
+    this->connection_state.set_shutdown_state(HTTP2_SHUTDOWN_NONE);
+  }
+
+  if (this->connection_state.get_shutdown_state() == HTTP2_SHUTDOWN_NONE) {
+    if (this->is_draining()) { // For a case we already checked Connection header and it didn't exist
+      Http2SsnDebug("Preparing for graceful shutdown because of draining state");
+      this->connection_state.set_shutdown_state(HTTP2_SHUTDOWN_NOT_INITIATED);
+    } /*else if (this->connection_state.get_stream_error_rate() >
+               Http2::stream_error_rate_threshold) { // For a case many stream errors happened
+      ip_port_text_buffer ipb;
+      const char *client_ip = ats_ip_ntop(get_remote_addr(), ipb, sizeof(ipb));
+      SiteThrottledWarning("HTTP/2 session error origin_ip=%s session_id=%" PRId64
+              " closing a connection, because its stream error rate (%f) exceeded the threshold (%f)",
+              client_ip, connection_id(), this->connection_state.get_stream_error_rate(), Http2::stream_error_rate_threshold);
+      Http2SsnDebug("Preparing for graceful shutdown because of a high stream error rate");
+      cause_of_death = Http2SessionCod::HIGH_ERROR_RATE;
+      this->connection_state.set_shutdown_state(HTTP2_SHUTDOWN_NOT_INITIATED, Http2ErrorCode::HTTP2_ERROR_ENHANCE_YOUR_CALM);
+    } */
+  }
+
+  if (this->connection_state.get_shutdown_state() == HTTP2_SHUTDOWN_NOT_INITIATED) {
+    send_connection_event(&this->connection_state, HTTP2_SESSION_EVENT_SHUTDOWN_INIT, this);
+  }
+
+  recursion--;
+  if (!connection_state.is_recursing() && this->recursion == 0 && kill_me) {
+    this->free();
+  }
+  return retval;
+}
+
+void
+Http2ServerSession::increment_current_active_connections_stat()
+{
+  HTTP2_INCREMENT_THREAD_DYN_STAT(HTTP2_STAT_CURRENT_ACTIVE_SERVER_CONNECTION_COUNT, this_ethread());
+}
+
+void
+Http2ServerSession::decrement_current_active_connections_stat()
+{
+  HTTP2_DECREMENT_THREAD_DYN_STAT(HTTP2_STAT_CURRENT_ACTIVE_SERVER_CONNECTION_COUNT, this_ethread());
+}
+
+sockaddr const *
+Http2ServerSession::get_remote_addr() const
+{
+  return _vc ? _vc->get_remote_addr() : &cached_client_addr.sa;
+}
+
+sockaddr const *
+Http2ServerSession::get_local_addr()
+{
+  return _vc ? _vc->get_local_addr() : &cached_local_addr.sa;
+}
+
+int
+Http2ServerSession::get_transact_count() const
+{
+  return connection_state.get_stream_requests();
+}
+
+const char *
+Http2ServerSession::get_protocol_string() const
+{
+  return "http/2";
+}
+
+void
+Http2ServerSession::release(ProxyTransaction *trans)
+{
+}
+
+int
+Http2ServerSession::populate_protocol(std::string_view *result, int size) const
+{
+  int retval = 0;
+  if (size > retval) {
+    result[retval++] = IP_PROTO_TAG_HTTP_2_0;
+    if (size > retval) {
+      retval += super::populate_protocol(result + retval, size - retval);
+    }
+  }
+  return retval;
+}
+
+const char *
+Http2ServerSession::protocol_contains(std::string_view prefix) const
+{
+  const char *retval = nullptr;
+
+  if (prefix.size() <= IP_PROTO_TAG_HTTP_2_0.size() && strncmp(IP_PROTO_TAG_HTTP_2_0.data(), prefix.data(), prefix.size()) == 0) {
+    retval = IP_PROTO_TAG_HTTP_2_0.data();
+  } else {
+    retval = super::protocol_contains(prefix);
+  }
+  return retval;
+}
+
+ProxySession *
+Http2ServerSession::get_proxy_session()
+{
+  return this;
+}
+
+ProxyTransaction *
+Http2ServerSession::new_transaction()
+{
+  this->set_session_active();
+
+  // Create a new stream/transaction
+  Http2Error error(Http2ErrorClass::HTTP2_ERROR_CLASS_NONE);
+  Http2Stream *stream = connection_state.create_initiating_stream(error);
+
+  if (!stream || connection_state.is_peer_concurrent_stream_ub()) {
+    if (error.cls != Http2ErrorClass::HTTP2_ERROR_CLASS_NONE) {
+      Error("HTTP/2 stream error code=0x%02x %s", static_cast(error.code), error.msg);
+    }
+
+    remove_session();
+  }
+
+  return stream;
+}
+
+void
+Http2ServerSession::add_session()
+{
+  if (this->in_session_table) {
+    return;
+  }
+  Http2SsnDebug("Add session to pool");
+  EThread *ethread        = this_ethread();
+  ServerSessionPool *pool = ethread->server_session_pool;
+  MUTEX_TRY_LOCK(lock, pool->mutex, ethread);
+  if (lock.is_locked()) {
+    pool->addSession(this);
+    this->in_session_table = true;
+  }
+}
+
+void
+Http2ServerSession::remove_session()
+{
+  if (!this->in_session_table) {
+    return;
+  }
+  Http2SsnDebug("Remove session from pool");
+  EThread *ethread        = this_ethread();
+  ServerSessionPool *pool = ethread->server_session_pool;
+  MUTEX_TRY_LOCK(lock, pool->mutex, ethread);
+  if (lock.is_locked()) {
+    pool->removeSession(this);
+    in_session_table = false;
+  } else {
+    ink_release_assert(!"How did we not get the pool lock?");
+  }
+}
+
+bool
+Http2ServerSession::is_multiplexing() const
+{
+  return true;
+}
+
+bool
+Http2ServerSession::is_outbound() const
+{
+  return true;
+}
+
+void
+Http2ServerSession::set_netvc(NetVConnection *netvc)
+{
+  super::set_netvc(netvc);
+  if (netvc == nullptr) {
+    write_vio = nullptr;
+  }
+}
+
+void
+Http2ServerSession::set_no_activity_timeout()
+{
+  // Only set if not previously set
+  if (this->_vc->get_inactivity_timeout() == 0) {
+    this->set_inactivity_timeout(HRTIME_SECONDS(Http2::no_activity_timeout_out));
+  }
+}
+
+HTTPVersion
+Http2ServerSession::get_version(HTTPHdr &hdr) const
+{
+  return HTTP_2_0;
+}
+
+IOBufferReader *
+Http2ServerSession::get_remote_reader()
+{
+  return _read_buffer_reader;
+}
+
+std::function create_h2_server_session = []() -> PoolableSession * {
+  return http2ServerSessionAllocator.alloc();
+};
diff --git a/proxy/http2/Http2ServerSession.h b/proxy/http2/Http2ServerSession.h
new file mode 100644
index 00000000000..93d8f9fbf2f
--- /dev/null
+++ b/proxy/http2/Http2ServerSession.h
@@ -0,0 +1,94 @@
+/** @file
+
+  Http2ServerSession.
+
+  @section license License
+
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements.  See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership.  The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+ */
+
+#pragma once
+
+#include "Plugin.h"
+#include "Http2CommonSession.h"
+#include 
+#include "tscore/ink_inet.h"
+#include "tscore/History.h"
+#include "Milestones.h"
+#include "PoolableSession.h"
+
+class Http2ServerSession : public PoolableSession, public Http2CommonSession
+{
+public:
+  using super          = PoolableSession; ///< Parent type.
+  using SessionHandler = int (Http2ServerSession::*)(int, void *);
+
+  Http2ServerSession();
+
+  /////////////////////
+  // Methods
+
+  // Implement VConnection interface
+  void do_io_close(int lerrno = -1) override;
+
+  // Implement ProxySession interface
+  void new_connection(NetVConnection *new_vc, MIOBuffer *iobuf, IOBufferReader *reader) override;
+  void start() override;
+  void destroy() override;
+  void release(ProxyTransaction *trans) override;
+  void free() override;
+  ProxyTransaction *new_transaction() override;
+
+  void add_session() override;
+  void remove_session();
+
+  ////////////////////
+  // Accessors
+  sockaddr const *get_remote_addr() const override;
+  sockaddr const *get_local_addr() override;
+  int get_transact_count() const override;
+  const char *get_protocol_string() const override;
+  int populate_protocol(std::string_view *result, int size) const override;
+  const char *protocol_contains(std::string_view prefix) const override;
+  HTTPVersion get_version(HTTPHdr &hdr) const override;
+  void increment_current_active_connections_stat() override;
+  void decrement_current_active_connections_stat() override;
+  IOBufferReader *get_remote_reader() override;
+
+  ProxySession *get_proxy_session() override;
+
+  // noncopyable
+  Http2ServerSession(Http2ServerSession &)                  = delete;
+  Http2ServerSession &operator=(const Http2ServerSession &) = delete;
+
+  bool is_multiplexing() const override;
+  bool is_outbound() const override;
+
+  void set_netvc(NetVConnection *netvc) override;
+
+  void set_no_activity_timeout() override;
+
+private:
+  int main_event_handler(int, void *);
+
+  IpEndpoint cached_client_addr;
+  IpEndpoint cached_local_addr;
+
+  bool in_session_table = false;
+};
+
+extern ClassAllocator http2ServerSessionAllocator;
diff --git a/proxy/http2/Http2SessionAccept.h b/proxy/http2/Http2SessionAccept.h
index e01cd2333f6..341089c15ab 100644
--- a/proxy/http2/Http2SessionAccept.h
+++ b/proxy/http2/Http2SessionAccept.h
@@ -46,7 +46,7 @@ struct Http2SessionAccept : public SessionAccept {
   int mainEvent(int event, void *netvc) override;
 
   // noncopyable
-  Http2SessionAccept(const Http2SessionAccept &) = delete;
+  Http2SessionAccept(const Http2SessionAccept &)            = delete;
   Http2SessionAccept &operator=(const Http2SessionAccept &) = delete;
 
 private:
diff --git a/proxy/http2/Http2Stream.cc b/proxy/http2/Http2Stream.cc
index 28a18e30b3c..23fbe3bd635 100644
--- a/proxy/http2/Http2Stream.cc
+++ b/proxy/http2/Http2Stream.cc
@@ -25,8 +25,10 @@
 
 #include "HTTP2.h"
 #include "Http2ClientSession.h"
+#include "Http2ServerSession.h"
 #include "HttpDebugNames.h"
 #include "HttpSM.h"
+#include "tscore/HTTPVersion.h"
 
 #include 
 
@@ -40,21 +42,34 @@
 
 ClassAllocator http2StreamAllocator("http2StreamAllocator");
 
-Http2Stream::Http2Stream(ProxySession *session, Http2StreamId sid, ssize_t initial_peer_rwnd, ssize_t initial_local_rwnd)
-  : super(session), _id(sid), _peer_rwnd(initial_peer_rwnd), _local_rwnd(initial_local_rwnd)
+Http2Stream::Http2Stream(ProxySession *session, Http2StreamId sid, ssize_t initial_peer_rwnd, ssize_t initial_local_rwnd,
+                         bool registered_stream)
+  : super(session), _id(sid), _registered_stream(registered_stream), _peer_rwnd(initial_peer_rwnd), _local_rwnd(initial_local_rwnd)
 {
   SET_HANDLER(&Http2Stream::main_event_handler);
 
   this->mark_milestone(Http2StreamMilestone::OPEN);
 
-  this->_sm                       = nullptr;
-  this->_thread                   = this_ethread();
-  this->upstream_outbound_options = *(session->accept_options);
+  this->_sm     = nullptr;
+  this->_thread = this_ethread();
+  this->_state  = Http2StreamState::HTTP2_STREAM_STATE_IDLE;
+
+  auto const *proxy_session = get_proxy_ssn();
+  ink_assert(proxy_session != nullptr);
+  auto const *h2_session = dynamic_cast(proxy_session);
+  ink_assert(h2_session != nullptr);
+  this->_is_outbound = h2_session->is_outbound();
 
   this->_reader = this->_receive_buffer.alloc_reader();
 
-  _receive_header.create(HTTP_TYPE_REQUEST);
-  _send_header.create(HTTP_TYPE_RESPONSE, HTTP_2_0);
+  if (this->is_outbound_connection()) { // Flip the sense of the expected headers.  Fix naming later
+    _receive_header.create(HTTP_TYPE_RESPONSE);
+    _send_header.create(HTTP_TYPE_REQUEST, HTTP_2_0);
+  } else {
+    this->upstream_outbound_options = *(session->accept_options);
+    _receive_header.create(HTTP_TYPE_REQUEST);
+    _send_header.create(HTTP_TYPE_RESPONSE, HTTP_2_0);
+  }
 
   http_parser_init(&http_parser);
 }
@@ -62,7 +77,16 @@ Http2Stream::Http2Stream(ProxySession *session, Http2StreamId sid, ssize_t initi
 Http2Stream::~Http2Stream()
 {
   REMEMBER(NO_EVENT, this->reentrancy_count);
-  Http2StreamDebug("Destroy stream, sent %" PRIu64 " bytes", this->bytes_sent);
+  Http2StreamDebug("Destroy stream, sent %" PRIu64 " bytes, registered: %s", this->bytes_sent,
+                   (_registered_stream ? "true" : "false"));
+
+  // In the case of a temporary stream used to parse the header to keep the HPACK
+  // up to date, there may not be a mutex.  Nothing was set up, so nothing to
+  // clean up in the destructor
+  if (this->mutex == nullptr) {
+    return;
+  }
+
   SCOPED_MUTEX_LOCK(lock, this->mutex, this_ethread());
   // Clean up after yourself if this was an EOS
   ink_release_assert(this->closed);
@@ -70,23 +94,26 @@ Http2Stream::~Http2Stream()
 
   uint64_t cid = 0;
 
-  // Safe to initiate SSN_CLOSE if this is the last stream
-  if (_proxy_ssn) {
-    cid = _proxy_ssn->connection_id();
+  if (_registered_stream) {
+    // Safe to initiate SSN_CLOSE if this is the last stream
+    if (_proxy_ssn) {
+      cid = _proxy_ssn->connection_id();
 
-    Http2ClientSession *h2_proxy_ssn = static_cast(_proxy_ssn);
-    SCOPED_MUTEX_LOCK(lock, h2_proxy_ssn->mutex, this_ethread());
-    // Make sure the stream is removed from the stream list and priority tree
-    // In many cases, this has been called earlier, so this call is a no-op
-    h2_proxy_ssn->connection_state.delete_stream(this);
+      SCOPED_MUTEX_LOCK(lock, _proxy_ssn->mutex, this_ethread());
+      Http2ConnectionState &connection_state = this->get_connection_state();
 
-    h2_proxy_ssn->connection_state.decrement_peer_stream_count();
+      // Make sure the stream is removed from the stream list and priority tree
+      // In many cases, this has been called earlier, so this call is a no-op
+      connection_state.delete_stream(this);
 
-    // Update session's stream counts, so it accurately goes into keep-alive state
-    h2_proxy_ssn->connection_state.release_stream();
+      connection_state.decrement_peer_stream_count();
 
-    // Do not access `_proxy_ssn` in below. It might be freed by `release_stream`.
-  }
+      // Update session's stream counts, so it accurately goes into keep-alive state
+      connection_state.release_stream();
+
+      // Do not access `_proxy_ssn` in below. It might be freed by `release_stream`.
+    }
+  } // Otherwise, not registered with the connection_state (i.e. a temporary stream used for HPACK header processing)
 
   // Clean up the write VIO in case of inactivity timeout
   this->do_io_write(nullptr, 0, nullptr);
@@ -182,15 +209,17 @@ Http2Stream::main_event_handler(int event, void *edata)
         this->signal_write_event(event);
       }
     } else {
-      update_write_request(true);
+      this->update_write_request(true);
     }
     break;
   case VC_EVENT_READ_COMPLETE:
+    read_vio.nbytes = read_vio.ndone;
+    /* fall through */
   case VC_EVENT_READ_READY:
     _timeout.update_inactivity();
     if (e->cookie == &read_vio) {
       if (read_vio.mutex && read_vio.cont && this->_sm) {
-        signal_read_event(event);
+        this->signal_read_event(event);
       }
     } else {
       this->update_read_request(true);
@@ -199,10 +228,14 @@ Http2Stream::main_event_handler(int event, void *edata)
   case VC_EVENT_EOS:
     if (e->cookie == &read_vio) {
       SCOPED_MUTEX_LOCK(lock, read_vio.mutex, this_ethread());
-      read_vio.cont->handleEvent(VC_EVENT_EOS, &read_vio);
+      if (read_vio.cont) {
+        read_vio.cont->handleEvent(VC_EVENT_EOS, &read_vio);
+      }
     } else if (e->cookie == &write_vio) {
       SCOPED_MUTEX_LOCK(lock, write_vio.mutex, this_ethread());
-      write_vio.cont->handleEvent(VC_EVENT_EOS, &write_vio);
+      if (write_vio.cont) {
+        write_vio.cont->handleEvent(VC_EVENT_EOS, &write_vio);
+      }
     }
     break;
   }
@@ -216,8 +249,9 @@ Http2Stream::main_event_handler(int event, void *edata)
 Http2ErrorCode
 Http2Stream::decode_header_blocks(HpackHandle &hpack_handle, uint32_t maximum_table_size)
 {
-  Http2ErrorCode error = http2_decode_header_blocks(&_receive_header, header_blocks, header_blocks_length, nullptr, hpack_handle,
-                                                    is_trailing_header, maximum_table_size);
+  Http2ErrorCode error =
+    http2_decode_header_blocks(&_receive_header, (const uint8_t *)header_blocks, header_blocks_length, nullptr, hpack_handle,
+                               _trailing_header_is_possible, maximum_table_size, this->is_outbound_connection());
   if (error != Http2ErrorCode::HTTP2_ERROR_NO_ERROR) {
     Http2StreamDebug("Error decoding header blocks: %u", static_cast(error));
   }
@@ -227,16 +261,30 @@ Http2Stream::decode_header_blocks(HpackHandle &hpack_handle, uint32_t maximum_ta
 void
 Http2Stream::send_request(Http2ConnectionState &cstate)
 {
-  ink_release_assert(this->_sm != nullptr);
-  this->_http_sm_id = this->_sm->sm_id;
+  if (closed) {
+    return;
+  }
+  REMEMBER(NO_EVENT, this->reentrancy_count);
 
   // Convert header to HTTP/1.1 format
   if (http2_convert_header_from_2_to_1_1(&_receive_header) == PARSE_RESULT_ERROR) {
-    // There's no way to cause Bad Request directly at this time.
-    // Set an invalid method so it causes an error later.
-    _receive_header.method_set("\xffVOID", 1);
+    Http2StreamDebug("Error converting HTTP/2 headers to HTTP/1.1.");
+    if (_receive_header.type_get() == HTTP_TYPE_REQUEST) {
+      // There's no way to cause Bad Request directly at this time.
+      // Set an invalid method so it causes an error later.
+      _receive_header.method_set("\xffVOID", 1);
+    }
   }
 
+  if (this->expect_send_trailer()) {
+    // Send read complete to terminate previous data tunnel
+    this->read_vio.nbytes = this->read_vio.ndone;
+    this->signal_read_event(VC_EVENT_READ_COMPLETE);
+  }
+
+  ink_release_assert(this->_sm != nullptr);
+  this->_http_sm_id = this->_sm->sm_id;
+
   // Write header to a buffer.  Borrowing logic from HttpSM::write_header_into_buffer.
   // Seems like a function like this ought to be in HTTPHdr directly
   int bufindex;
@@ -250,7 +298,7 @@ Http2Stream::send_request(Http2ConnectionState &cstate)
       this->_receive_buffer.add_block();
       block = this->_receive_buffer.get_current_block();
     }
-    done = _receive_header.print(block->start(), block->write_avail(), &bufindex, &tmp);
+    done       = _receive_header.print(block->end(), block->write_avail(), &bufindex, &tmp);
     dumpoffset += bufindex;
     this->_receive_buffer.fill(bufindex);
     if (!done) {
@@ -267,7 +315,12 @@ Http2Stream::send_request(Http2ConnectionState &cstate)
   if (this->read_vio.nbytes > 0) {
     if (this->receive_end_stream) {
       this->read_vio.nbytes = bufindex;
-      this->signal_read_event(VC_EVENT_READ_COMPLETE);
+      this->read_vio.ndone  = bufindex;
+      if (this->is_outbound_connection()) {
+        this->signal_read_event(VC_EVENT_EOS);
+      } else {
+        this->signal_read_event(VC_EVENT_READ_COMPLETE);
+      }
     } else {
       // End of header but not end of stream, must have some body frames coming
       this->has_body = true;
@@ -300,6 +353,8 @@ Http2Stream::change_state(uint8_t type, uint8_t flags)
       }
     } else if (type == HTTP2_FRAME_TYPE_PUSH_PROMISE) {
       _state = Http2StreamState::HTTP2_STREAM_STATE_RESERVED_LOCAL;
+    } else if (type == HTTP2_FRAME_TYPE_RST_STREAM) {
+      _state = Http2StreamState::HTTP2_STREAM_STATE_CLOSED;
     } else {
       return false;
     }
@@ -310,7 +365,11 @@ Http2Stream::change_state(uint8_t type, uint8_t flags)
       _state = Http2StreamState::HTTP2_STREAM_STATE_CLOSED;
     } else if (type == HTTP2_FRAME_TYPE_HEADERS || type == HTTP2_FRAME_TYPE_DATA) {
       if (receive_end_stream) {
-        _state = Http2StreamState::HTTP2_STREAM_STATE_HALF_CLOSED_REMOTE;
+        if (send_end_stream) {
+          _state = Http2StreamState::HTTP2_STREAM_STATE_CLOSED;
+        } else {
+          _state = Http2StreamState::HTTP2_STREAM_STATE_HALF_CLOSED_REMOTE;
+        }
       } else if (send_end_stream) {
         _state = Http2StreamState::HTTP2_STREAM_STATE_HALF_CLOSED_LOCAL;
       } else {
@@ -343,10 +402,6 @@ Http2Stream::change_state(uint8_t type, uint8_t flags)
   case Http2StreamState::HTTP2_STREAM_STATE_HALF_CLOSED_LOCAL:
     if (type == HTTP2_FRAME_TYPE_RST_STREAM || receive_end_stream) {
       _state = Http2StreamState::HTTP2_STREAM_STATE_CLOSED;
-    } else {
-      // Error, set state closed
-      _state = Http2StreamState::HTTP2_STREAM_STATE_CLOSED;
-      return false;
     }
     break;
 
@@ -359,10 +414,6 @@ Http2Stream::change_state(uint8_t type, uint8_t flags)
     } else if (type == HTTP2_FRAME_TYPE_CONTINUATION) { // w/o END_STREAM flag
       // No state change here. Expect a following DATA frame with END_STREAM flag.
       return true;
-    } else {
-      // Error, set state closed
-      _state = Http2StreamState::HTTP2_STREAM_STATE_CLOSED;
-      return false;
     }
     break;
 
@@ -414,6 +465,7 @@ Http2Stream::do_io_write(Continuation *c, int64_t nbytes, IOBufferReader *abuffe
   write_vio.ndone     = 0;
   write_vio.vc_server = this;
   write_vio.op        = VIO::WRITE;
+  _send_reader        = abuffer;
 
   if (c != nullptr && nbytes > 0 && this->is_state_writeable()) {
     update_write_request(false);
@@ -434,23 +486,22 @@ Http2Stream::do_io_close(int /* flags */)
     REMEMBER(NO_EVENT, this->reentrancy_count);
     Http2StreamDebug("do_io_close");
 
+    if (this->is_state_writeable()) { // Let the other end know we are going away
+      this->get_connection_state().send_rst_stream_frame(_id, Http2ErrorCode::HTTP2_ERROR_NO_ERROR);
+    }
+
     // When we get here, the SM has initiated the shutdown.  Either it received a WRITE_COMPLETE, or it is shutting down.  Any
     // remaining IO operations back to client should be abandoned.  The SM-side buffers backing these operations will be deleted
     // by the time this is called from transaction_done.
     closed = true;
 
-    if (_proxy_ssn && this->is_state_writeable()) {
-      // Make sure any trailing end of stream frames are sent
-      // We will be removed at send_data_frames or closing connection phase
-      Http2ClientSession *h2_proxy_ssn = static_cast(this->_proxy_ssn);
-      SCOPED_MUTEX_LOCK(lock, h2_proxy_ssn->mutex, this_ethread());
-      h2_proxy_ssn->connection_state.send_data_frames(this);
-    }
+    // Adjust state, so we don't process any more data
+    _state = Http2StreamState::HTTP2_STREAM_STATE_CLOSED;
 
     _clear_timers();
     clear_io_events();
 
-    // Wait until transaction_done is called from HttpSM to signal that the TXN_CLOSE hook has been executed
+    // Otherwise, Wait until transaction_done is called from HttpSM to signal that the TXN_CLOSE hook has been executed
   }
 }
 
@@ -466,7 +517,8 @@ Http2Stream::transaction_done()
   if (!closed) {
     do_io_close(); // Make sure we've been closed.  If we didn't close the _proxy_ssn session better still be open
   }
-  ink_release_assert(closed || !static_cast(_proxy_ssn)->connection_state.is_state_closed());
+  Http2ConnectionState &state = this->get_connection_state();
+  ink_release_assert(closed || !state.is_state_closed());
   _sm = nullptr;
 
   if (closed) {
@@ -481,11 +533,11 @@ Http2Stream::transaction_done()
 void
 Http2Stream::terminate_if_possible()
 {
-  if (terminate_stream && reentrancy_count == 0) {
+  // if (terminate_stream && reentrancy_count == 0) {
+  if (reentrancy_count == 0 && closed && terminate_stream) {
     REMEMBER(NO_EVENT, this->reentrancy_count);
 
-    Http2ClientSession *h2_proxy_ssn = static_cast(this->_proxy_ssn);
-    SCOPED_MUTEX_LOCK(lock, h2_proxy_ssn->mutex, this_ethread());
+    SCOPED_MUTEX_LOCK(lock, _proxy_ssn->mutex, this_ethread());
     THREAD_FREE(this, http2StreamAllocator, this_ethread());
   }
 }
@@ -497,7 +549,12 @@ Http2Stream::initiating_close()
   if (!closed) {
     SCOPED_MUTEX_LOCK(lock, this->mutex, this_ethread());
     REMEMBER(NO_EVENT, this->reentrancy_count);
-    Http2StreamDebug("initiating_close");
+    Http2StreamDebug("initiating_close client_window=%" PRId64 " session_window=%" PRId64, _peer_rwnd,
+                     this->get_connection_state().get_peer_rwnd());
+
+    if (this->is_state_writeable()) { // Let the other end know we are going away
+      this->get_connection_state().send_rst_stream_frame(_id, Http2ErrorCode::HTTP2_ERROR_NO_ERROR);
+    }
 
     // Set the state of the connection to closed
     // TODO - these states should be combined
@@ -520,28 +577,34 @@ Http2Stream::initiating_close()
     bool sent_write_complete = false;
     if (_sm) {
       // Push out any last IO events
-      if (write_vio.cont) {
+      // First look for active write or read
+      if (write_vio.cont && write_vio.nbytes > 0 && write_vio.ndone == write_vio.nbytes &&
+          (!is_outbound_connection() || get_state() == Http2StreamState::HTTP2_STREAM_STATE_OPEN)) {
         SCOPED_MUTEX_LOCK(lock, write_vio.mutex, this_ethread());
-        // Are we done?
-        if (write_vio.nbytes > 0 && write_vio.nbytes == write_vio.ndone) {
-          Http2StreamDebug("handle write from destroy (event=%d)", VC_EVENT_WRITE_COMPLETE);
-          write_event = send_tracked_event(write_event, VC_EVENT_WRITE_COMPLETE, &write_vio);
-        } else {
-          write_event = send_tracked_event(write_event, VC_EVENT_EOS, &write_vio);
-          Http2StreamDebug("handle write from destroy (event=%d)", VC_EVENT_EOS);
-        }
+        Http2StreamDebug("Send tracked event VC_EVENT_WRITE_COMPLETE on write_vio. sm_id: %" PRId64, _sm->sm_id);
+        write_event         = send_tracked_event(write_event, VC_EVENT_WRITE_COMPLETE, &write_vio);
         sent_write_complete = true;
       }
-    }
-    // Send EOS to let SM know that we aren't sticking around
-    if (_sm && read_vio.cont) {
-      // Only bother with the EOS if we haven't sent the write complete
+
       if (!sent_write_complete) {
-        SCOPED_MUTEX_LOCK(lock, read_vio.mutex, this_ethread());
-        Http2StreamDebug("send EOS to read cont");
-        read_event = send_tracked_event(read_event, VC_EVENT_EOS, &read_vio);
+        if (write_vio.cont && write_vio.buffer.writer() &&
+            (!is_outbound_connection() || get_state() == Http2StreamState::HTTP2_STREAM_STATE_OPEN ||
+             get_state() == Http2StreamState::HTTP2_STREAM_STATE_HALF_CLOSED_LOCAL)) {
+          SCOPED_MUTEX_LOCK(lock, write_vio.mutex, this_ethread());
+          Http2StreamDebug("Send tracked event VC_EVENT_EOS on write_vio. sm_id: %" PRId64, _sm->sm_id);
+          write_event = send_tracked_event(write_event, VC_EVENT_EOS, &write_vio);
+        } else if (read_vio.cont && read_vio.buffer.writer()) {
+          SCOPED_MUTEX_LOCK(lock, read_vio.mutex, this_ethread());
+          Http2StreamDebug("Send tracked event VC_EVENT_EOS on read_vio. sm_id: %" PRId64, _sm->sm_id);
+          read_event = send_tracked_event(read_event, VC_EVENT_EOS, &read_vio);
+        } else {
+          Http2StreamDebug("send EOS to SM");
+          // Just send EOS to the _sm
+          _sm->handleEvent(VC_EVENT_EOS, nullptr);
+        }
       }
-    } else if (!sent_write_complete) {
+    } else {
+      Http2StreamDebug("No SM to signal");
       // Transaction is already gone or not started. Kill yourself
       terminate_stream = true;
       terminate_if_possible();
@@ -549,6 +612,12 @@ Http2Stream::initiating_close()
   }
 }
 
+bool
+Http2Stream::is_outbound_connection() const
+{
+  return _is_outbound;
+}
+
 /* Replace existing event only if the new event is different than the inprogress event */
 Event *
 Http2Stream::send_tracked_event(Event *event, int send_event, VIO *vio)
@@ -582,7 +651,7 @@ Http2Stream::update_read_request(bool call_update)
   ink_release_assert(this->_thread == this_ethread());
 
   SCOPED_MUTEX_LOCK(lock, read_vio.mutex, this_ethread());
-  if (read_vio.nbytes == 0) {
+  if (read_vio.nbytes == 0 || read_vio.is_disabled()) {
     return;
   }
 
@@ -609,9 +678,23 @@ Http2Stream::update_read_request(bool call_update)
 void
 Http2Stream::restart_sending()
 {
+  // Make sure the stream is in a good state to be sending
+  if (this->is_closed()) {
+    return;
+  }
   if (!this->parsing_header_done) {
+    this->update_write_request(true);
     return;
   }
+  if (this->is_outbound_connection()) {
+    if (this->get_state() != Http2StreamState::HTTP2_STREAM_STATE_OPEN || write_vio.ntodo() == 0) {
+      return;
+    }
+  } else {
+    if (this->get_state() != Http2StreamState::HTTP2_STREAM_STATE_HALF_CLOSED_REMOTE) {
+      return;
+    }
+  }
 
   IOBufferReader *reader = this->get_data_reader_for_send();
   if (reader && !reader->is_read_avail_more_than(0)) {
@@ -629,7 +712,7 @@ void
 Http2Stream::update_write_request(bool call_update)
 {
   if (!this->is_state_writeable() || closed || _proxy_ssn == nullptr || write_vio.mutex == nullptr ||
-      write_vio.get_reader() == nullptr) {
+      write_vio.get_reader() == nullptr || this->_send_reader == nullptr) {
     return;
   }
 
@@ -639,26 +722,40 @@ Http2Stream::update_write_request(bool call_update)
   }
   ink_release_assert(this->_thread == this_ethread());
 
-  Http2ClientSession *h2_proxy_ssn = static_cast(this->_proxy_ssn);
+  Http2StreamDebug("update_write_request parse_done=%d", parsing_header_done);
+
+  Http2ConnectionState &connection_state = this->get_connection_state();
 
   SCOPED_MUTEX_LOCK(lock, write_vio.mutex, this_ethread());
 
   IOBufferReader *vio_reader = write_vio.get_reader();
-  if (write_vio.ntodo() == 0 || !vio_reader->is_read_avail_more_than(0)) {
+  if (write_vio.ntodo() > 0 && (!vio_reader->is_read_avail_more_than(0) ||
+                                // If there is no window left, just give up now too until we receive a WINDOW_UPDATE.
+                                std::min(_peer_rwnd, this->get_connection_state().get_peer_rwnd()) == 0)) {
+    Http2StreamDebug("update_write_request give up without doing anything ntodo=%" PRId64 " is_read_avail=%d client_window=%" PRId64
+                     " session_window=%" PRId64,
+                     write_vio.ntodo(), vio_reader->is_read_avail_more_than(0), _peer_rwnd,
+                     this->get_connection_state().get_peer_rwnd());
     return;
   }
 
   // Process the new data
   if (!this->parsing_header_done) {
-    // Still parsing the response_header
+    // Still parsing the request or response header
     int bytes_used = 0;
-    int state      = this->_send_header.parse_resp(&http_parser, vio_reader, &bytes_used, false);
-    // HTTPHdr::parse_resp() consumed the vio_reader in above (consumed size is `bytes_used`)
+    int state;
+    if (this->is_outbound_connection()) {
+      state = this->_send_header.parse_req(&http_parser, this->_send_reader, &bytes_used, false);
+    } else {
+      state = this->_send_header.parse_resp(&http_parser, this->_send_reader, &bytes_used, false);
+    }
+    // HTTPHdr::parse_resp() consumed the send_reader in above
     write_vio.ndone += bytes_used;
 
     switch (state) {
     case PARSE_RESULT_DONE: {
       this->parsing_header_done = true;
+      Http2StreamDebug("update_write_request parsing done, read %d bytes", bytes_used);
 
       // Schedule session shutdown if response header has "Connection: close"
       MIMEField *field = this->_send_header.field_find(MIME_FIELD_CONNECTION, MIME_LEN_CONNECTION);
@@ -666,31 +763,36 @@ Http2Stream::update_write_request(bool call_update)
         int len;
         const char *value = field->value_get(&len);
         if (memcmp(HTTP_VALUE_CLOSE, value, HTTP_LEN_CLOSE) == 0) {
-          SCOPED_MUTEX_LOCK(lock, h2_proxy_ssn->mutex, this_ethread());
-          if (h2_proxy_ssn->connection_state.get_shutdown_state() == HTTP2_SHUTDOWN_NONE) {
-            h2_proxy_ssn->connection_state.set_shutdown_state(HTTP2_SHUTDOWN_NOT_INITIATED, Http2ErrorCode::HTTP2_ERROR_NO_ERROR);
+          SCOPED_MUTEX_LOCK(lock, _proxy_ssn->mutex, this_ethread());
+          if (connection_state.get_shutdown_state() == HTTP2_SHUTDOWN_NONE) {
+            connection_state.set_shutdown_state(HTTP2_SHUTDOWN_NOT_INITIATED, Http2ErrorCode::HTTP2_ERROR_NO_ERROR);
           }
         }
       }
 
       {
-        SCOPED_MUTEX_LOCK(lock, h2_proxy_ssn->mutex, this_ethread());
+        SCOPED_MUTEX_LOCK(lock, _proxy_ssn->mutex, this_ethread());
         // Send the response header back
-        h2_proxy_ssn->connection_state.send_headers_frame(this);
+        connection_state.send_headers_frame(this);
       }
 
       // Roll back states of response header to read final response
-      if (this->_send_header.expect_final_response()) {
+      if (!this->is_outbound_connection() && this->_send_header.expect_final_response()) {
         this->parsing_header_done = false;
+      }
+      if (this->is_outbound_connection() || this->_send_header.expect_final_response()) {
         _send_header.destroy();
-        _send_header.create(HTTP_TYPE_RESPONSE, HTTP_2_0);
+        _send_header.create(this->is_outbound_connection() ? HTTP_TYPE_REQUEST : HTTP_TYPE_RESPONSE, HTTP_2_0);
         http_parser_clear(&http_parser);
         http_parser_init(&http_parser);
       }
+      bool final_write = this->write_vio.ntodo() == 0;
+      if (final_write) {
+        this->signal_write_event(VC_EVENT_WRITE_COMPLETE, !CALL_UPDATE);
+      }
 
-      this->signal_write_event(call_update);
-
-      if (vio_reader->is_read_avail_more_than(0)) {
+      if (!final_write && this->_send_reader->is_read_avail_more_than(0)) {
+        Http2StreamDebug("update_write_request done parsing, still more to send");
         this->_milestones.mark(Http2StreamMilestone::START_TX_DATA_FRAMES);
         this->send_body(call_update);
       }
@@ -698,8 +800,10 @@ Http2Stream::update_write_request(bool call_update)
     }
     case PARSE_RESULT_CONT:
       // Let it ride for next time
+      Http2StreamDebug("update_write_request still parsing, read %d bytes", bytes_used);
       break;
     default:
+      Http2StreamDebug("update_write_request  state %d, read %d bytes", state, bytes_used);
       break;
     }
   } else {
@@ -713,12 +817,18 @@ Http2Stream::update_write_request(bool call_update)
 void
 Http2Stream::signal_read_event(int event)
 {
-  if (this->read_vio.cont == nullptr || this->read_vio.cont->mutex == nullptr || this->read_vio.op == VIO::NONE) {
+  if (this->read_vio.cont == nullptr || this->read_vio.cont->mutex == nullptr || this->read_vio.op == VIO::NONE ||
+      this->terminate_stream) {
     return;
   }
 
+  reentrancy_count++;
   MUTEX_TRY_LOCK(lock, read_vio.cont->mutex, this_ethread());
   if (lock.is_locked()) {
+    if (read_event) {
+      read_event->cancel();
+      read_event = nullptr;
+    }
     _timeout.update_inactivity();
     this->read_vio.cont->handleEvent(event, &this->read_vio);
   } else {
@@ -727,79 +837,82 @@ Http2Stream::signal_read_event(int event)
     }
     this->_read_vio_event = this_ethread()->schedule_in(this, retry_delay, event, &read_vio);
   }
+  reentrancy_count--;
+  // Clean stream up if the terminate flag is set and we are at the bottom of the handler stack
+  terminate_if_possible();
 }
 
 void
-Http2Stream::signal_write_event(int event)
+Http2Stream::signal_write_event(int event, bool call_update)
 {
   // Don't signal a write event if in fact nothing was written
   if (this->write_vio.cont == nullptr || this->write_vio.cont->mutex == nullptr || this->write_vio.op == VIO::NONE ||
-      this->write_vio.nbytes == 0) {
+      this->terminate_stream) {
     return;
   }
 
-  MUTEX_TRY_LOCK(lock, write_vio.cont->mutex, this_ethread());
-  if (lock.is_locked()) {
-    _timeout.update_inactivity();
-    this->write_vio.cont->handleEvent(event, &this->write_vio);
-  } else {
-    if (this->_write_vio_event) {
-      this->_write_vio_event->cancel();
-    }
-    this->_write_vio_event = this_ethread()->schedule_in(this, retry_delay, event, &write_vio);
-  }
-}
-
-void
-Http2Stream::signal_write_event(bool call_update)
-{
-  if (this->write_vio.cont == nullptr || this->write_vio.op == VIO::NONE) {
-    return;
-  }
-
-  if (this->write_vio.get_writer()->write_avail() == 0) {
-    return;
-  }
-
-  int send_event = this->write_vio.ntodo() == 0 ? VC_EVENT_WRITE_COMPLETE : VC_EVENT_WRITE_READY;
-
+  reentrancy_count++;
   if (call_update) {
-    // Coming from reenable.  Safe to call the handler directly
-    if (write_vio.cont && this->_sm) {
-      write_vio.cont->handleEvent(send_event, &write_vio);
+    MUTEX_TRY_LOCK(lock, write_vio.cont->mutex, this_ethread());
+    if (lock.is_locked()) {
+      if (write_event) {
+        write_event->cancel();
+        write_event = nullptr;
+      }
+      _timeout.update_inactivity();
+      this->write_vio.cont->handleEvent(event, &this->write_vio);
+    } else {
+      if (this->_write_vio_event) {
+        this->_write_vio_event->cancel();
+      }
+      this->_write_vio_event = this_ethread()->schedule_in(this, retry_delay, event, &write_vio);
     }
   } else {
     // Called from do_io_write. Might still be setting up state. Send an event to let the dust settle
-    write_event = send_tracked_event(write_event, send_event, &write_vio);
+    write_event = send_tracked_event(write_event, event, &write_vio);
   }
+  reentrancy_count--;
+  // Clean stream up if the terminate flag is set and we are at the bottom of the handler stack
+  terminate_if_possible();
 }
 
 bool
 Http2Stream::push_promise(URL &url, const MIMEField *accept_encoding)
 {
-  Http2ClientSession *h2_proxy_ssn = static_cast(this->_proxy_ssn);
-  SCOPED_MUTEX_LOCK(lock, h2_proxy_ssn->mutex, this_ethread());
-  return h2_proxy_ssn->connection_state.send_push_promise_frame(this, url, accept_encoding);
+  SCOPED_MUTEX_LOCK(lock, _proxy_ssn->mutex, this_ethread());
+  return this->get_connection_state().send_push_promise_frame(this, url, accept_encoding);
 }
 
 void
 Http2Stream::send_body(bool call_update)
 {
-  Http2ClientSession *h2_proxy_ssn = static_cast(this->_proxy_ssn);
+  Http2ConnectionState &connection_state = this->get_connection_state();
   _timeout.update_inactivity();
 
+  reentrancy_count++;
+
+  SCOPED_MUTEX_LOCK(lock, _proxy_ssn->mutex, this_ethread());
   if (Http2::stream_priority_enabled) {
-    SCOPED_MUTEX_LOCK(lock, h2_proxy_ssn->mutex, this_ethread());
-    h2_proxy_ssn->connection_state.schedule_stream(this);
+    connection_state.schedule_stream(this);
     // signal_write_event() will be called from `Http2ConnectionState::send_data_frames_depends_on_priority()`
     // when write_vio is consumed
   } else {
-    SCOPED_MUTEX_LOCK(lock, h2_proxy_ssn->mutex, this_ethread());
-    h2_proxy_ssn->connection_state.send_data_frames(this);
-    this->signal_write_event(call_update);
+    connection_state.send_data_frames(this);
     // XXX The call to signal_write_event can destroy/free the Http2Stream.
     // Don't modify the Http2Stream after calling this method.
   }
+
+  reentrancy_count--;
+  terminate_if_possible();
+}
+
+void
+Http2Stream::reenable_write()
+{
+  if (this->_proxy_ssn) {
+    SCOPED_MUTEX_LOCK(lock, this->mutex, this_ethread());
+    update_write_request(true);
+  }
 }
 
 void
@@ -810,14 +923,9 @@ Http2Stream::reenable(VIO *vio)
       SCOPED_MUTEX_LOCK(lock, this->mutex, this_ethread());
       update_write_request(true);
     } else if (vio->op == VIO::READ) {
-      Http2ClientSession *h2_proxy_ssn = static_cast(this->_proxy_ssn);
-      {
-        SCOPED_MUTEX_LOCK(ssn_lock, h2_proxy_ssn->mutex, this_ethread());
-        h2_proxy_ssn->connection_state.restart_receiving(this);
-      }
-
-      SCOPED_MUTEX_LOCK(lock, this->mutex, this_ethread());
-      update_read_request(true);
+      SCOPED_MUTEX_LOCK(ssn_lock, _proxy_ssn->mutex, this_ethread());
+      Http2ConnectionState &connection_state = this->get_connection_state();
+      connection_state.restart_receiving(this);
     }
   }
 }
@@ -825,7 +933,7 @@ Http2Stream::reenable(VIO *vio)
 IOBufferReader *
 Http2Stream::get_data_reader_for_send() const
 {
-  return write_vio.get_reader();
+  return this->_send_reader;
 }
 
 void
@@ -903,14 +1011,23 @@ Http2Stream::release()
 void
 Http2Stream::increment_transactions_stat()
 {
-  HTTP2_INCREMENT_THREAD_DYN_STAT(HTTP2_STAT_CURRENT_CLIENT_STREAM_COUNT, _thread);
-  HTTP2_INCREMENT_THREAD_DYN_STAT(HTTP2_STAT_TOTAL_CLIENT_STREAM_COUNT, _thread);
+  if (this->is_outbound_connection()) {
+    HTTP2_INCREMENT_THREAD_DYN_STAT(HTTP2_STAT_CURRENT_SERVER_STREAM_COUNT, _thread);
+    HTTP2_INCREMENT_THREAD_DYN_STAT(HTTP2_STAT_TOTAL_SERVER_STREAM_COUNT, _thread);
+  } else {
+    HTTP2_INCREMENT_THREAD_DYN_STAT(HTTP2_STAT_CURRENT_CLIENT_STREAM_COUNT, _thread);
+    HTTP2_INCREMENT_THREAD_DYN_STAT(HTTP2_STAT_TOTAL_CLIENT_STREAM_COUNT, _thread);
+  }
 }
 
 void
 Http2Stream::decrement_transactions_stat()
 {
-  HTTP2_DECREMENT_THREAD_DYN_STAT(HTTP2_STAT_CURRENT_CLIENT_STREAM_COUNT, _thread);
+  if (this->is_outbound_connection()) {
+    HTTP2_DECREMENT_THREAD_DYN_STAT(HTTP2_STAT_CURRENT_SERVER_STREAM_COUNT, _thread);
+  } else {
+    HTTP2_DECREMENT_THREAD_DYN_STAT(HTTP2_STAT_CURRENT_CLIENT_STREAM_COUNT, _thread);
+  }
 }
 
 ssize_t
@@ -1016,3 +1133,68 @@ Http2Stream::has_request_body(int64_t content_length, bool is_chunked_set) const
 {
   return has_body;
 }
+
+Http2ConnectionState &
+Http2Stream::get_connection_state()
+{
+  if (this->is_outbound_connection()) {
+    Http2ServerSession *session = static_cast(_proxy_ssn);
+    return session->connection_state;
+  } else {
+    Http2ClientSession *session = static_cast(_proxy_ssn);
+    return session->connection_state;
+  }
+}
+
+bool
+Http2Stream::is_read_closed() const
+{
+  return this->receive_end_stream;
+}
+
+bool
+Http2Stream::expect_send_trailer() const
+{
+  return this->_expect_send_trailer;
+}
+
+void
+Http2Stream::set_expect_send_trailer()
+{
+  _expect_send_trailer = true;
+  parsing_header_done  = false;
+  reset_send_headers();
+}
+bool
+Http2Stream::expect_receive_trailer() const
+{
+  return this->_expect_receive_trailer;
+}
+
+void
+Http2Stream::set_expect_receive_trailer()
+{
+  _expect_receive_trailer = true;
+}
+
+void
+Http2Stream::set_rx_error_code(ProxyError e)
+{
+  if (!this->is_outbound_connection() && this->_sm) {
+    this->_sm->t_state.client_info.rx_error_code = e;
+  }
+}
+
+void
+Http2Stream::set_tx_error_code(ProxyError e)
+{
+  if (!this->is_outbound_connection() && this->_sm) {
+    this->_sm->t_state.client_info.tx_error_code = e;
+  }
+}
+
+HTTPVersion
+Http2Stream::get_version(HTTPHdr &hdr) const
+{
+  return HTTP_2_0;
+}
diff --git a/proxy/http2/Http2Stream.h b/proxy/http2/Http2Stream.h
index 01c5b88c212..87a0d95059e 100644
--- a/proxy/http2/Http2Stream.h
+++ b/proxy/http2/Http2Stream.h
@@ -35,7 +35,7 @@
 class Http2Stream;
 class Http2ConnectionState;
 
-typedef Http2DependencyTree::Tree DependencyTree;
+using DependencyTree = Http2DependencyTree::Tree;
 
 enum class Http2StreamMilestone {
   OPEN = 0,
@@ -48,6 +48,8 @@ enum class Http2StreamMilestone {
   LAST_ENTRY,
 };
 
+constexpr bool STREAM_IS_REGISTERED = true;
+
 class Http2Stream : public ProxyTransaction
 {
 public:
@@ -55,31 +57,41 @@ class Http2Stream : public ProxyTransaction
   using super           = ProxyTransaction; ///< Parent type.
 
   Http2Stream() {} // Just to satisfy ClassAllocator
-  Http2Stream(ProxySession *session, Http2StreamId sid, ssize_t initial_peer_rwnd, ssize_t initial_local_rwnd);
-  ~Http2Stream();
+  Http2Stream(ProxySession *session, Http2StreamId sid, ssize_t initial_peer_rwnd, ssize_t initial_local_rwnd,
+              bool registered_stream);
+  ~Http2Stream() override;
 
   int main_event_handler(int event, void *edata);
 
   void release() override;
   void reenable(VIO *vio) override;
+  void reenable_write();
   void transaction_done() override;
 
-  void do_io_shutdown(ShutdownHowTo_t) override {}
+  void
+  do_io_shutdown(ShutdownHowTo_t) override
+  {
+  }
   VIO *do_io_read(Continuation *c, int64_t nbytes, MIOBuffer *buf) override;
   VIO *do_io_write(Continuation *c, int64_t nbytes, IOBufferReader *abuffer, bool owner = false) override;
   void do_io_close(int lerrno = -1) override;
 
+  bool expect_send_trailer() const override;
+  void set_expect_send_trailer() override;
+  bool expect_receive_trailer() const override;
+  void set_expect_receive_trailer() override;
+
   Http2ErrorCode decode_header_blocks(HpackHandle &hpack_handle, uint32_t maximum_table_size);
   void send_request(Http2ConnectionState &cstate);
   void initiating_close();
+  bool is_outbound_connection() const;
   void terminate_if_possible();
   void update_read_request(bool send_update);
   void update_write_request(bool send_update);
 
   void signal_read_event(int event);
-  void signal_write_event(int event);
   static constexpr auto CALL_UPDATE = true;
-  void signal_write_event(bool call_update = CALL_UPDATE);
+  void signal_write_event(int event, bool call_update = CALL_UPDATE);
 
   void restart_sending();
   bool push_promise(URL &url, const MIMEField *accept_encoding);
@@ -113,17 +125,31 @@ class Http2Stream : public ProxyTransaction
   bool is_first_transaction() const override;
   void increment_transactions_stat() override;
   void decrement_transactions_stat() override;
+  void set_transaction_id(int new_id);
   int get_transaction_id() const override;
   int get_transaction_priority_weight() const override;
   int get_transaction_priority_dependence() const override;
+  bool is_read_closed() const override;
+
+  HTTPHdr *
+  get_send_header()
+  {
+    return &_send_header;
+  }
+
+  void read_update(int count);
+  void read_done();
 
   void clear_io_events();
 
   bool is_state_writeable() const;
   bool is_closed() const;
   IOBufferReader *get_data_reader_for_send() const;
+  void set_rx_error_code(ProxyError e) override;
+  void set_tx_error_code(ProxyError e) override;
 
   bool has_request_body(int64_t content_length, bool is_chunked_set) const override;
+  HTTPVersion get_version(HTTPHdr &hdr) const override;
 
   void mark_milestone(Http2StreamMilestone type);
 
@@ -136,15 +162,20 @@ class Http2Stream : public ProxyTransaction
   bool change_state(uint8_t type, uint8_t flags);
   void set_peer_rwnd(Http2WindowSize new_size);
   void set_local_rwnd(Http2WindowSize new_size);
-  bool has_trailing_header() const;
+  bool trailing_header_is_possible() const;
+  void set_trailing_header_is_possible();
   void set_receive_headers(HTTPHdr &h2_headers);
+  void reset_receive_headers();
+  void reset_send_headers();
   MIOBuffer *read_vio_writer() const;
   int64_t read_vio_read_avail();
+  bool read_enabled() const;
 
   //////////////////
   // Variables
   uint8_t *header_blocks        = nullptr;
-  uint32_t header_blocks_length = 0; // total length of header blocks (not include Padding or other fields)
+  uint32_t header_blocks_length = 0; // total length of header blocks (not include
+                                     // Padding or other fields)
 
   bool receive_end_stream = false;
   bool send_end_stream    = false;
@@ -153,10 +184,12 @@ class Http2Stream : public ProxyTransaction
   bool is_first_transaction_flag = false;
 
   HTTPHdr _send_header;
+  IOBufferReader *_send_reader             = nullptr;
   Http2DependencyTree::Node *priority_node = nullptr;
 
+  Http2ConnectionState &get_connection_state();
+
 private:
-  bool response_is_data_available() const;
   Event *send_tracked_event(Event *event, int send_event, VIO *vio);
   void send_body(bool call_update);
   void _clear_timers();
@@ -177,15 +210,28 @@ class Http2Stream : public ProxyTransaction
 
   HTTPHdr _receive_header;
   MIOBuffer _receive_buffer = CLIENT_CONNECTION_FIRST_READ_BUFFER_SIZE_INDEX;
-  int64_t read_vio_nbytes;
   VIO read_vio;
   VIO write_vio;
 
   History _history;
   Milestones(Http2StreamMilestone::LAST_ENTRY)> _milestones;
 
-  bool is_trailing_header = false;
-  bool has_body           = false;
+  bool _trailing_header_is_possible = false;
+  bool _expect_send_trailer         = false;
+  bool _expect_receive_trailer      = false;
+
+  bool has_body = false;
+
+  /** Whether this is an outbound (toward the origin) connection.
+   *
+   * We store this upon construction as a cached version of the session's
+   * is_outbound() call. In some circumstances we need this value after a
+   * session close in which is_outbound is not accessible.
+   */
+  bool _is_outbound = false;
+
+  /** Whether the stream has been registered with the connection state. */
+  bool _registered_stream = true;
 
   // A brief discussion of similar flags and state variables:  _state, closed, terminate_stream
   //
@@ -246,7 +292,7 @@ Http2Stream::is_write_vio_done() const
 inline void
 Http2Stream::update_sent_count(unsigned num_bytes)
 {
-  bytes_sent += num_bytes;
+  bytes_sent            += num_bytes;
   this->write_vio.ndone += num_bytes;
 }
 
@@ -262,6 +308,12 @@ Http2Stream::get_transaction_id() const
   return _id;
 }
 
+inline void
+Http2Stream::set_transaction_id(int new_id)
+{
+  _id = new_id;
+}
+
 inline Http2StreamState
 Http2Stream::get_state() const
 {
@@ -281,9 +333,15 @@ Http2Stream::set_local_rwnd(Http2WindowSize new_size)
 }
 
 inline bool
-Http2Stream::has_trailing_header() const
+Http2Stream::trailing_header_is_possible() const
 {
-  return is_trailing_header;
+  return _trailing_header_is_possible;
+}
+
+inline void
+Http2Stream::set_trailing_header_is_possible()
+{
+  _trailing_header_is_possible = true;
 }
 
 inline void
@@ -292,6 +350,20 @@ Http2Stream::set_receive_headers(HTTPHdr &h2_headers)
   _receive_header.copy(&h2_headers);
 }
 
+inline void
+Http2Stream::reset_receive_headers()
+{
+  this->_receive_header.destroy();
+  this->_receive_header.create(HTTP_TYPE_RESPONSE);
+}
+
+inline void
+Http2Stream::reset_send_headers()
+{
+  this->_send_header.destroy();
+  this->_send_header.create(HTTP_TYPE_RESPONSE);
+}
+
 // Check entire DATA payload length if content-length: header is exist
 inline void
 Http2Stream::increment_data_length(uint64_t length)
@@ -303,6 +375,10 @@ inline bool
 Http2Stream::payload_length_is_valid() const
 {
   uint32_t content_length = _receive_header.get_content_length();
+  if (content_length != 0 && content_length != data_length) {
+    Warning("Bad payload length content_length=%d data_legnth=%d session_id=%" PRId64, content_length,
+            static_cast(data_length), _proxy_ssn->connection_id());
+  }
   return content_length == 0 || content_length == data_length;
 }
 
@@ -310,7 +386,8 @@ inline bool
 Http2Stream::is_state_writeable() const
 {
   return _state == Http2StreamState::HTTP2_STREAM_STATE_OPEN || _state == Http2StreamState::HTTP2_STREAM_STATE_HALF_CLOSED_REMOTE ||
-         _state == Http2StreamState::HTTP2_STREAM_STATE_RESERVED_LOCAL;
+         _state == Http2StreamState::HTTP2_STREAM_STATE_RESERVED_LOCAL ||
+         (this->is_outbound_connection() && _state == Http2StreamState::HTTP2_STREAM_STATE_IDLE);
 }
 
 inline bool
@@ -331,9 +408,27 @@ Http2Stream::read_vio_writer() const
   return this->read_vio.get_writer();
 }
 
+inline bool
+Http2Stream::read_enabled() const
+{
+  return !this->read_vio.is_disabled();
+}
+
 inline void
 Http2Stream::_clear_timers()
 {
   _timeout.cancel_active_timeout();
   _timeout.cancel_inactive_timeout();
 }
+
+inline void
+Http2Stream::read_update(int count)
+{
+  read_vio.ndone += count;
+}
+
+inline void
+Http2Stream::read_done()
+{
+  read_vio.nbytes = read_vio.ndone;
+}
diff --git a/proxy/http2/Makefile.am b/proxy/http2/Makefile.am
index c0444d01020..ea3783e1a71 100644
--- a/proxy/http2/Makefile.am
+++ b/proxy/http2/Makefile.am
@@ -45,6 +45,8 @@ libhttp2_a_SOURCES = \
 	Http2ClientSession.h \
 	Http2CommonSession.cc \
 	Http2CommonSession.h \
+	Http2ServerSession.cc \
+	Http2ServerSession.h \
 	Http2ConnectionState.cc \
 	Http2ConnectionState.h \
 	Http2DebugNames.cc \
diff --git a/proxy/http2/test_HPACK.cc b/proxy/http2/test_HPACK.cc
index e4a46460ca0..ee099b4e281 100644
--- a/proxy/http2/test_HPACK.cc
+++ b/proxy/http2/test_HPACK.cc
@@ -44,13 +44,14 @@ static char cmd_input_dir[512]  = "";
 static char cmd_output_dir[512] = "";
 
 static const ArgumentDescription argument_descriptions[] = {
-  {"disable_freelist", 'f', "Disable the freelist memory allocator", "T", &cmd_disable_freelist, nullptr, nullptr},
-  {"disable_pfreelist", 'F', "Disable the freelist memory allocator in ProxyAllocator", "T", &cmd_disable_pfreelist,
-   "PROXY_DPRINTF_LEVEL", nullptr},
-  {"input_dir", 'i', "input dir", "S511", &cmd_input_dir, nullptr, nullptr},
-  {"output_dir", 'o', "output dir", "S511", &cmd_output_dir, nullptr, nullptr},
+  {"disable_freelist",  'f', "Disable the freelist memory allocator",                   "T",    &cmd_disable_freelist,  nullptr, nullptr},
+  {"disable_pfreelist", 'F', "Disable the freelist memory allocator in ProxyAllocator", "T",    &cmd_disable_pfreelist,
+   "PROXY_DPRINTF_LEVEL",                                                                                                        nullptr},
+  {"input_dir",         'i', "input dir",                                               "S511", &cmd_input_dir,         nullptr, nullptr},
+  {"output_dir",        'o', "output dir",                                              "S511", &cmd_output_dir,        nullptr, nullptr},
   HELP_ARGUMENT_DESCRIPTION(),
-  VERSION_ARGUMENT_DESCRIPTION()};
+  VERSION_ARGUMENT_DESCRIPTION()
+};
 
 const static uint32_t INITIAL_TABLE_SIZE = 4096;
 
diff --git a/proxy/http2/unit_tests/test_HTTP2.cc b/proxy/http2/unit_tests/test_HTTP2.cc
index 5ec532031e1..cb4dcf2e8a2 100644
--- a/proxy/http2/unit_tests/test_HTTP2.cc
+++ b/proxy/http2/unit_tests/test_HTTP2.cc
@@ -107,8 +107,8 @@ TEST_CASE("Convert HTTPHdr", "[HTTP2]")
 
     // check
     CHECK_THAT(buf, Catch::StartsWith("GET https://trafficserver.apache.org/index.html HTTP/1.1\r\n"
-                                      "Host: trafficserver.apache.org\r\n"
                                       "User-Agent: foobar\r\n"
+                                      "Host: trafficserver.apache.org\r\n"
                                       "\r\n"));
   }
 
diff --git a/proxy/http2/unit_tests/test_HpackIndexingTable.cc b/proxy/http2/unit_tests/test_HpackIndexingTable.cc
index 75ec83a0619..26baba34935 100644
--- a/proxy/http2/unit_tests/test_HpackIndexingTable.cc
+++ b/proxy/http2/unit_tests/test_HpackIndexingTable.cc
@@ -106,88 +106,70 @@ TEST_CASE("HPACK low level APIs", "[hpack]")
       {(char *)"custom-key", (char *)"custom-header", 0, HpackField::INDEXED_LITERAL,
        (uint8_t *)"\x40\x0a"
                   "custom-key\x0d"
-                  "custom-header",
-       26},
+                  "custom-header",                            26},
       {(char *)"custom-key", (char *)"custom-header", 0, HpackField::NOINDEX_LITERAL,
        (uint8_t *)"\x00\x0a"
                   "custom-key\x0d"
-                  "custom-header",
-       26},
+                  "custom-header",                            26},
       {(char *)"custom-key", (char *)"custom-header", 0, HpackField::NEVERINDEX_LITERAL,
        (uint8_t *)"\x10\x0a"
                   "custom-key\x0d"
-                  "custom-header",
-       26},
-      {(char *)":path", (char *)"/sample/path", 4, HpackField::INDEXED_LITERAL,
+                  "custom-header",                            26},
+      {(char *)":path",      (char *)"/sample/path",  4, HpackField::INDEXED_LITERAL,
        (uint8_t *)"\x44\x0c"
-                  "/sample/path",
-       14},
-      {(char *)":path", (char *)"/sample/path", 4, HpackField::NOINDEX_LITERAL,
+                  "/sample/path",                             14},
+      {(char *)":path",      (char *)"/sample/path",  4, HpackField::NOINDEX_LITERAL,
        (uint8_t *)"\x04\x0c"
-                  "/sample/path",
-       14},
-      {(char *)":path", (char *)"/sample/path", 4, HpackField::NEVERINDEX_LITERAL,
+                  "/sample/path",                             14},
+      {(char *)":path",      (char *)"/sample/path",  4, HpackField::NEVERINDEX_LITERAL,
        (uint8_t *)"\x14\x0c"
-                  "/sample/path",
-       14},
-      {(char *)"password", (char *)"secret", 0, HpackField::INDEXED_LITERAL,
+                  "/sample/path",                             14},
+      {(char *)"password",   (char *)"secret",        0, HpackField::INDEXED_LITERAL,
        (uint8_t *)"\x40\x08"
                   "password\x06"
-                  "secret",
-       17},
-      {(char *)"password", (char *)"secret", 0, HpackField::NOINDEX_LITERAL,
+                  "secret",                                   17},
+      {(char *)"password",   (char *)"secret",        0, HpackField::NOINDEX_LITERAL,
        (uint8_t *)"\x00\x08"
                   "password\x06"
-                  "secret",
-       17},
-      {(char *)"password", (char *)"secret", 0, HpackField::NEVERINDEX_LITERAL,
+                  "secret",                                   17},
+      {(char *)"password",   (char *)"secret",        0, HpackField::NEVERINDEX_LITERAL,
        (uint8_t *)"\x10\x08"
                   "password\x06"
-                  "secret",
-       17},
-      // with Huffman Coding
+                  "secret",                                   17},
+ // with Huffman Coding
       {(char *)"custom-key", (char *)"custom-header", 0, HpackField::INDEXED_LITERAL,
        (uint8_t *)"\x40"
                   "\x88\x25\xa8\x49\xe9\x5b\xa9\x7d\x7f"
-                  "\x89\x25\xa8\x49\xe9\x5a\x72\x8e\x42\xd9",
-       20},
+                  "\x89\x25\xa8\x49\xe9\x5a\x72\x8e\x42\xd9", 20},
       {(char *)"custom-key", (char *)"custom-header", 0, HpackField::NOINDEX_LITERAL,
        (uint8_t *)"\x00"
                   "\x88\x25\xa8\x49\xe9\x5b\xa9\x7d\x7f"
-                  "\x89\x25\xa8\x49\xe9\x5a\x72\x8e\x42\xd9",
-       20},
+                  "\x89\x25\xa8\x49\xe9\x5a\x72\x8e\x42\xd9", 20},
       {(char *)"custom-key", (char *)"custom-header", 0, HpackField::NEVERINDEX_LITERAL,
        (uint8_t *)"\x10"
                   "\x88\x25\xa8\x49\xe9\x5b\xa9\x7d\x7f"
-                  "\x89\x25\xa8\x49\xe9\x5a\x72\x8e\x42\xd9",
-       20},
-      {(char *)":path", (char *)"/sample/path", 4, HpackField::INDEXED_LITERAL,
+                  "\x89\x25\xa8\x49\xe9\x5a\x72\x8e\x42\xd9", 20},
+      {(char *)":path",      (char *)"/sample/path",  4, HpackField::INDEXED_LITERAL,
        (uint8_t *)"\x44"
-                  "\x89\x61\x03\xa6\xba\x0a\xc5\x63\x4c\xff",
-       11},
-      {(char *)":path", (char *)"/sample/path", 4, HpackField::NOINDEX_LITERAL,
+                  "\x89\x61\x03\xa6\xba\x0a\xc5\x63\x4c\xff", 11},
+      {(char *)":path",      (char *)"/sample/path",  4, HpackField::NOINDEX_LITERAL,
        (uint8_t *)"\x04"
-                  "\x89\x61\x03\xa6\xba\x0a\xc5\x63\x4c\xff",
-       11},
-      {(char *)":path", (char *)"/sample/path", 4, HpackField::NEVERINDEX_LITERAL,
+                  "\x89\x61\x03\xa6\xba\x0a\xc5\x63\x4c\xff", 11},
+      {(char *)":path",      (char *)"/sample/path",  4, HpackField::NEVERINDEX_LITERAL,
        (uint8_t *)"\x14"
-                  "\x89\x61\x03\xa6\xba\x0a\xc5\x63\x4c\xff",
-       11},
-      {(char *)"password", (char *)"secret", 0, HpackField::INDEXED_LITERAL,
+                  "\x89\x61\x03\xa6\xba\x0a\xc5\x63\x4c\xff", 11},
+      {(char *)"password",   (char *)"secret",        0, HpackField::INDEXED_LITERAL,
        (uint8_t *)"\x40"
                   "\x86\xac\x68\x47\x83\xd9\x27"
-                  "\x84\x41\x49\x61\x53",
-       13},
-      {(char *)"password", (char *)"secret", 0, HpackField::NOINDEX_LITERAL,
+                  "\x84\x41\x49\x61\x53",                     13},
+      {(char *)"password",   (char *)"secret",        0, HpackField::NOINDEX_LITERAL,
        (uint8_t *)"\x00"
                   "\x86\xac\x68\x47\x83\xd9\x27"
-                  "\x84\x41\x49\x61\x53",
-       13},
-      {(char *)"password", (char *)"secret", 0, HpackField::NEVERINDEX_LITERAL,
+                  "\x84\x41\x49\x61\x53",                     13},
+      {(char *)"password",   (char *)"secret",        0, HpackField::NEVERINDEX_LITERAL,
        (uint8_t *)"\x10"
                   "\x86\xac\x68\x47\x83\xd9\x27"
-                  "\x84\x41\x49\x61\x53",
-       13},
+                  "\x84\x41\x49\x61\x53",                     13},
     };
 
     SECTION("encoding")
@@ -257,27 +239,27 @@ TEST_CASE("HPACK high level APIs", "[hpack]")
       char *raw_value;
     } raw_field_response_test_case[][MAX_TEST_FIELD_NUM] = {
       {
-        {(char *)":status", (char *)"302"},
-        {(char *)"cache-control", (char *)"private"},
-        {(char *)"date", (char *)"Mon, 21 Oct 2013 20:13:21 GMT"},
-        {(char *)"location", (char *)"https://www.example.com"},
-        {(char *)"", (char *)""} // End of this test case
+       {(char *)":status", (char *)"302"},
+       {(char *)"cache-control", (char *)"private"},
+       {(char *)"date", (char *)"Mon, 21 Oct 2013 20:13:21 GMT"},
+       {(char *)"location", (char *)"https://www.example.com"},
+       {(char *)"", (char *)""} // End of this test case
       },
       {
-        {(char *)":status", (char *)"307"},
-        {(char *)"cache-control", (char *)"private"},
-        {(char *)"date", (char *)"Mon, 21 Oct 2013 20:13:21 GMT"},
-        {(char *)"location", (char *)"https://www.example.com"},
-        {(char *)"", (char *)""} // End of this test case
+       {(char *)":status", (char *)"307"},
+       {(char *)"cache-control", (char *)"private"},
+       {(char *)"date", (char *)"Mon, 21 Oct 2013 20:13:21 GMT"},
+       {(char *)"location", (char *)"https://www.example.com"},
+       {(char *)"", (char *)""} // End of this test case
       },
       {
-        {(char *)":status", (char *)"200"},
-        {(char *)"cache-control", (char *)"private"},
-        {(char *)"date", (char *)"Mon, 21 Oct 2013 20:13:22 GMT"},
-        {(char *)"location", (char *)"https://www.example.com"},
-        {(char *)"content-encoding", (char *)"gzip"},
-        {(char *)"set-cookie", (char *)"foo=ASDJKHQKBZXOQWEOPIUAXQWEOIU; max-age=3600; version=1"},
-        {(char *)"", (char *)""} // End of this test case
+       {(char *)":status", (char *)"200"},
+       {(char *)"cache-control", (char *)"private"},
+       {(char *)"date", (char *)"Mon, 21 Oct 2013 20:13:22 GMT"},
+       {(char *)"location", (char *)"https://www.example.com"},
+       {(char *)"content-encoding", (char *)"gzip"},
+       {(char *)"set-cookie", (char *)"foo=ASDJKHQKBZXOQWEOPIUAXQWEOIU; max-age=3600; version=1"},
+       {(char *)"", (char *)""} // End of this test case
       },
     };
 
@@ -294,14 +276,12 @@ TEST_CASE("HPACK high level APIs", "[hpack]")
                   "\xe0\x82\xa6\x2d\x1b\xff"
                   "\x6e\x91"
                   "\x9d\x29\xad\x17\x18\x63\xc7\x8f\x0b\x97\xc8\xe9\xae\x82\xae\x43"
-                  "\xd3",
-       54},
+                  "\xd3",                                                 54},
       {(uint8_t *)"\x48\x83"
                   "\x64\x0e\xff"
                   "\xc1"
                   "\xc0"
-                  "\xbf",
-       8},
+                  "\xbf",                                                 8 },
       {(uint8_t *)"\x88"
                   "\xc1"
                   "\x61\x96"
@@ -313,8 +293,7 @@ TEST_CASE("HPACK high level APIs", "[hpack]")
                   "\x77\xad"
                   "\x94\xe7\x82\x1d\xd7\xf2\xe6\xc7\xb3\x35\xdf\xdf\xcd\x5b\x39\x60"
                   "\xd5\xaf\x27\x08\x7f\x36\x72\xc1\xab\x27\x0f\xb5\x29\x1f\x95\x87"
-                  "\x31\x60\x65\xc0\x03\xed\x4e\xe5\xb1\x06\x3d\x50\x07",
-       79},
+                  "\x31\x60\x65\xc0\x03\xed\x4e\xe5\xb1\x06\x3d\x50\x07", 79},
     };
 
     const static struct {
@@ -323,24 +302,24 @@ TEST_CASE("HPACK high level APIs", "[hpack]")
       char *value;
     } dynamic_table_response_test_case[][MAX_TEST_FIELD_NUM] = {
       {
-        {63, (char *)"location", (char *)"https://www.example.com"},
-        {65, (char *)"date", (char *)"Mon, 21 Oct 2013 20:13:21 GMT"},
-        {52, (char *)"cache-control", (char *)"private"},
-        {42, (char *)":status", (char *)"302"},
-        {0, (char *)"", (char *)""} // End of this test case
+       {63, (char *)"location", (char *)"https://www.example.com"},
+       {65, (char *)"date", (char *)"Mon, 21 Oct 2013 20:13:21 GMT"},
+       {52, (char *)"cache-control", (char *)"private"},
+       {42, (char *)":status", (char *)"302"},
+       {0, (char *)"", (char *)""} // End of this test case
       },
       {
-        {42, (char *)":status", (char *)"307"},
-        {63, (char *)"location", (char *)"https://www.example.com"},
-        {65, (char *)"date", (char *)"Mon, 21 Oct 2013 20:13:21 GMT"},
-        {52, (char *)"cache-control", (char *)"private"},
-        {0, (char *)"", (char *)""} // End of this test case
+       {42, (char *)":status", (char *)"307"},
+       {63, (char *)"location", (char *)"https://www.example.com"},
+       {65, (char *)"date", (char *)"Mon, 21 Oct 2013 20:13:21 GMT"},
+       {52, (char *)"cache-control", (char *)"private"},
+       {0, (char *)"", (char *)""} // End of this test case
       },
       {
-        {98, (char *)"set-cookie", (char *)"foo=ASDJKHQKBZXOQWEOPIUAXQWEOIU; max-age=3600; version=1"},
-        {52, (char *)"content-encoding", (char *)"gzip"},
-        {65, (char *)"date", (char *)"Mon, 21 Oct 2013 20:13:22 GMT"},
-        {0, (char *)"", (char *)""} // End of this test case
+       {98, (char *)"set-cookie", (char *)"foo=ASDJKHQKBZXOQWEOPIUAXQWEOIU; max-age=3600; version=1"},
+       {52, (char *)"content-encoding", (char *)"gzip"},
+       {65, (char *)"date", (char *)"Mon, 21 Oct 2013 20:13:22 GMT"},
+       {0, (char *)"", (char *)""} // End of this test case
       },
     };
 
@@ -405,18 +384,18 @@ TEST_CASE("HPACK high level APIs", "[hpack]")
       char *raw_value;
     } raw_field_request_test_case[][MAX_TEST_FIELD_NUM] = {
       {
-        {(char *)":method", (char *)"GET"},
-        {(char *)":scheme", (char *)"http"},
-        {(char *)":path", (char *)"/"},
-        {(char *)":authority", (char *)"www.example.com"},
-        {(char *)"", (char *)""} // End of this test case
+       {(char *)":method", (char *)"GET"},
+       {(char *)":scheme", (char *)"http"},
+       {(char *)":path", (char *)"/"},
+       {(char *)":authority", (char *)"www.example.com"},
+       {(char *)"", (char *)""} // End of this test case
       },
       {
-        {(char *)":method", (char *)"GET"},
-        {(char *)":scheme", (char *)"http"},
-        {(char *)":path", (char *)"/"},
-        {(char *)":authority", (char *)"www.example.com"},
-        {(char *)"", (char *)""} // End of this test case
+       {(char *)":method", (char *)"GET"},
+       {(char *)":scheme", (char *)"http"},
+       {(char *)":path", (char *)"/"},
+       {(char *)":authority", (char *)"www.example.com"},
+       {(char *)"", (char *)""} // End of this test case
       },
     };
 
@@ -435,8 +414,7 @@ TEST_CASE("HPACK high level APIs", "[hpack]")
                   "\x1/"
                   "\x40"
                   "\xa:authority"
-                  "\xfwww.example.com",
-       64},
+                  "\xfwww.example.com",                                   64},
       {(uint8_t *)"\x40"
                   "\x85\xb9\x49\x53\x39\xe4"
                   "\x83\xc5\x83\x7f"
@@ -448,8 +426,7 @@ TEST_CASE("HPACK high level APIs", "[hpack]")
                   "\x81\x63"
                   "\x40"
                   "\x88\xb8\x3b\x53\x39\xec\x32\x7d\x7f"
-                  "\x8c\xf1\xe3\xc2\xe5\xf2\x3a\x6b\xa0\xab\x90\xf4\xff",
-       53},
+                  "\x8c\xf1\xe3\xc2\xe5\xf2\x3a\x6b\xa0\xab\x90\xf4\xff", 53},
     };
 
     HpackIndexingTable indexing_table(4096);
diff --git a/proxy/http2/unit_tests/test_Http2Frame.cc b/proxy/http2/unit_tests/test_Http2Frame.cc
index d30b07a10e0..fdc52478e7f 100644
--- a/proxy/http2/unit_tests/test_Http2Frame.cc
+++ b/proxy/http2/unit_tests/test_Http2Frame.cc
@@ -70,79 +70,79 @@ TEST_CASE("HTTP/2 Frame Flags", "[http2]")
     uint8_t fflags;
     bool valid;
   } http2_frame_flags_test_case[] = {
-    {HTTP2_FRAME_TYPE_DATA, 0x00, true},
-    {HTTP2_FRAME_TYPE_DATA, 0x01, true},
-    {HTTP2_FRAME_TYPE_DATA, 0x02, false},
-    {HTTP2_FRAME_TYPE_DATA, 0x04, false},
-    {HTTP2_FRAME_TYPE_DATA, 0x08, true},
-    {HTTP2_FRAME_TYPE_DATA, 0x10, false},
-    {HTTP2_FRAME_TYPE_DATA, 0x20, false},
-    {HTTP2_FRAME_TYPE_DATA, 0x40, false},
-    {HTTP2_FRAME_TYPE_DATA, 0x80, false},
-    {HTTP2_FRAME_TYPE_HEADERS, 0x00, true},
-    {HTTP2_FRAME_TYPE_HEADERS, 0x01, true},
-    {HTTP2_FRAME_TYPE_HEADERS, 0x02, false},
-    {HTTP2_FRAME_TYPE_HEADERS, 0x04, true},
-    {HTTP2_FRAME_TYPE_HEADERS, 0x08, true},
-    {HTTP2_FRAME_TYPE_HEADERS, 0x10, false},
-    {HTTP2_FRAME_TYPE_HEADERS, 0x20, true},
-    {HTTP2_FRAME_TYPE_HEADERS, 0x40, false},
-    {HTTP2_FRAME_TYPE_HEADERS, 0x80, false},
-    {HTTP2_FRAME_TYPE_PRIORITY, 0x00, true},
-    {HTTP2_FRAME_TYPE_PRIORITY, 0x01, false},
-    {HTTP2_FRAME_TYPE_PRIORITY, 0x02, false},
-    {HTTP2_FRAME_TYPE_PRIORITY, 0x04, false},
-    {HTTP2_FRAME_TYPE_PRIORITY, 0x08, false},
-    {HTTP2_FRAME_TYPE_PRIORITY, 0x10, false},
-    {HTTP2_FRAME_TYPE_PRIORITY, 0x20, false},
-    {HTTP2_FRAME_TYPE_PRIORITY, 0x40, false},
-    {HTTP2_FRAME_TYPE_PRIORITY, 0x80, false},
-    {HTTP2_FRAME_TYPE_RST_STREAM, 0x00, true},
-    {HTTP2_FRAME_TYPE_RST_STREAM, 0x01, false},
-    {HTTP2_FRAME_TYPE_RST_STREAM, 0x02, false},
-    {HTTP2_FRAME_TYPE_RST_STREAM, 0x04, false},
-    {HTTP2_FRAME_TYPE_RST_STREAM, 0x08, false},
-    {HTTP2_FRAME_TYPE_RST_STREAM, 0x10, false},
-    {HTTP2_FRAME_TYPE_RST_STREAM, 0x20, false},
-    {HTTP2_FRAME_TYPE_RST_STREAM, 0x40, false},
-    {HTTP2_FRAME_TYPE_RST_STREAM, 0x80, false},
-    {HTTP2_FRAME_TYPE_SETTINGS, 0x00, true},
-    {HTTP2_FRAME_TYPE_SETTINGS, 0x01, true},
-    {HTTP2_FRAME_TYPE_SETTINGS, 0x02, false},
-    {HTTP2_FRAME_TYPE_SETTINGS, 0x04, false},
-    {HTTP2_FRAME_TYPE_SETTINGS, 0x08, false},
-    {HTTP2_FRAME_TYPE_SETTINGS, 0x10, false},
-    {HTTP2_FRAME_TYPE_SETTINGS, 0x20, false},
-    {HTTP2_FRAME_TYPE_SETTINGS, 0x40, false},
-    {HTTP2_FRAME_TYPE_SETTINGS, 0x80, false},
-    {HTTP2_FRAME_TYPE_PUSH_PROMISE, 0x00, true},
-    {HTTP2_FRAME_TYPE_PUSH_PROMISE, 0x01, false},
-    {HTTP2_FRAME_TYPE_PUSH_PROMISE, 0x02, false},
-    {HTTP2_FRAME_TYPE_PUSH_PROMISE, 0x04, true},
-    {HTTP2_FRAME_TYPE_PUSH_PROMISE, 0x08, true},
-    {HTTP2_FRAME_TYPE_PUSH_PROMISE, 0x10, false},
-    {HTTP2_FRAME_TYPE_PUSH_PROMISE, 0x20, false},
-    {HTTP2_FRAME_TYPE_PUSH_PROMISE, 0x40, false},
-    {HTTP2_FRAME_TYPE_PUSH_PROMISE, 0x80, false},
-    {HTTP2_FRAME_TYPE_PING, 0x00, true},
-    {HTTP2_FRAME_TYPE_PING, 0x01, true},
-    {HTTP2_FRAME_TYPE_PING, 0x02, false},
-    {HTTP2_FRAME_TYPE_PING, 0x04, false},
-    {HTTP2_FRAME_TYPE_PING, 0x08, false},
-    {HTTP2_FRAME_TYPE_PING, 0x10, false},
-    {HTTP2_FRAME_TYPE_PING, 0x20, false},
-    {HTTP2_FRAME_TYPE_PING, 0x40, false},
-    {HTTP2_FRAME_TYPE_PING, 0x80, false},
-    {HTTP2_FRAME_TYPE_GOAWAY, 0x00, true},
-    {HTTP2_FRAME_TYPE_GOAWAY, 0x01, false},
-    {HTTP2_FRAME_TYPE_GOAWAY, 0x02, false},
-    {HTTP2_FRAME_TYPE_GOAWAY, 0x04, false},
-    {HTTP2_FRAME_TYPE_GOAWAY, 0x08, false},
-    {HTTP2_FRAME_TYPE_GOAWAY, 0x10, false},
-    {HTTP2_FRAME_TYPE_GOAWAY, 0x20, false},
-    {HTTP2_FRAME_TYPE_GOAWAY, 0x40, false},
-    {HTTP2_FRAME_TYPE_GOAWAY, 0x80, false},
-    {HTTP2_FRAME_TYPE_WINDOW_UPDATE, 0x00, true},
+    {HTTP2_FRAME_TYPE_DATA,          0x00, true },
+    {HTTP2_FRAME_TYPE_DATA,          0x01, true },
+    {HTTP2_FRAME_TYPE_DATA,          0x02, false},
+    {HTTP2_FRAME_TYPE_DATA,          0x04, false},
+    {HTTP2_FRAME_TYPE_DATA,          0x08, true },
+    {HTTP2_FRAME_TYPE_DATA,          0x10, false},
+    {HTTP2_FRAME_TYPE_DATA,          0x20, false},
+    {HTTP2_FRAME_TYPE_DATA,          0x40, false},
+    {HTTP2_FRAME_TYPE_DATA,          0x80, false},
+    {HTTP2_FRAME_TYPE_HEADERS,       0x00, true },
+    {HTTP2_FRAME_TYPE_HEADERS,       0x01, true },
+    {HTTP2_FRAME_TYPE_HEADERS,       0x02, false},
+    {HTTP2_FRAME_TYPE_HEADERS,       0x04, true },
+    {HTTP2_FRAME_TYPE_HEADERS,       0x08, true },
+    {HTTP2_FRAME_TYPE_HEADERS,       0x10, false},
+    {HTTP2_FRAME_TYPE_HEADERS,       0x20, true },
+    {HTTP2_FRAME_TYPE_HEADERS,       0x40, false},
+    {HTTP2_FRAME_TYPE_HEADERS,       0x80, false},
+    {HTTP2_FRAME_TYPE_PRIORITY,      0x00, true },
+    {HTTP2_FRAME_TYPE_PRIORITY,      0x01, false},
+    {HTTP2_FRAME_TYPE_PRIORITY,      0x02, false},
+    {HTTP2_FRAME_TYPE_PRIORITY,      0x04, false},
+    {HTTP2_FRAME_TYPE_PRIORITY,      0x08, false},
+    {HTTP2_FRAME_TYPE_PRIORITY,      0x10, false},
+    {HTTP2_FRAME_TYPE_PRIORITY,      0x20, false},
+    {HTTP2_FRAME_TYPE_PRIORITY,      0x40, false},
+    {HTTP2_FRAME_TYPE_PRIORITY,      0x80, false},
+    {HTTP2_FRAME_TYPE_RST_STREAM,    0x00, true },
+    {HTTP2_FRAME_TYPE_RST_STREAM,    0x01, false},
+    {HTTP2_FRAME_TYPE_RST_STREAM,    0x02, false},
+    {HTTP2_FRAME_TYPE_RST_STREAM,    0x04, false},
+    {HTTP2_FRAME_TYPE_RST_STREAM,    0x08, false},
+    {HTTP2_FRAME_TYPE_RST_STREAM,    0x10, false},
+    {HTTP2_FRAME_TYPE_RST_STREAM,    0x20, false},
+    {HTTP2_FRAME_TYPE_RST_STREAM,    0x40, false},
+    {HTTP2_FRAME_TYPE_RST_STREAM,    0x80, false},
+    {HTTP2_FRAME_TYPE_SETTINGS,      0x00, true },
+    {HTTP2_FRAME_TYPE_SETTINGS,      0x01, true },
+    {HTTP2_FRAME_TYPE_SETTINGS,      0x02, false},
+    {HTTP2_FRAME_TYPE_SETTINGS,      0x04, false},
+    {HTTP2_FRAME_TYPE_SETTINGS,      0x08, false},
+    {HTTP2_FRAME_TYPE_SETTINGS,      0x10, false},
+    {HTTP2_FRAME_TYPE_SETTINGS,      0x20, false},
+    {HTTP2_FRAME_TYPE_SETTINGS,      0x40, false},
+    {HTTP2_FRAME_TYPE_SETTINGS,      0x80, false},
+    {HTTP2_FRAME_TYPE_PUSH_PROMISE,  0x00, true },
+    {HTTP2_FRAME_TYPE_PUSH_PROMISE,  0x01, false},
+    {HTTP2_FRAME_TYPE_PUSH_PROMISE,  0x02, false},
+    {HTTP2_FRAME_TYPE_PUSH_PROMISE,  0x04, true },
+    {HTTP2_FRAME_TYPE_PUSH_PROMISE,  0x08, true },
+    {HTTP2_FRAME_TYPE_PUSH_PROMISE,  0x10, false},
+    {HTTP2_FRAME_TYPE_PUSH_PROMISE,  0x20, false},
+    {HTTP2_FRAME_TYPE_PUSH_PROMISE,  0x40, false},
+    {HTTP2_FRAME_TYPE_PUSH_PROMISE,  0x80, false},
+    {HTTP2_FRAME_TYPE_PING,          0x00, true },
+    {HTTP2_FRAME_TYPE_PING,          0x01, true },
+    {HTTP2_FRAME_TYPE_PING,          0x02, false},
+    {HTTP2_FRAME_TYPE_PING,          0x04, false},
+    {HTTP2_FRAME_TYPE_PING,          0x08, false},
+    {HTTP2_FRAME_TYPE_PING,          0x10, false},
+    {HTTP2_FRAME_TYPE_PING,          0x20, false},
+    {HTTP2_FRAME_TYPE_PING,          0x40, false},
+    {HTTP2_FRAME_TYPE_PING,          0x80, false},
+    {HTTP2_FRAME_TYPE_GOAWAY,        0x00, true },
+    {HTTP2_FRAME_TYPE_GOAWAY,        0x01, false},
+    {HTTP2_FRAME_TYPE_GOAWAY,        0x02, false},
+    {HTTP2_FRAME_TYPE_GOAWAY,        0x04, false},
+    {HTTP2_FRAME_TYPE_GOAWAY,        0x08, false},
+    {HTTP2_FRAME_TYPE_GOAWAY,        0x10, false},
+    {HTTP2_FRAME_TYPE_GOAWAY,        0x20, false},
+    {HTTP2_FRAME_TYPE_GOAWAY,        0x40, false},
+    {HTTP2_FRAME_TYPE_GOAWAY,        0x80, false},
+    {HTTP2_FRAME_TYPE_WINDOW_UPDATE, 0x00, true },
     {HTTP2_FRAME_TYPE_WINDOW_UPDATE, 0x01, false},
     {HTTP2_FRAME_TYPE_WINDOW_UPDATE, 0x02, false},
     {HTTP2_FRAME_TYPE_WINDOW_UPDATE, 0x04, false},
@@ -151,24 +151,24 @@ TEST_CASE("HTTP/2 Frame Flags", "[http2]")
     {HTTP2_FRAME_TYPE_WINDOW_UPDATE, 0x20, false},
     {HTTP2_FRAME_TYPE_WINDOW_UPDATE, 0x40, false},
     {HTTP2_FRAME_TYPE_WINDOW_UPDATE, 0x80, false},
-    {HTTP2_FRAME_TYPE_CONTINUATION, 0x00, true},
-    {HTTP2_FRAME_TYPE_CONTINUATION, 0x01, false},
-    {HTTP2_FRAME_TYPE_CONTINUATION, 0x02, false},
-    {HTTP2_FRAME_TYPE_CONTINUATION, 0x04, true},
-    {HTTP2_FRAME_TYPE_CONTINUATION, 0x08, false},
-    {HTTP2_FRAME_TYPE_CONTINUATION, 0x10, false},
-    {HTTP2_FRAME_TYPE_CONTINUATION, 0x20, false},
-    {HTTP2_FRAME_TYPE_CONTINUATION, 0x40, false},
-    {HTTP2_FRAME_TYPE_CONTINUATION, 0x80, false},
-    {HTTP2_FRAME_TYPE_MAX, 0x00, true},
-    {HTTP2_FRAME_TYPE_MAX, 0x01, true},
-    {HTTP2_FRAME_TYPE_MAX, 0x02, true},
-    {HTTP2_FRAME_TYPE_MAX, 0x04, true},
-    {HTTP2_FRAME_TYPE_MAX, 0x08, true},
-    {HTTP2_FRAME_TYPE_MAX, 0x10, true},
-    {HTTP2_FRAME_TYPE_MAX, 0x20, true},
-    {HTTP2_FRAME_TYPE_MAX, 0x40, true},
-    {HTTP2_FRAME_TYPE_MAX, 0x80, true},
+    {HTTP2_FRAME_TYPE_CONTINUATION,  0x00, true },
+    {HTTP2_FRAME_TYPE_CONTINUATION,  0x01, false},
+    {HTTP2_FRAME_TYPE_CONTINUATION,  0x02, false},
+    {HTTP2_FRAME_TYPE_CONTINUATION,  0x04, true },
+    {HTTP2_FRAME_TYPE_CONTINUATION,  0x08, false},
+    {HTTP2_FRAME_TYPE_CONTINUATION,  0x10, false},
+    {HTTP2_FRAME_TYPE_CONTINUATION,  0x20, false},
+    {HTTP2_FRAME_TYPE_CONTINUATION,  0x40, false},
+    {HTTP2_FRAME_TYPE_CONTINUATION,  0x80, false},
+    {HTTP2_FRAME_TYPE_MAX,           0x00, true },
+    {HTTP2_FRAME_TYPE_MAX,           0x01, true },
+    {HTTP2_FRAME_TYPE_MAX,           0x02, true },
+    {HTTP2_FRAME_TYPE_MAX,           0x04, true },
+    {HTTP2_FRAME_TYPE_MAX,           0x08, true },
+    {HTTP2_FRAME_TYPE_MAX,           0x10, true },
+    {HTTP2_FRAME_TYPE_MAX,           0x20, true },
+    {HTTP2_FRAME_TYPE_MAX,           0x40, true },
+    {HTTP2_FRAME_TYPE_MAX,           0x80, true },
   };
 
   static const uint8_t HTTP2_FRAME_FLAGS_MASKS[HTTP2_FRAME_TYPE_MAX] = {
diff --git a/proxy/http2/unit_tests/test_Http2FrequencyCounter.cc b/proxy/http2/unit_tests/test_Http2FrequencyCounter.cc
index b69d58f1ef9..b4f6f4a3a45 100644
--- a/proxy/http2/unit_tests/test_Http2FrequencyCounter.cc
+++ b/proxy/http2/unit_tests/test_Http2FrequencyCounter.cc
@@ -67,7 +67,7 @@ TEST_CASE("Http2FrequencyCounter_basic", "[http2][Http2FrequencyCounter]")
   SECTION("Update at 0")
   {
     ink_hrtime now = ink_hrtime_to_sec(Thread::get_hrtime_updated());
-    now -= now % 60;
+    now            -= now % 60;
 
     counter.set_internal_state(now, now - 5, 1, 2);
     counter.increment();
@@ -105,8 +105,8 @@ TEST_CASE("Http2FrequencyCounter_basic", "[http2][Http2FrequencyCounter]")
   SECTION("Update at 10")
   {
     ink_hrtime now = ink_hrtime_to_sec(Thread::get_hrtime_updated());
-    now -= now % 60;
-    now += 10;
+    now            -= now % 60;
+    now            += 10;
 
     counter.set_internal_state(now, now - 5, 1, 2);
     counter.increment();
@@ -144,8 +144,8 @@ TEST_CASE("Http2FrequencyCounter_basic", "[http2][Http2FrequencyCounter]")
   SECTION("Update at 30")
   {
     ink_hrtime now = ink_hrtime_to_sec(Thread::get_hrtime_updated());
-    now -= now % 60;
-    now += 30;
+    now            -= now % 60;
+    now            += 30;
 
     counter.set_internal_state(now, now - 5, 1, 2);
     counter.increment();
@@ -183,8 +183,8 @@ TEST_CASE("Http2FrequencyCounter_basic", "[http2][Http2FrequencyCounter]")
   SECTION("Update at 40")
   {
     ink_hrtime now = ink_hrtime_to_sec(Thread::get_hrtime_updated());
-    now -= now % 60;
-    now += 40;
+    now            -= now % 60;
+    now            += 40;
 
     counter.set_internal_state(now, now - 5, 1, 2);
     counter.increment();
diff --git a/proxy/http3/Http3DataFramer.cc b/proxy/http3/Http3DataFramer.cc
index 5fbb56dc8b1..e4a4b75ec63 100644
--- a/proxy/http3/Http3DataFramer.cc
+++ b/proxy/http3/Http3DataFramer.cc
@@ -43,7 +43,7 @@ Http3DataFramer::generate_frame()
   }
 
   if (payload_len) {
-    frame = Http3FrameFactory::create_data_frame(reader, payload_len);
+    frame                    = Http3FrameFactory::create_data_frame(reader, payload_len);
     this->_source_vio->ndone += payload_len;
   }
 
diff --git a/proxy/http3/Http3Frame.cc b/proxy/http3/Http3Frame.cc
index 3b7c6110163..631b2325cef 100644
--- a/proxy/http3/Http3Frame.cc
+++ b/proxy/http3/Http3Frame.cc
@@ -269,11 +269,11 @@ Http3SettingsFrame::Http3SettingsFrame(const uint8_t *buf, size_t buf_len, uint3
 
     size_t id_len = QUICVariableInt::size(buf + len);
     uint16_t id   = QUICIntUtil::read_QUICVariableInt(buf + len, buf_len - len);
-    len += id_len;
+    len           += id_len;
 
     size_t value_len = QUICVariableInt::size(buf + len);
     uint64_t value   = QUICIntUtil::read_QUICVariableInt(buf + len, buf_len - len);
-    len += value_len;
+    len              += value_len;
 
     // Ignore any SETTINGS identifier it does not understand.
     bool ignore = true;
diff --git a/proxy/http3/Http3FrameCollector.cc b/proxy/http3/Http3FrameCollector.cc
index 3118baca304..fd3cc7aa1a3 100644
--- a/proxy/http3/Http3FrameCollector.cc
+++ b/proxy/http3/Http3FrameCollector.cc
@@ -38,8 +38,8 @@ Http3FrameCollector::on_write_ready(QUICStreamId stream_id, MIOBuffer &writer, s
     size_t len           = 0;
     Http3FrameUPtr frame = g->generate_frame();
     if (frame) {
-      auto b = frame->to_io_buffer_block();
-      len    = writer.write(b.get(), INT64_MAX, 0);
+      auto b   = frame->to_io_buffer_block();
+      len      = writer.write(b.get(), INT64_MAX, 0);
       nwritten += len;
       Debug("http3", "[TX] [%" PRIu64 "] | %s size=%zu", stream_id, Http3DebugNames::frame_type(frame->type()), len);
     }
diff --git a/proxy/http3/Http3HeaderVIOAdaptor.cc b/proxy/http3/Http3HeaderVIOAdaptor.cc
index e99357abfc4..3641b91f119 100644
--- a/proxy/http3/Http3HeaderVIOAdaptor.cc
+++ b/proxy/http3/Http3HeaderVIOAdaptor.cc
@@ -128,7 +128,7 @@ Http3HeaderVIOAdaptor::_on_qpack_decode_complete()
       writer->add_block();
       block = writer->get_current_block();
     }
-    done = this->_header.print(block->end(), block->write_avail(), &bufindex, &tmp);
+    done       = this->_header.print(block->end(), block->write_avail(), &bufindex, &tmp);
     dumpoffset += bufindex;
     writer->fill(bufindex);
     if (!done) {
diff --git a/proxy/http3/Http3Session.cc b/proxy/http3/Http3Session.cc
index 60d0f0f2c7d..ac0416da155 100644
--- a/proxy/http3/Http3Session.cc
+++ b/proxy/http3/Http3Session.cc
@@ -172,7 +172,7 @@ HQSession::get_transact_count() const
 Http3Session::Http3Session(NetVConnection *vc) : HQSession(vc)
 {
   this->_local_qpack  = new QPACK(static_cast(vc), HTTP3_DEFAULT_MAX_HEADER_LIST_SIZE,
-                                 HTTP3_DEFAULT_HEADER_TABLE_SIZE, HTTP3_DEFAULT_QPACK_BLOCKED_STREAMS);
+                                  HTTP3_DEFAULT_HEADER_TABLE_SIZE, HTTP3_DEFAULT_QPACK_BLOCKED_STREAMS);
   this->_remote_qpack = new QPACK(static_cast(vc), HTTP3_DEFAULT_MAX_HEADER_LIST_SIZE,
                                   HTTP3_DEFAULT_HEADER_TABLE_SIZE, HTTP3_DEFAULT_QPACK_BLOCKED_STREAMS);
 }
diff --git a/proxy/http3/Http3Transaction.cc b/proxy/http3/Http3Transaction.cc
index 823cd3c311e..0916c91fc56 100644
--- a/proxy/http3/Http3Transaction.cc
+++ b/proxy/http3/Http3Transaction.cc
@@ -661,7 +661,7 @@ Http09Transaction::_process_read_vio()
       if (len < 2 || buf[len - 1] != '\n') {
         return 0;
       }
-      nread += len;
+      nread                             += len;
       this->_client_req_header_complete = true;
 
       // Check "CRLF" or "LF"
@@ -752,7 +752,7 @@ Http09Transaction::_process_write_vio()
 
       reader->consume(bytes_written);
       this->_write_vio.ndone += bytes_written;
-      total_written += bytes_written;
+      total_written          += bytes_written;
     }
 
     // NOTE: When Chunked Transfer Coding is supported, check ChunkedState of ChunkedHandler
diff --git a/proxy/http3/QPACK.cc b/proxy/http3/QPACK.cc
index 6aec8f86614..092008de28b 100644
--- a/proxy/http3/QPACK.cc
+++ b/proxy/http3/QPACK.cc
@@ -27,110 +27,111 @@
 #include "tscore/ink_defs.h"
 #include "tscore/ink_memory.h"
 
-#define QPACKDebug(fmt, ...) Debug("qpack", "[%s] " fmt, this->_qc->cids().data(), ##__VA_ARGS__)
+#define QPACKDebug(fmt, ...)   Debug("qpack", "[%s] " fmt, this->_qc->cids().data(), ##__VA_ARGS__)
 #define QPACKDTDebug(fmt, ...) Debug("qpack", "" fmt, ##__VA_ARGS__)
 
 // qpack-05 Appendix A.
 const QPACK::Header QPACK::StaticTable::STATIC_HEADER_FIELDS[] = {
-  {":authority", ""},
-  {":path", "/"},
-  {"age", "0"},
-  {"content-disposition", ""},
-  {"content-length", "0"},
-  {"cookie", ""},
-  {"date", ""},
-  {"etag", ""},
-  {"if-modified-since", ""},
-  {"if-none-match", ""},
-  {"last-modified", ""},
-  {"link", ""},
-  {"location", ""},
-  {"referer", ""},
-  {"set-cookie", ""},
-  {":method", "CONNECT"},
-  {":method", "DELETE"},
-  {":method", "GET"},
-  {":method", "HEAD"},
-  {":method", "OPTIONS"},
-  {":method", "POST"},
-  {":method", "PUT"},
-  {":scheme", "http"},
-  {":scheme", "https"},
-  {":status", "103"},
-  {":status", "200"},
-  {":status", "304"},
-  {":status", "404"},
-  {":status", "503"},
-  {"accept", "*/*"},
-  {"accept", "application/dns-message"},
-  {"accept-encoding", "gzip, deflate, br"},
-  {"accept-ranges", "bytes"},
-  {"access-control-allow-headers", "cache-control"},
-  {"access-control-allow-headers", "content-type"},
-  {"access-control-allow-origin", "*"},
-  {"cache-control", "max-age=0"},
-  {"cache-control", "max-age=2592000"},
-  {"cache-control", "max-age=604800"},
-  {"cache-control", "no-cache"},
-  {"cache-control", "no-store"},
-  {"cache-control", "public, max-age=31536000"},
-  {"content-encoding", "br"},
-  {"content-encoding", "gzip"},
-  {"content-type", "application/dns-message"},
-  {"content-type", "application/javascript"},
-  {"content-type", "application/json"},
-  {"content-type", "application/x-www-form-urlencoded"},
-  {"content-type", "image/gif"},
-  {"content-type", "image/jpeg"},
-  {"content-type", "image/png"},
-  {"content-type", "text/css"},
-  {"content-type", "text/html; charset=utf-8"},
-  {"content-type", "text/plain"},
-  {"content-type", "text/plain;charset=utf-8"},
-  {"range", "bytes=0-"},
-  {"strict-transport-security", "max-age=31536000"},
-  {"strict-transport-security", "max-age=31536000; includesubdomains"},
-  {"strict-transport-security", "max-age=31536000; includesubdomains; preload"},
-  {"vary", "accept-encoding"},
-  {"vary", "origin"},
-  {"x-content-type-options", "nosniff"},
-  {"x-xss-protection", "1; mode=block"},
-  {":status", "100"},
-  {":status", "204"},
-  {":status", "206"},
-  {":status", "302"},
-  {":status", "400"},
-  {":status", "403"},
-  {":status", "421"},
-  {":status", "425"},
-  {":status", "500"},
-  {"accept-language", ""},
-  {"access-control-allow-credentials", "FALSE"},
-  {"access-control-allow-credentials", "TRUE"},
-  {"access-control-allow-headers", "*"},
-  {"access-control-allow-methods", "get"},
-  {"access-control-allow-methods", "get, post, options"},
-  {"access-control-allow-methods", "options"},
-  {"access-control-expose-headers", "content-length"},
-  {"access-control-request-headers", "content-type"},
-  {"access-control-request-method", "get"},
-  {"access-control-request-method", "post"},
-  {"alt-svc", "clear"},
-  {"authorization", ""},
-  {"content-security-policy", "script-src 'none'; object-src 'none'; base-uri 'none'"},
-  {"early-data", "1"},
-  {"expect-ct", ""},
-  {"forwarded", ""},
-  {"if-range", ""},
-  {"origin", ""},
-  {"purpose", "prefetch"},
-  {"server", ""},
-  {"timing-allow-origin", "*"},
-  {"upgrade-insecure-requests", "1"},
-  {"user-agent", ""},
-  {"x-forwarded-for", ""},
-  {"x-frame-options", "deny"},
-  {"x-frame-options", "sameorigin"}};
+  {":authority",                       ""                                                     },
+  {":path",                            "/"                                                    },
+  {"age",                              "0"                                                    },
+  {"content-disposition",              ""                                                     },
+  {"content-length",                   "0"                                                    },
+  {"cookie",                           ""                                                     },
+  {"date",                             ""                                                     },
+  {"etag",                             ""                                                     },
+  {"if-modified-since",                ""                                                     },
+  {"if-none-match",                    ""                                                     },
+  {"last-modified",                    ""                                                     },
+  {"link",                             ""                                                     },
+  {"location",                         ""                                                     },
+  {"referer",                          ""                                                     },
+  {"set-cookie",                       ""                                                     },
+  {":method",                          "CONNECT"                                              },
+  {":method",                          "DELETE"                                               },
+  {":method",                          "GET"                                                  },
+  {":method",                          "HEAD"                                                 },
+  {":method",                          "OPTIONS"                                              },
+  {":method",                          "POST"                                                 },
+  {":method",                          "PUT"                                                  },
+  {":scheme",                          "http"                                                 },
+  {":scheme",                          "https"                                                },
+  {":status",                          "103"                                                  },
+  {":status",                          "200"                                                  },
+  {":status",                          "304"                                                  },
+  {":status",                          "404"                                                  },
+  {":status",                          "503"                                                  },
+  {"accept",                           "*/*"                                                  },
+  {"accept",                           "application/dns-message"                              },
+  {"accept-encoding",                  "gzip, deflate, br"                                    },
+  {"accept-ranges",                    "bytes"                                                },
+  {"access-control-allow-headers",     "cache-control"                                        },
+  {"access-control-allow-headers",     "content-type"                                         },
+  {"access-control-allow-origin",      "*"                                                    },
+  {"cache-control",                    "max-age=0"                                            },
+  {"cache-control",                    "max-age=2592000"                                      },
+  {"cache-control",                    "max-age=604800"                                       },
+  {"cache-control",                    "no-cache"                                             },
+  {"cache-control",                    "no-store"                                             },
+  {"cache-control",                    "public, max-age=31536000"                             },
+  {"content-encoding",                 "br"                                                   },
+  {"content-encoding",                 "gzip"                                                 },
+  {"content-type",                     "application/dns-message"                              },
+  {"content-type",                     "application/javascript"                               },
+  {"content-type",                     "application/json"                                     },
+  {"content-type",                     "application/x-www-form-urlencoded"                    },
+  {"content-type",                     "image/gif"                                            },
+  {"content-type",                     "image/jpeg"                                           },
+  {"content-type",                     "image/png"                                            },
+  {"content-type",                     "text/css"                                             },
+  {"content-type",                     "text/html; charset=utf-8"                             },
+  {"content-type",                     "text/plain"                                           },
+  {"content-type",                     "text/plain;charset=utf-8"                             },
+  {"range",                            "bytes=0-"                                             },
+  {"strict-transport-security",        "max-age=31536000"                                     },
+  {"strict-transport-security",        "max-age=31536000; includesubdomains"                  },
+  {"strict-transport-security",        "max-age=31536000; includesubdomains; preload"         },
+  {"vary",                             "accept-encoding"                                      },
+  {"vary",                             "origin"                                               },
+  {"x-content-type-options",           "nosniff"                                              },
+  {"x-xss-protection",                 "1; mode=block"                                        },
+  {":status",                          "100"                                                  },
+  {":status",                          "204"                                                  },
+  {":status",                          "206"                                                  },
+  {":status",                          "302"                                                  },
+  {":status",                          "400"                                                  },
+  {":status",                          "403"                                                  },
+  {":status",                          "421"                                                  },
+  {":status",                          "425"                                                  },
+  {":status",                          "500"                                                  },
+  {"accept-language",                  ""                                                     },
+  {"access-control-allow-credentials", "FALSE"                                                },
+  {"access-control-allow-credentials", "TRUE"                                                 },
+  {"access-control-allow-headers",     "*"                                                    },
+  {"access-control-allow-methods",     "get"                                                  },
+  {"access-control-allow-methods",     "get, post, options"                                   },
+  {"access-control-allow-methods",     "options"                                              },
+  {"access-control-expose-headers",    "content-length"                                       },
+  {"access-control-request-headers",   "content-type"                                         },
+  {"access-control-request-method",    "get"                                                  },
+  {"access-control-request-method",    "post"                                                 },
+  {"alt-svc",                          "clear"                                                },
+  {"authorization",                    ""                                                     },
+  {"content-security-policy",          "script-src 'none'; object-src 'none'; base-uri 'none'"},
+  {"early-data",                       "1"                                                    },
+  {"expect-ct",                        ""                                                     },
+  {"forwarded",                        ""                                                     },
+  {"if-range",                         ""                                                     },
+  {"origin",                           ""                                                     },
+  {"purpose",                          "prefetch"                                             },
+  {"server",                           ""                                                     },
+  {"timing-allow-origin",              "*"                                                    },
+  {"upgrade-insecure-requests",        "1"                                                    },
+  {"user-agent",                       ""                                                     },
+  {"x-forwarded-for",                  ""                                                     },
+  {"x-frame-options",                  "deny"                                                 },
+  {"x-frame-options",                  "sameorigin"                                           }
+};
 
 QPACK::QPACK(QUICConnection *qc, uint32_t max_header_list_size, uint16_t max_table_size, uint16_t max_blocking_streams)
   : QUICApplication(qc),
@@ -322,7 +323,7 @@ QPACK::_encode_prefix(uint16_t largest_reference, uint16_t base_index, IOBufferB
   prefix->end()[0] = 0x0;
   if (base_index < largest_reference) {
     prefix->end()[0] |= 0x80;
-    delta = largest_reference - base_index;
+    delta            = largest_reference - base_index;
   } else {
     delta = base_index - largest_reference;
   }
@@ -890,7 +891,7 @@ QPACK::_decode_header(const uint8_t *header_block, size_t header_block_len, HTTP
   if ((ret = xpack_decode_integer(tmp, pos, pos + remain_len, 8)) < 0 && tmp > 0xFFFF) {
     return -1;
   }
-  pos += ret;
+  pos                        += ret;
   uint16_t largest_reference = tmp;
 
   uint64_t delta_base_index;
@@ -1348,7 +1349,7 @@ QPACK::DynamicTable::insert_entry(const char *name, uint16_t name_len, const cha
       break;
     }
     available += this->_entries[tail].name_len + this->_entries[tail].value_len;
-    tail = (tail + 1) % this->_max_entries;
+    tail      = (tail + 1) % this->_max_entries;
   }
   if (available < required_len) {
     // We can't insert a new entry because some stream(s) refer an entry that need to be evicted
@@ -1368,7 +1369,7 @@ QPACK::DynamicTable::insert_entry(const char *name, uint16_t name_len, const cha
   this->_entries_head                 = (this->_entries_head + 1) % this->_max_entries;
   this->_entries[this->_entries_head] = {++this->_entries_inserted, this->_storage->write(name, name_len, value, value_len),
                                          name_len, value_len, 0};
-  this->_available -= required_len;
+  this->_available                    -= required_len;
 
   QPACKDTDebug("Insert Entry: entry=%u, index=%u, size=%u", this->_entries_head, this->_entries_inserted, name_len + value_len);
   QPACKDTDebug("Available size: %u", this->_available);
@@ -1657,7 +1658,7 @@ QPACK::_read_insert_with_name_ref(IOBufferReader &reader, bool &is_static, uint1
   if ((ret = xpack_decode_integer(tmp, input, input + input_len, 6)) < 0 && tmp > 0xFFFF) {
     return -1;
   }
-  index = tmp;
+  index    = tmp;
   read_len += ret;
 
   // Value
@@ -1665,7 +1666,7 @@ QPACK::_read_insert_with_name_ref(IOBufferReader &reader, bool &is_static, uint1
     return -1;
   }
   value_len = tmp;
-  read_len += ret;
+  read_len  += ret;
 
   reader.consume(read_len);
 
@@ -1695,7 +1696,7 @@ QPACK::_read_insert_without_name_ref(IOBufferReader &reader, Arena &arena, char
     return -1;
   }
   value_len = tmp;
-  read_len += ret;
+  read_len  += ret;
 
   reader.consume(read_len);
 
@@ -1716,7 +1717,7 @@ QPACK::_read_duplicate(IOBufferReader &reader, uint16_t &index)
   if ((ret = xpack_decode_integer(tmp, input, input + input_len, 5)) < 0 && tmp > 0xFFFF) {
     return -1;
   }
-  index = tmp;
+  index    = tmp;
   read_len += ret;
 
   reader.consume(read_len);
@@ -1761,7 +1762,7 @@ QPACK::_read_table_state_synchronize(IOBufferReader &reader, uint16_t &insert_co
     return -1;
   }
   insert_count = tmp;
-  read_len += ret;
+  read_len     += ret;
 
   reader.consume(read_len);
 
diff --git a/proxy/logging/LogAccess.cc b/proxy/logging/LogAccess.cc
index 7a6eaadb923..56ff3cc4d6d 100644
--- a/proxy/logging/LogAccess.cc
+++ b/proxy/logging/LogAccess.cc
@@ -34,7 +34,7 @@ extern AppVersionInfo appVersionInfo;
 
 char INVALID_STR[] = "!INVALID_STR!";
 
-#define HIDDEN_CONTENT_TYPE "@Content-Type"
+#define HIDDEN_CONTENT_TYPE     "@Content-Type"
 #define HIDDEN_CONTENT_TYPE_LEN 13
 
 // should be at least 22 bytes to always accommodate a converted
@@ -207,8 +207,8 @@ LogAccess::marshal_record(char *record, char *buf)
 
 #define LOG_INTEGER RECD_INT
 #define LOG_COUNTER RECD_COUNTER
-#define LOG_FLOAT RECD_FLOAT
-#define LOG_STRING RECD_STRING
+#define LOG_FLOAT   RECD_FLOAT
+#define LOG_STRING  RECD_STRING
 
   RecDataT stype = RECD_NULL;
   bool found     = false;
@@ -456,7 +456,7 @@ LogAccess::unmarshal_int(char **buf)
   int64_t val;
 
   // TODO: this used to do nthol, do we need to worry? TS-1156.
-  val = *(reinterpret_cast(*buf));
+  val  = *(reinterpret_cast(*buf));
   *buf += INK_MIN_ALIGN;
   return val;
 }
@@ -497,7 +497,7 @@ LogAccess::unmarshal_itoa(int64_t val, char *dest, int field_width, char leading
 
   do {
     *p-- = '0' + (val % 10);
-    val /= 10;
+    val  /= 10;
   } while (val);
 
   while (dest - p < field_width) {
@@ -530,7 +530,7 @@ LogAccess::unmarshal_itox(int64_t val, char *dest, int field_width, char leading
 
   for (int i = 0; i < static_cast(sizeof(int64_t) * 2); i++) {
     *p-- = table[val & 0xf];
-    val >>= 4;
+    val  >>= 4;
   }
   while (dest - p < field_width) {
     *p-- = leading_char;
@@ -898,7 +898,7 @@ LogAccess::unmarshal_http_version(char **buf, char *dest, int len)
   if (res1 < 0) {
     return -1;
   }
-  p += res1;
+  p        += res1;
   *p++     = '.';
   int res2 = unmarshal_int_to_str(buf, p, 128 - http_len - res1 - 1);
   if (res2 < 0) {
@@ -934,13 +934,13 @@ LogAccess::unmarshal_http_text(char **buf, char *dest, int len, LogSlice *slice,
   if (res1 < 0) {
     return -1;
   }
-  p += res1;
+  p        += res1;
   *p++     = ' ';
   int res2 = unmarshal_str(buf, p, len - res1 - 1, slice, escape_type);
   if (res2 < 0) {
     return -1;
   }
-  p += res2;
+  p        += res2;
   *p++     = ' ';
   int res3 = unmarshal_http_version(buf, p, len - res1 - res2 - 2);
   if (res3 < 0) {
@@ -1000,7 +1000,7 @@ LogAccess::unmarshal_ip(char **buf, IpEndpoint *dest)
   } else {
     ats_ip_invalidate(dest);
   }
-  len = INK_ALIGN_DEFAULT(len);
+  len  = INK_ALIGN_DEFAULT(len);
   *buf += len;
   return len;
 }
@@ -1149,7 +1149,7 @@ LogAccess::unmarshal_record(char **buf, char *dest, int len)
 
   char *val_buf = *buf;
   int val_len   = static_cast(::strlen(val_buf));
-  *buf += MARSHAL_RECORD_LENGTH; // this is how it was stored
+  *buf          += MARSHAL_RECORD_LENGTH; // this is how it was stored
   if (val_len < len) {
     memcpy(dest, val_buf, val_len);
     return val_len;
@@ -1606,7 +1606,7 @@ LogAccess::validate_unmapped_url_path()
 
       if (c && (len = static_cast(c - m_client_req_unmapped_url_path_str)) <= 5) { // 5 - max schema size
         if (len + 2 <= m_client_req_unmapped_url_canon_len && c[1] == '/' && c[2] == '/') {
-          len += 3; // Skip "://"
+          len                                += 3; // Skip "://"
           m_client_req_unmapped_url_host_str = &m_client_req_unmapped_url_canon_str[len];
           m_client_req_unmapped_url_host_len = m_client_req_unmapped_url_path_len - len;
           // Attempt to find first '/' in the path
@@ -1657,10 +1657,10 @@ LogAccess::marshal_client_req_text(char *buf)
 
   if (buf) {
     int offset = 0;
-    offset += marshal_client_req_http_method(&buf[offset]);
-    offset += marshal_client_req_url(&buf[offset]);
-    offset += marshal_client_req_http_version(&buf[offset]);
-    len = offset;
+    offset     += marshal_client_req_http_method(&buf[offset]);
+    offset     += marshal_client_req_url(&buf[offset]);
+    offset     += marshal_client_req_http_version(&buf[offset]);
+    len        = offset;
   }
   return len;
 }
@@ -3012,7 +3012,7 @@ LogAccess::marshal_http_header_field(LogField::Container container, char *field,
           buf += actual_len;
         }
         running_len += actual_len;
-        fld = fld->m_next_dup;
+        fld         = fld->m_next_dup;
 
         // Dups need to be comma separated.  So if there's another
         // dup, then add a comma and a space ...
@@ -3034,7 +3034,7 @@ LogAccess::marshal_http_header_field(LogField::Container container, char *field,
         buf++;
       }
       running_len += 1;
-      padded_len = round_strlen(running_len);
+      padded_len  = round_strlen(running_len);
 
 // Note: marshal_string fills the padding to
 //  prevent purify UMRs so we do it here too
@@ -3114,7 +3114,7 @@ LogAccess::marshal_http_header_field_escapify(LogField::Container container, cha
           buf += new_len;
         }
         running_len += new_len;
-        fld = fld->m_next_dup;
+        fld         = fld->m_next_dup;
 
         // Dups need to be comma separated.  So if there's another
         // dup, then add a comma and an escapified space ...
@@ -3137,7 +3137,7 @@ LogAccess::marshal_http_header_field_escapify(LogField::Container container, cha
         buf++;
       }
       running_len += 1;
-      padded_len = round_strlen(running_len);
+      padded_len  = round_strlen(running_len);
 
 // Note: marshal_string fills the padding to
 //  prevent purify UMRs so we do it here too
diff --git a/proxy/logging/LogAccess.h b/proxy/logging/LogAccess.h
index 178e3e247d8..f34e7cee162 100644
--- a/proxy/logging/LogAccess.h
+++ b/proxy/logging/LogAccess.h
@@ -84,7 +84,7 @@ union IpEndpoint;
   -------------------------------------------------------------------------*/
 
 // DEFAULT_STR_LEN MUST be less than INK_MIN_ALIGN
-#define DEFAULT_STR "-"
+#define DEFAULT_STR     "-"
 #define DEFAULT_STR_LEN 1
 
 extern char INVALID_STR[];
@@ -341,7 +341,7 @@ class LogAccess
 
   // noncopyable
   // -- member functions that are not allowed --
-  LogAccess(const LogAccess &rhs) = delete;      // no copies
+  LogAccess(const LogAccess &rhs)      = delete; // no copies
   LogAccess &operator=(LogAccess &rhs) = delete; // or assignment
 
 private:
diff --git a/proxy/logging/LogAccessTest.h b/proxy/logging/LogAccessTest.h
index 6519071cba2..7a785c121b2 100644
--- a/proxy/logging/LogAccessTest.h
+++ b/proxy/logging/LogAccessTest.h
@@ -97,6 +97,6 @@ class LogAccessTest : public LogAccess
 
   // noncopyable
   // -- member functions that are not allowed --
-  LogAccessTest(const LogAccessTest &rhs) = delete;
+  LogAccessTest(const LogAccessTest &rhs)      = delete;
   LogAccessTest &operator=(LogAccessTest &rhs) = delete;
 };
diff --git a/proxy/logging/LogBuffer.cc b/proxy/logging/LogBuffer.cc
index 59c622ab518..498d99f6d86 100644
--- a/proxy/logging/LogBuffer.cc
+++ b/proxy/logging/LogBuffer.cc
@@ -414,23 +414,23 @@ LogBuffer::_add_buffer_header(const LogConfig *cfg)
 
   if (fmt->name()) {
     m_header->fmt_name_offset = header_len;
-    header_len += add_header_str(fmt->name(), &m_buffer[header_len], m_size - header_len);
+    header_len                += add_header_str(fmt->name(), &m_buffer[header_len], m_size - header_len);
   }
   if (fmt->fieldlist()) {
     m_header->fmt_fieldlist_offset = header_len;
-    header_len += add_header_str(fmt->fieldlist(), &m_buffer[header_len], m_size - header_len);
+    header_len                     += add_header_str(fmt->fieldlist(), &m_buffer[header_len], m_size - header_len);
   }
   if (fmt->printf_str()) {
     m_header->fmt_printf_offset = header_len;
-    header_len += add_header_str(fmt->printf_str(), &m_buffer[header_len], m_size - header_len);
+    header_len                  += add_header_str(fmt->printf_str(), &m_buffer[header_len], m_size - header_len);
   }
   if (cfg->hostname) {
     m_header->src_hostname_offset = header_len;
-    header_len += add_header_str(cfg->hostname, &m_buffer[header_len], m_size - header_len);
+    header_len                    += add_header_str(cfg->hostname, &m_buffer[header_len], m_size - header_len);
   }
   if (m_owner->get_base_filename()) {
     m_header->log_filename_offset = header_len;
-    header_len += add_header_str(m_owner->get_base_filename(), &m_buffer[header_len], m_size - header_len);
+    header_len                    += add_header_str(m_owner->get_base_filename(), &m_buffer[header_len], m_size - header_len);
   }
   // update the rest of the header fields; make sure the header_len is
   // correctly aligned, so that the first record will start on a legal
@@ -542,8 +542,8 @@ LogBuffer::resolve_custom_entry(LogFieldList *fieldlist, char *printf_str, char
         }
 
         bytes_written += res;
-        lastField = field;
-        field     = fieldlist->next(field);
+        lastField     = field;
+        field         = fieldlist->next(field);
       } else {
         ts::LocalBufferWriter<10 * 1024> bw;
         if (auto bs = fieldlist->badSymbols(); bs.size() > 0) {
diff --git a/proxy/logging/LogBuffer.h b/proxy/logging/LogBuffer.h
index bd8d32fab70..4fe7530d2ce 100644
--- a/proxy/logging/LogBuffer.h
+++ b/proxy/logging/LogBuffer.h
@@ -34,7 +34,7 @@ class LogObject;
 class LogConfig;
 class LogBufferIterator;
 
-#define LOG_SEGMENT_COOKIE 0xaceface
+#define LOG_SEGMENT_COOKIE  0xaceface
 #define LOG_SEGMENT_VERSION 2
 
 #if defined(linux)
@@ -109,7 +109,7 @@ union LB_State {
   struct {
     uint32_t offset;           // buffer offset(bytes in buffer)
     uint16_t num_entries;      // number of entries in buffer
-    uint16_t full : 1;         // not accepting more checkouts
+    uint16_t full        : 1;  // not accepting more checkouts
     uint16_t num_writers : 15; // number of writers
   } s;
 };
@@ -232,7 +232,7 @@ class LogBuffer
 
   // noncopyable
   // -- member functions that are not allowed --
-  LogBuffer(const LogBuffer &rhs) = delete;
+  LogBuffer(const LogBuffer &rhs)            = delete;
   LogBuffer &operator=(const LogBuffer &rhs) = delete;
 
 private:
@@ -291,7 +291,7 @@ class LogBufferIterator
 
   // noncopyable
   // -- member functions not allowed --
-  LogBufferIterator(const LogBufferIterator &) = delete;
+  LogBufferIterator(const LogBufferIterator &)            = delete;
   LogBufferIterator &operator=(const LogBufferIterator &) = delete;
 
 private:
diff --git a/proxy/logging/LogConfig.cc b/proxy/logging/LogConfig.cc
index b840295b1a4..435d7d1c9dd 100644
--- a/proxy/logging/LogConfig.cc
+++ b/proxy/logging/LogConfig.cc
@@ -63,8 +63,8 @@
 #define DISK_IS_ACTUAL_LOW_MESSAGE "Access logging to local log directory suspended - partition space is low."
 
 #define PARTITION_HEADROOM_MB 10
-#define DIAGS_LOG_FILENAME "diags.log"
-#define MANAGER_LOG_FILENAME "manager.log"
+#define DIAGS_LOG_FILENAME    "diags.log"
+#define MANAGER_LOG_FILENAME  "manager.log"
 
 void
 LogConfig::setup_default_values()
@@ -99,7 +99,8 @@ LogConfig::setup_default_values()
   logbuffer_max_iobuf_index = BUFFER_SIZE_INDEX_32K;
 }
 
-void LogConfig::reconfigure_mgmt_variables(swoc::MemSpan)
+void
+LogConfig::reconfigure_mgmt_variables(swoc::MemSpan)
 {
   Note("received log reconfiguration event, rolling now");
   Log::config->roll_log_files_now = true;
@@ -740,7 +741,7 @@ LogConfig::update_space_used()
                 victim->rolled_log_path.c_str(), victim->size);
 
           // Update after successful unlink;
-          m_space_used -= victim->size;
+          m_space_used           -= victim->size;
           m_partition_space_left += victim->size;
         }
       }
diff --git a/proxy/logging/LogConfig.h b/proxy/logging/LogConfig.h
index 149c774a587..309bdb3090b 100644
--- a/proxy/logging/LogConfig.h
+++ b/proxy/logging/LogConfig.h
@@ -128,7 +128,7 @@ class LogConfig : public ConfigInfo
   void
   increment_space_used(int bytes)
   {
-    m_space_used += bytes;
+    m_space_used           += bytes;
     m_partition_space_left -= bytes;
   }
 
@@ -227,6 +227,6 @@ class LogConfig : public ConfigInfo
 
   // noncopyable
   // -- member functions not allowed --
-  LogConfig(const LogConfig &) = delete;
+  LogConfig(const LogConfig &)            = delete;
   LogConfig &operator=(const LogConfig &) = delete;
 };
diff --git a/proxy/logging/LogField.cc b/proxy/logging/LogField.cc
index 66495d7fc4f..63cdd7096c7 100644
--- a/proxy/logging/LogField.cc
+++ b/proxy/logging/LogField.cc
@@ -181,30 +181,30 @@ struct milestone {
 };
 
 static const milestone milestones[] = {
-  {"TS_MILESTONE_UA_BEGIN", TS_MILESTONE_UA_BEGIN},
-  {"TS_MILESTONE_UA_FIRST_READ", TS_MILESTONE_UA_FIRST_READ},
-  {"TS_MILESTONE_UA_READ_HEADER_DONE", TS_MILESTONE_UA_READ_HEADER_DONE},
-  {"TS_MILESTONE_UA_BEGIN_WRITE", TS_MILESTONE_UA_BEGIN_WRITE},
-  {"TS_MILESTONE_UA_CLOSE", TS_MILESTONE_UA_CLOSE},
-  {"TS_MILESTONE_SERVER_FIRST_CONNECT", TS_MILESTONE_SERVER_FIRST_CONNECT},
-  {"TS_MILESTONE_SERVER_CONNECT", TS_MILESTONE_SERVER_CONNECT},
-  {"TS_MILESTONE_SERVER_CONNECT_END", TS_MILESTONE_SERVER_CONNECT_END},
-  {"TS_MILESTONE_SERVER_BEGIN_WRITE", TS_MILESTONE_SERVER_BEGIN_WRITE},
-  {"TS_MILESTONE_SERVER_FIRST_READ", TS_MILESTONE_SERVER_FIRST_READ},
+  {"TS_MILESTONE_UA_BEGIN",                TS_MILESTONE_UA_BEGIN               },
+  {"TS_MILESTONE_UA_FIRST_READ",           TS_MILESTONE_UA_FIRST_READ          },
+  {"TS_MILESTONE_UA_READ_HEADER_DONE",     TS_MILESTONE_UA_READ_HEADER_DONE    },
+  {"TS_MILESTONE_UA_BEGIN_WRITE",          TS_MILESTONE_UA_BEGIN_WRITE         },
+  {"TS_MILESTONE_UA_CLOSE",                TS_MILESTONE_UA_CLOSE               },
+  {"TS_MILESTONE_SERVER_FIRST_CONNECT",    TS_MILESTONE_SERVER_FIRST_CONNECT   },
+  {"TS_MILESTONE_SERVER_CONNECT",          TS_MILESTONE_SERVER_CONNECT         },
+  {"TS_MILESTONE_SERVER_CONNECT_END",      TS_MILESTONE_SERVER_CONNECT_END     },
+  {"TS_MILESTONE_SERVER_BEGIN_WRITE",      TS_MILESTONE_SERVER_BEGIN_WRITE     },
+  {"TS_MILESTONE_SERVER_FIRST_READ",       TS_MILESTONE_SERVER_FIRST_READ      },
   {"TS_MILESTONE_SERVER_READ_HEADER_DONE", TS_MILESTONE_SERVER_READ_HEADER_DONE},
-  {"TS_MILESTONE_SERVER_CLOSE", TS_MILESTONE_SERVER_CLOSE},
-  {"TS_MILESTONE_CACHE_OPEN_READ_BEGIN", TS_MILESTONE_CACHE_OPEN_READ_BEGIN},
-  {"TS_MILESTONE_CACHE_OPEN_READ_END", TS_MILESTONE_CACHE_OPEN_READ_END},
-  {"TS_MILESTONE_CACHE_OPEN_WRITE_BEGIN", TS_MILESTONE_CACHE_OPEN_WRITE_BEGIN},
-  {"TS_MILESTONE_CACHE_OPEN_WRITE_END", TS_MILESTONE_CACHE_OPEN_WRITE_END},
-  {"TS_MILESTONE_DNS_LOOKUP_BEGIN", TS_MILESTONE_DNS_LOOKUP_BEGIN},
-  {"TS_MILESTONE_DNS_LOOKUP_END", TS_MILESTONE_DNS_LOOKUP_END},
-  {"TS_MILESTONE_SM_START", TS_MILESTONE_SM_START},
-  {"TS_MILESTONE_SM_FINISH", TS_MILESTONE_SM_FINISH},
-  {"TS_MILESTONE_PLUGIN_ACTIVE", TS_MILESTONE_PLUGIN_ACTIVE},
-  {"TS_MILESTONE_PLUGIN_TOTAL", TS_MILESTONE_PLUGIN_TOTAL},
-  {"TS_MILESTONE_TLS_HANDSHAKE_START", TS_MILESTONE_TLS_HANDSHAKE_START},
-  {"TS_MILESTONE_TLS_HANDSHAKE_END", TS_MILESTONE_TLS_HANDSHAKE_END},
+  {"TS_MILESTONE_SERVER_CLOSE",            TS_MILESTONE_SERVER_CLOSE           },
+  {"TS_MILESTONE_CACHE_OPEN_READ_BEGIN",   TS_MILESTONE_CACHE_OPEN_READ_BEGIN  },
+  {"TS_MILESTONE_CACHE_OPEN_READ_END",     TS_MILESTONE_CACHE_OPEN_READ_END    },
+  {"TS_MILESTONE_CACHE_OPEN_WRITE_BEGIN",  TS_MILESTONE_CACHE_OPEN_WRITE_BEGIN },
+  {"TS_MILESTONE_CACHE_OPEN_WRITE_END",    TS_MILESTONE_CACHE_OPEN_WRITE_END   },
+  {"TS_MILESTONE_DNS_LOOKUP_BEGIN",        TS_MILESTONE_DNS_LOOKUP_BEGIN       },
+  {"TS_MILESTONE_DNS_LOOKUP_END",          TS_MILESTONE_DNS_LOOKUP_END         },
+  {"TS_MILESTONE_SM_START",                TS_MILESTONE_SM_START               },
+  {"TS_MILESTONE_SM_FINISH",               TS_MILESTONE_SM_FINISH              },
+  {"TS_MILESTONE_PLUGIN_ACTIVE",           TS_MILESTONE_PLUGIN_ACTIVE          },
+  {"TS_MILESTONE_PLUGIN_TOTAL",            TS_MILESTONE_PLUGIN_TOTAL           },
+  {"TS_MILESTONE_TLS_HANDSHAKE_START",     TS_MILESTONE_TLS_HANDSHAKE_START    },
+  {"TS_MILESTONE_TLS_HANDSHAKE_END",       TS_MILESTONE_TLS_HANDSHAKE_END      },
 };
 
 void
@@ -822,7 +822,7 @@ LogFieldList::marshal(LogAccess *lad, char *buf)
   char *ptr;
   int bytes = 0;
   for (LogField *f = first(); f; f = next(f)) {
-    ptr = &buf[bytes];
+    ptr   = &buf[bytes];
     bytes += f->marshal(lad, ptr);
     ink_assert(bytes % INK_MIN_ALIGN == 0);
   }
@@ -835,7 +835,7 @@ LogFieldList::marshal_agg(char *buf)
   char *ptr;
   int bytes = 0;
   for (LogField *f = first(); f; f = next(f)) {
-    ptr = &buf[bytes];
+    ptr   = &buf[bytes];
     bytes += f->marshal_agg(ptr);
   }
   return bytes;
diff --git a/proxy/logging/LogField.h b/proxy/logging/LogField.h
index 173a14064ce..9472b0fdc44 100644
--- a/proxy/logging/LogField.h
+++ b/proxy/logging/LogField.h
@@ -267,7 +267,7 @@ class LogFieldList
 
   // noncopyable
   // -- member functions that are not allowed --
-  LogFieldList(const LogFieldList &rhs) = delete;
+  LogFieldList(const LogFieldList &rhs)            = delete;
   LogFieldList &operator=(const LogFieldList &rhs) = delete;
 
 private:
diff --git a/proxy/logging/LogFile.cc b/proxy/logging/LogFile.cc
index 1f73033f9f7..886d4447b84 100644
--- a/proxy/logging/LogFile.cc
+++ b/proxy/logging/LogFile.cc
@@ -541,7 +541,7 @@ LogFile::write_ascii_logbuffer(LogBufferHeader *buffer_header, int fd, const cha
       fmt_buf_bytes += fmt_line_bytes;
       ink_assert(fmt_buf_bytes < LOG_MAX_FORMATTED_BUFFER);
       fmt_buf[fmt_buf_bytes] = '\n'; // keep entries separate
-      fmt_buf_bytes += 1;
+      fmt_buf_bytes          += 1;
     }
   }
   if (fmt_buf_bytes > 0) {
@@ -610,7 +610,7 @@ LogFile::write_ascii_logbuffer3(LogBufferHeader *buffer_header, const char *alt_
                                       printf_str, buffer_header->version, alt_format, get_escape_type());
 
       if (bytes > 0) {
-        fmt_buf_bytes += bytes;
+        fmt_buf_bytes               += bytes;
         ascii_buffer[fmt_buf_bytes] = '\n';
         ++fmt_buf_bytes;
         ++fmt_entry_count;
diff --git a/proxy/logging/LogFilter.cc b/proxy/logging/LogFilter.cc
index a16d2d60910..b54fd2959cb 100644
--- a/proxy/logging/LogFilter.cc
+++ b/proxy/logging/LogFilter.cc
@@ -92,7 +92,7 @@ LogFilter::parse(const char *name, Action action, const char *condition)
     while (*end && *end != '>') {
       end++;
     }
-    *end = '\0';
+    *end      = '\0';
     field_str += 2;
     Debug("log", "... now field symbol is %s", field_str);
   }
diff --git a/proxy/logging/LogFilter.h b/proxy/logging/LogFilter.h
index 749c044e5ac..5f09bc066e6 100644
--- a/proxy/logging/LogFilter.h
+++ b/proxy/logging/LogFilter.h
@@ -110,7 +110,7 @@ class LogFilter : public RefCountObj
   LINK(LogFilter, link); // so we can create a LogFilterList
 
   // noncopyable
-  LogFilter(const LogFilter &rhs) = delete;
+  LogFilter(const LogFilter &rhs)      = delete;
   LogFilter &operator=(LogFilter &rhs) = delete;
 
 private:
@@ -295,7 +295,7 @@ class LogFilterList
 
   // noncopyable
   // -- member functions that are not allowed --
-  LogFilterList(const LogFilterList &rhs) = delete;
+  LogFilterList(const LogFilterList &rhs)            = delete;
   LogFilterList &operator=(const LogFilterList &rhs) = delete;
 
 private:
@@ -422,12 +422,12 @@ updatePatternForFieldValue(char **field, const char *pattern_str, int field_pos,
   char buf_dest_to_field[buf_dest_len + 1];
   char *temp_text = buf_dest_to_field;
   memcpy(temp_text, buf_dest, (pattern_str - buf_dest));
-  temp_text += (pattern_str - buf_dest);
+  temp_text             += (pattern_str - buf_dest);
   const char *value_str = strchr(pattern_str, '=');
   if (value_str) {
     value_str++;
     memcpy(temp_text, pattern_str, (value_str - pattern_str));
-    temp_text += (value_str - pattern_str);
+    temp_text                  += (value_str - pattern_str);
     const char *next_param_str = strchr(value_str, '&');
     if (next_param_str) {
       for (int i = 0; i < (next_param_str - value_str); i++) {
diff --git a/proxy/logging/LogFormat.cc b/proxy/logging/LogFormat.cc
index 4d6263053ba..b79ffc00209 100644
--- a/proxy/logging/LogFormat.cc
+++ b/proxy/logging/LogFormat.cc
@@ -679,7 +679,7 @@ LogFormat::parse_format_string(const char *format_str, char **printf_str, char *
         //
         field_len = stop - start - 2;
         memcpy(&(*fields_str)[fields_pos], &format_str[start + 2], field_len);
-        fields_pos += field_len;
+        fields_pos                  += field_len;
         (*printf_str)[printf_pos++] = LOG_FIELD_MARKER;
         ++field_count;
         start = stop;
@@ -691,10 +691,10 @@ LogFormat::parse_format_string(const char *format_str, char **printf_str, char *
         escape_char = parse_escape_string(&format_str[start], (len - start));
 
         if (escape_char == '\\') {
-          start += 1;
+          start                       += 1;
           (*printf_str)[printf_pos++] = static_cast(escape_char);
         } else if (escape_char >= 0) {
-          start += 3;
+          start                       += 3;
           (*printf_str)[printf_pos++] = static_cast(escape_char);
         } else {
           memcpy(&(*printf_str)[printf_pos], &format_str[start], stop - start + 1);
@@ -709,10 +709,10 @@ LogFormat::parse_format_string(const char *format_str, char **printf_str, char *
       escape_char = parse_escape_string(&format_str[start], (len - start));
 
       if (escape_char == '\\') {
-        start += 1;
+        start                       += 1;
         (*printf_str)[printf_pos++] = static_cast(escape_char);
       } else if (escape_char >= 0) {
-        start += 3;
+        start                       += 3;
         (*printf_str)[printf_pos++] = static_cast(escape_char);
       } else {
         (*printf_str)[printf_pos++] = format_str[start];
diff --git a/proxy/logging/LogFormat.h b/proxy/logging/LogFormat.h
index 8d6cfca1b62..602853eb69f 100644
--- a/proxy/logging/LogFormat.h
+++ b/proxy/logging/LogFormat.h
@@ -215,7 +215,7 @@ class LogFormatList
 
   // noncopyable
   // -- member functions that are not allowed --
-  LogFormatList(const LogFormatList &rhs) = delete;
+  LogFormatList(const LogFormatList &rhs)            = delete;
   LogFormatList &operator=(const LogFormatList &rhs) = delete;
 
 private:
diff --git a/proxy/logging/LogObject.h b/proxy/logging/LogObject.h
index 6527f9c3fdb..392ca547e84 100644
--- a/proxy/logging/LogObject.h
+++ b/proxy/logging/LogObject.h
@@ -45,9 +45,9 @@
   consist of a list of LogObjects.
   -------------------------------------------------------------------------*/
 
-#define LOG_FILE_ASCII_OBJECT_FILENAME_EXTENSION ".log"
+#define LOG_FILE_ASCII_OBJECT_FILENAME_EXTENSION  ".log"
 #define LOG_FILE_BINARY_OBJECT_FILENAME_EXTENSION ".blog"
-#define LOG_FILE_PIPE_OBJECT_FILENAME_EXTENSION ".pipe"
+#define LOG_FILE_PIPE_OBJECT_FILENAME_EXTENSION   ".pipe"
 
 #define FLUSH_ARRAY_SIZE (512 * 4)
 
@@ -288,7 +288,7 @@ class LogObject : public RefCountObj
   LogBuffer *_checkout_write(size_t *write_offset, size_t write_size);
 
   // noncopyable
-  LogObject(const LogObject &) = delete;
+  LogObject(const LogObject &)            = delete;
   LogObject &operator=(const LogObject &) = delete;
 
 private:
diff --git a/proxy/logging/YamlLogConfig.cc b/proxy/logging/YamlLogConfig.cc
index f7e48c34791..25e70fd7202 100644
--- a/proxy/logging/YamlLogConfig.cc
+++ b/proxy/logging/YamlLogConfig.cc
@@ -105,9 +105,12 @@ YamlLogConfig::loadLogConfig(const char *cfgFilename)
   return true;
 }
 
-TsEnumDescriptor ROLLING_MODE_TEXT = {{{"none", 0}, {"time", 1}, {"size", 2}, {"both", 3}, {"any", 4}}};
-TsEnumDescriptor ROLLING_MODE_LUA  = {
-  {{"log.roll.none", 0}, {"log.roll.time", 1}, {"log.roll.size", 2}, {"log.roll.both", 3}, {"log.roll.any", 4}}};
+TsEnumDescriptor ROLLING_MODE_TEXT = {
+  {{"none", 0}, {"time", 1}, {"size", 2}, {"both", 3}, {"any", 4}}
+};
+TsEnumDescriptor ROLLING_MODE_LUA = {
+  {{"log.roll.none", 0}, {"log.roll.time", 1}, {"log.roll.size", 2}, {"log.roll.both", 3}, {"log.roll.any", 4}}
+};
 
 std::set valid_log_object_keys = {"filename",
                                                "format",
@@ -165,8 +168,8 @@ YamlLogConfig::decodeLogObject(const YAML::Node &node)
   if (node["mode"]) {
     std::string mode = node["mode"].as();
     file_type        = (0 == strncasecmp(mode.c_str(), "bin", 3) || (1 == mode.size() && mode[0] == 'b') ?
-                   LOG_FILE_BINARY :
-                   (0 == strcasecmp(mode.c_str(), "ascii_pipe") ? LOG_FILE_PIPE : LOG_FILE_ASCII));
+                          LOG_FILE_BINARY :
+                          (0 == strcasecmp(mode.c_str(), "ascii_pipe") ? LOG_FILE_PIPE : LOG_FILE_ASCII));
   }
 
   int obj_rolling_enabled      = cfg->rolling_enabled;
diff --git a/proxy/logging/YamlLogConfig.h b/proxy/logging/YamlLogConfig.h
index 323b406b677..83b6d35b8a1 100644
--- a/proxy/logging/YamlLogConfig.h
+++ b/proxy/logging/YamlLogConfig.h
@@ -39,7 +39,7 @@ class YamlLogConfig
 
   LogObject *decodeLogObject(const YAML::Node &node);
 
-  YamlLogConfig(const YamlLogConfig &) = delete;
+  YamlLogConfig(const YamlLogConfig &)            = delete;
   YamlLogConfig &operator=(const YamlLogConfig &) = delete;
 
   LogConfig *cfg;
diff --git a/proxy/logging/unit-tests/test_LogUtils.cc b/proxy/logging/unit-tests/test_LogUtils.cc
index a38be6d1b2d..1edc69682dd 100644
--- a/proxy/logging/unit-tests/test_LogUtils.cc
+++ b/proxy/logging/unit-tests/test_LogUtils.cc
@@ -83,7 +83,7 @@ test(const MIMEField *pairs, int numPairs, const char *asciiResult, int extraUnm
 
 TEST_CASE("LogUtilsHttp", "[LUHP]")
 {
-#define X "12345678"
+#define X  "12345678"
 #define X2 X X
 #define X3 X2 X2
 #define X4 X3 X3
@@ -92,7 +92,11 @@ TEST_CASE("LogUtilsHttp", "[LUHP]")
 #define X7 X6 X6
 #define X8 X7 X7
 
-  const MIMEField pairs[] = {{"Argh", "Ugh"}, {"Argh2", "UghUgh"}, {"alltogethernow", X8}};
+  const MIMEField pairs[] = {
+    {"Argh",           "Ugh"   },
+    {"Argh2",          "UghUgh"},
+    {"alltogethernow", X8      }
+  };
 
   test(pairs, 1, "{{{Argh}:{Ugh}}}");
   test(pairs, 2, "{{{Argh}:{Ugh}}{{Argh2}:{UghUgh}}}");
diff --git a/proxy/shared/DiagsConfig.cc b/proxy/shared/DiagsConfig.cc
index 3e505020d42..f8d1f9f5f51 100644
--- a/proxy/shared/DiagsConfig.cc
+++ b/proxy/shared/DiagsConfig.cc
@@ -50,11 +50,16 @@ DiagsConfig::reconfigure_diags()
     const char *config_name;
     DiagsLevel level;
   } output_records[] = {
-    {"proxy.config.diags.output.diag", DL_Diag},           {"proxy.config.diags.output.debug", DL_Debug},
-    {"proxy.config.diags.output.status", DL_Status},       {"proxy.config.diags.output.note", DL_Note},
-    {"proxy.config.diags.output.warning", DL_Warning},     {"proxy.config.diags.output.error", DL_Error},
-    {"proxy.config.diags.output.fatal", DL_Fatal},         {"proxy.config.diags.output.alert", DL_Alert},
-    {"proxy.config.diags.output.emergency", DL_Emergency}, {nullptr, DL_Undefined},
+    {"proxy.config.diags.output.diag",      DL_Diag     },
+    {"proxy.config.diags.output.debug",     DL_Debug    },
+    {"proxy.config.diags.output.status",    DL_Status   },
+    {"proxy.config.diags.output.note",      DL_Note     },
+    {"proxy.config.diags.output.warning",   DL_Warning  },
+    {"proxy.config.diags.output.error",     DL_Error    },
+    {"proxy.config.diags.output.fatal",     DL_Fatal    },
+    {"proxy.config.diags.output.alert",     DL_Alert    },
+    {"proxy.config.diags.output.emergency", DL_Emergency},
+    {nullptr,                               DL_Undefined},
   };
 
   if (!callbacks_established) {
diff --git a/src/records/RecFile.cc b/src/records/RecFile.cc
index cbd5e9bd53d..b19ecd4140c 100644
--- a/src/records/RecFile.cc
+++ b/src/records/RecFile.cc
@@ -112,7 +112,9 @@ int
 RecSnapFileWrite(RecHandle h_file, char *buf, int size, int *bytes_written)
 {
   // First write the version byes for snap file
-  std::array VERSION_HDR{{'V', PACKAGE_VERSION[0], PACKAGE_VERSION[2], PACKAGE_VERSION[4], '\0'}};
+  std::array VERSION_HDR{
+    {'V', PACKAGE_VERSION[0], PACKAGE_VERSION[2], PACKAGE_VERSION[4], '\0'}
+  };
   if (::write(h_file, VERSION_HDR.data(), VERSION_HDR_SIZE) < 0) {
     return REC_ERR_FAIL;
   }
diff --git a/src/records/RecHttp.cc b/src/records/RecHttp.cc
index a2e7cb58001..524d376b790 100644
--- a/src/records/RecHttp.cc
+++ b/src/records/RecHttp.cc
@@ -551,7 +551,7 @@ HttpProxyPort::print(char *out, size_t n)
   bool need_colon_p = false;
 
   if (m_inbound_ip.isValid()) {
-    zret += snprintf(out + zret, n - zret, "%s=[%s]", OPT_INBOUND_IP_PREFIX, m_inbound_ip.toString(ipb, sizeof(ipb)));
+    zret         += snprintf(out + zret, n - zret, "%s=[%s]", OPT_INBOUND_IP_PREFIX, m_inbound_ip.toString(ipb, sizeof(ipb)));
     need_colon_p = true;
   }
   if (zret >= n) {
@@ -562,7 +562,7 @@ HttpProxyPort::print(char *out, size_t n)
     if (need_colon_p) {
       out[zret++] = ':';
     }
-    zret += snprintf(out + zret, n - zret, "%s=[%s]", OPT_OUTBOUND_IP_PREFIX, m_outbound_ip4.toString(ipb, sizeof(ipb)));
+    zret         += snprintf(out + zret, n - zret, "%s=[%s]", OPT_OUTBOUND_IP_PREFIX, m_outbound_ip4.toString(ipb, sizeof(ipb)));
     need_colon_p = true;
   }
   if (zret >= n) {
@@ -573,7 +573,7 @@ HttpProxyPort::print(char *out, size_t n)
     if (need_colon_p) {
       out[zret++] = ':';
     }
-    zret += snprintf(out + zret, n - zret, "%s=[%s]", OPT_OUTBOUND_IP_PREFIX, m_outbound_ip6.toString(ipb, sizeof(ipb)));
+    zret         += snprintf(out + zret, n - zret, "%s=[%s]", OPT_OUTBOUND_IP_PREFIX, m_outbound_ip6.toString(ipb, sizeof(ipb)));
     need_colon_p = true;
   }
   if (zret >= n) {
@@ -584,7 +584,7 @@ HttpProxyPort::print(char *out, size_t n)
     if (need_colon_p) {
       out[zret++] = ':';
     }
-    zret += snprintf(out + zret, n - zret, "%d", m_port);
+    zret         += snprintf(out + zret, n - zret, "%d", m_port);
     need_colon_p = true;
   }
   if (zret >= n) {
@@ -692,7 +692,7 @@ HttpProxyPort::print(char *out, size_t n)
     for (int k = 0; k < SessionProtocolSet::MAX; ++k) {
       if (sp_set.contains(k)) {
         auto name{globalSessionProtocolNameRegistry.nameFor(k)};
-        zret += snprintf(out + zret, n - zret, "%s%.*s", sep_p ? ";" : "", static_cast(name.size()), name.data());
+        zret  += snprintf(out + zret, n - zret, "%s%.*s", sep_p ? ";" : "", static_cast(name.size()), name.data());
         sep_p = true;
       }
     }
@@ -886,21 +886,15 @@ convert_alpn_to_wire_format(std::string_view protocols_sv, unsigned char *wire_f
       Error("Unknown protocol name in configured ALPN list: \"%.*s\"", static_cast(protocol.size()), protocol.data());
       return false;
     }
-    // We currently only support HTTP/1.x protocols toward the origin.
-    if (!HTTP_PROTOCOL_SET.contains(protocol_index)) {
-      Error("Unsupported non-HTTP/1.x protocol name in configured ALPN list: \"%.*s\"", static_cast(protocol.size()),
-            protocol.data());
-      return false;
-    }
-    // But not HTTP/0.9.
-    if (protocol_index == TS_ALPN_PROTOCOL_INDEX_HTTP_0_9) {
-      Error("Unsupported \"http/0.9\" protocol name in configured ALPN list: \"%.*s\"", static_cast(protocol.size()),
-            protocol.data());
+    // Make sure the protocol is one of our supported protocols.
+    if (protocol_index == TS_ALPN_PROTOCOL_INDEX_HTTP_0_9 ||
+        (!HTTP_PROTOCOL_SET.contains(protocol_index) && !HTTP2_PROTOCOL_SET.contains(protocol_index))) {
+      Error("Unsupported protocol name in configured ALPN list: %.*s", static_cast(protocol.size()), protocol.data());
       return false;
     }
 
     auto const protocol_wire_format = globalSessionProtocolNameRegistry.convert_openssl_alpn_wire_format(protocol_index);
-    computed_alpn_array_len += protocol_wire_format.size();
+    computed_alpn_array_len         += protocol_wire_format.size();
     if (computed_alpn_array_len > orig_wire_format_buffer_len) {
       // We have exceeded the size of the output buffer.
       Error("The output ALPN length (%d bytes) is larger than the output buffer size of %d bytes", computed_alpn_array_len,
diff --git a/src/records/RecMessage.cc b/src/records/RecMessage.cc
index 2c4ec43e699..2f9d80eb3c9 100644
--- a/src/records/RecMessage.cc
+++ b/src/records/RecMessage.cc
@@ -90,16 +90,16 @@ RecMessageMarshal_Realloc(RecMessage *msg, const RecRecord *record)
   if (record->data_type == RECD_STRING) {
     if (record->data.rec_string) {
       rec_data_str_len = strlen(record->data.rec_string) + 1;
-      msg_ele_size += rec_data_str_len;
+      msg_ele_size     += rec_data_str_len;
     }
     if (record->data_default.rec_string) {
       rec_data_def_str_len = strlen(record->data_default.rec_string) + 1;
-      msg_ele_size += rec_data_def_str_len;
+      msg_ele_size         += rec_data_def_str_len;
     }
   }
   if (REC_TYPE_IS_CONFIG(record->rec_type) && (record->config_meta.check_expr)) {
     rec_cfg_chk_len = strlen(record->config_meta.check_expr) + 1;
-    msg_ele_size += rec_cfg_chk_len;
+    msg_ele_size    += rec_cfg_chk_len;
   }
   // XXX: this is NOT 8 byte alignment
   // msg_ele_size = 5;
@@ -131,19 +131,19 @@ RecMessageMarshal_Realloc(RecMessage *msg, const RecRecord *record)
     ink_assert((msg->o_end - ((uintptr_t)p - (uintptr_t)msg)) >= (uintptr_t)rec_name_len);
     memcpy(p, record->name, rec_name_len);
     r->name = (char *)((uintptr_t)p - (uintptr_t)r);
-    p += rec_name_len;
+    p       += rec_name_len;
   }
   if (rec_data_str_len != -1) {
     ink_assert((msg->o_end - ((uintptr_t)p - (uintptr_t)msg)) >= (uintptr_t)rec_data_str_len);
     memcpy(p, record->data.rec_string, rec_data_str_len);
     r->data.rec_string = (char *)((uintptr_t)p - (uintptr_t)r);
-    p += rec_data_str_len;
+    p                  += rec_data_str_len;
   }
   if (rec_data_def_str_len != -1) {
     ink_assert((msg->o_end - ((uintptr_t)p - (uintptr_t)msg)) >= (uintptr_t)rec_data_def_str_len);
     memcpy(p, record->data_default.rec_string, rec_data_def_str_len);
     r->data_default.rec_string = (char *)((uintptr_t)p - (uintptr_t)r);
-    p += rec_data_def_str_len;
+    p                          += rec_data_def_str_len;
   }
   if (rec_cfg_chk_len != -1) {
     ink_assert((msg->o_end - ((uintptr_t)p - (uintptr_t)msg)) >= (uintptr_t)rec_cfg_chk_len);
@@ -190,8 +190,8 @@ RecMessageUnmarshalNext(RecMessage *msg, RecMessageItr *itr, RecRecord **record)
       return REC_ERR_FAIL;
     }
     itr->ele_hdr = reinterpret_cast(reinterpret_cast(msg) + itr->ele_hdr->o_next);
-    itr->next += 1;
-    eh = itr->ele_hdr;
+    itr->next    += 1;
+    eh           = itr->ele_hdr;
   }
 
   ink_assert(eh->magic == REC_MESSAGE_ELE_MAGIC);
diff --git a/src/records/RecRawStats.cc b/src/records/RecRawStats.cc
index 622c1d5013d..1760a0a746b 100644
--- a/src/records/RecRawStats.cc
+++ b/src/records/RecRawStats.cc
@@ -52,14 +52,14 @@ raw_stat_get_total(RecRawStatBlock *rsb, int id, RecRawStat *total)
   // get thread local values
   for (EThread *et : eventProcessor.active_ethreads()) {
     RecRawStat *tlp = thread_stat(et, rsb, id);
-    total->sum += tlp->sum;
-    total->count += tlp->count;
+    total->sum      += tlp->sum;
+    total->count    += tlp->count;
   }
 
   for (EThread *et : eventProcessor.active_dthreads()) {
     RecRawStat *tlp = thread_stat(et, rsb, id);
-    total->sum += tlp->sum;
-    total->count += tlp->count;
+    total->sum      += tlp->sum;
+    total->count    += tlp->count;
   }
 
   if (total->sum < 0) { // Assure that we stay positive
@@ -83,14 +83,14 @@ raw_stat_sync_to_global(RecRawStatBlock *rsb, int id)
   // sum the thread local values
   for (EThread *et : eventProcessor.active_ethreads()) {
     RecRawStat *tlp = thread_stat(et, rsb, id);
-    total.sum += tlp->sum;
-    total.count += tlp->count;
+    total.sum       += tlp->sum;
+    total.count     += tlp->count;
   }
 
   for (EThread *et : eventProcessor.active_dthreads()) {
     RecRawStat *tlp = thread_stat(et, rsb, id);
-    total.sum += tlp->sum;
-    total.count += tlp->count;
+    total.sum       += tlp->sum;
+    total.count     += tlp->count;
   }
 
   if (total.sum < 0) { // Assure that we stay positive
diff --git a/src/records/unit_tests/test_RecHttp.cc b/src/records/unit_tests/test_RecHttp.cc
index 6dcf4f0e0f5..ce4158b8952 100644
--- a/src/records/unit_tests/test_RecHttp.cc
+++ b/src/records/unit_tests/test_RecHttp.cc
@@ -165,13 +165,6 @@ std::vector convertAlpnToWireFormatTestCases =
     0,
     false
   },
-  {
-    "Single protocol: HTTP/2 (currently unsupported)",
-    "h2",
-    { 0 },
-    0,
-    false
-  },
   {
     "Single protocol: HTTP/3 (currently unsupported)",
     "h3",
@@ -179,13 +172,6 @@ std::vector convertAlpnToWireFormatTestCases =
     0,
     false
   },
-  {
-    "Both HTTP/1.1 and HTTP/2 (HTTP/2 is currently unsupported)",
-    "h2,http/1.1",
-    { 0 },
-    0,
-    false
-  },
   // --------------------------------------------------------------------------
   // Happy cases.
   // --------------------------------------------------------------------------
@@ -197,7 +183,14 @@ std::vector convertAlpnToWireFormatTestCases =
     true
   },
   {
-    "Multiple protocols: HTTP/1.0, HTTP/1.1",
+    "Single protocol: HTTP/2",
+    "h2",
+    {0x02, 'h', '2'},
+    3,
+    true
+  },
+  {
+    "Multiple protocols: HTTP/1.1, HTTP/1.0",
     "http/1.1,http/1.0",
     {0x08, 'h', 't', 't', 'p', '/', '1', '.', '1', 0x08, 'h', 't', 't', 'p', '/', '1', '.', '0'},
     18,
@@ -210,6 +203,13 @@ std::vector convertAlpnToWireFormatTestCases =
     18,
     true
   },
+  {
+    "Both HTTP/2 and HTTP/1.1",
+    "h2,http/1.1",
+    {0x02, 'h', '2', 0x08, 'h', 't', 't', 'p', '/', '1', '.', '1'},
+    12,
+    true
+  },
 };
 // clang-format on
 
diff --git a/src/shared/overridable_txn_vars.cc b/src/shared/overridable_txn_vars.cc
index 9a89064ee36..855c34a8d11 100644
--- a/src/shared/overridable_txn_vars.cc
+++ b/src/shared/overridable_txn_vars.cc
@@ -24,150 +24,150 @@
 #include "shared/overridable_txn_vars.h"
 
 const std::unordered_map>
-  ts::Overridable_Txn_Vars(
-    {{"proxy.config.srv_enabled", {TS_CONFIG_SRV_ENABLED, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.http", {TS_CONFIG_HTTP_CACHE_HTTP, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.ssl.hsts_max_age", {TS_CONFIG_SSL_HSTS_MAX_AGE, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.normalize_ae", {TS_CONFIG_HTTP_NORMALIZE_AE, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.chunking.size", {TS_CONFIG_HTTP_CHUNKING_SIZE, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.ssl.client.cert.path", {TS_CONFIG_SSL_CERT_FILEPATH, TS_RECORDDATATYPE_STRING}},
-     {"proxy.config.http.allow_half_open", {TS_CONFIG_HTTP_ALLOW_HALF_OPEN, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.chunking_enabled", {TS_CONFIG_HTTP_CHUNKING_ENABLED, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.generation", {TS_CONFIG_HTTP_CACHE_GENERATION, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.insert_client_ip", {TS_CONFIG_HTTP_ANONYMIZE_INSERT_CLIENT_IP, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.insert_forwarded", {TS_CONFIG_HTTP_INSERT_FORWARDED, TS_RECORDDATATYPE_STRING}},
-     {"proxy.config.http.cache.range.write", {TS_CONFIG_HTTP_CACHE_RANGE_WRITE, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.allow_multi_range", {TS_CONFIG_HTTP_ALLOW_MULTI_RANGE, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.range.lookup", {TS_CONFIG_HTTP_CACHE_RANGE_LOOKUP, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.net.sock_packet_tos_out", {TS_CONFIG_NET_SOCK_PACKET_TOS_OUT, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.slow.log.threshold", {TS_CONFIG_HTTP_SLOW_LOG_THRESHOLD, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.max_stale_age", {TS_CONFIG_HTTP_CACHE_MAX_STALE_AGE, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.default_buffer_size", {TS_CONFIG_HTTP_DEFAULT_BUFFER_SIZE, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.response_server_str", {TS_CONFIG_HTTP_RESPONSE_SERVER_STR, TS_RECORDDATATYPE_STRING}},
-     {"proxy.config.http.keep_alive_post_out", {TS_CONFIG_HTTP_KEEP_ALIVE_POST_OUT, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.net.sock_option_flag_out", {TS_CONFIG_NET_SOCK_OPTION_FLAG_OUT, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.net.sock_packet_mark_out", {TS_CONFIG_NET_SOCK_PACKET_MARK_OUT, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.websocket.active_timeout", {TS_CONFIG_WEBSOCKET_ACTIVE_TIMEOUT, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.connect.dead.policy", {TS_CONFIG_HTTP_CONNECT_DEAD_POLICY, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.flow_control.enabled", {TS_CONFIG_HTTP_FLOW_CONTROL_ENABLED, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.send_http11_requests", {TS_CONFIG_HTTP_SEND_HTTP11_REQUESTS, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.body_factory.template_base", {TS_CONFIG_BODY_FACTORY_TEMPLATE_BASE, TS_RECORDDATATYPE_STRING}},
-     {"proxy.config.http.anonymize_remove_from", {TS_CONFIG_HTTP_ANONYMIZE_REMOVE_FROM, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.keep_alive_enabled_in", {TS_CONFIG_HTTP_KEEP_ALIVE_ENABLED_IN, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.doc_in_cache_skip_dns", {TS_CONFIG_HTTP_DOC_IN_CACHE_SKIP_DNS, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.forward_connect_method", {TS_CONFIG_HTTP_FORWARD_CONNECT_METHOD, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.request_buffer_enabled", {TS_CONFIG_HTTP_REQUEST_BUFFER_ENABLED, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.down_server.cache_time", {TS_CONFIG_HTTP_DOWN_SERVER_CACHE_TIME, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.proxy_protocol_out", {TS_CONFIG_HTTP_PROXY_PROTOCOL_OUT, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.insert_age_in_response", {TS_CONFIG_HTTP_INSERT_AGE_IN_RESPONSE, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.url_remap.pristine_host_hdr", {TS_CONFIG_URL_REMAP_PRISTINE_HOST_HDR, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.insert_request_via_str", {TS_CONFIG_HTTP_INSERT_REQUEST_VIA_STR, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.flow_control.low_water", {TS_CONFIG_HTTP_FLOW_CONTROL_LOW_WATER_MARK, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.required_headers", {TS_CONFIG_HTTP_CACHE_REQUIRED_HEADERS, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.ssl.hsts_include_subdomains", {TS_CONFIG_SSL_HSTS_INCLUDE_SUBDOMAINS, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.number_of_redirections", {TS_CONFIG_HTTP_NUMBER_OF_REDIRECTIONS, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.keep_alive_enabled_out", {TS_CONFIG_HTTP_KEEP_ALIVE_ENABLED_OUT, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.response_server_enabled", {TS_CONFIG_HTTP_RESPONSE_SERVER_ENABLED, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.anonymize_remove_cookie", {TS_CONFIG_HTTP_ANONYMIZE_REMOVE_COOKIE, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.request_header_max_size", {TS_CONFIG_HTTP_REQUEST_HEADER_MAX_SIZE, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.parent_proxy.retry_time", {TS_CONFIG_HTTP_PARENT_PROXY_RETRY_TIME, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.insert_response_via_str", {TS_CONFIG_HTTP_INSERT_RESPONSE_VIA_STR, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.flow_control.high_water", {TS_CONFIG_HTTP_FLOW_CONTROL_HIGH_WATER_MARK, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.negative_caching_enabled", {TS_CONFIG_HTTP_NEGATIVE_CACHING_ENABLED, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.when_to_revalidate", {TS_CONFIG_HTTP_CACHE_WHEN_TO_REVALIDATE, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.response_header_max_size", {TS_CONFIG_HTTP_RESPONSE_HEADER_MAX_SIZE, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.anonymize_remove_referer", {TS_CONFIG_HTTP_ANONYMIZE_REMOVE_REFERER, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.global_user_agent_header", {TS_CONFIG_HTTP_GLOBAL_USER_AGENT_HEADER, TS_RECORDDATATYPE_STRING}},
-     {"proxy.config.net.sock_recv_buffer_size_out", {TS_CONFIG_NET_SOCK_RECV_BUFFER_SIZE_OUT, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.net.sock_send_buffer_size_out", {TS_CONFIG_NET_SOCK_SEND_BUFFER_SIZE_OUT, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.connect_attempts_timeout", {TS_CONFIG_HTTP_CONNECT_ATTEMPTS_TIMEOUT, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.websocket.no_activity_timeout", {TS_CONFIG_WEBSOCKET_NO_ACTIVITY_TIMEOUT, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.negative_caching_lifetime", {TS_CONFIG_HTTP_NEGATIVE_CACHING_LIFETIME, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.default_buffer_water_mark", {TS_CONFIG_HTTP_DEFAULT_BUFFER_WATER_MARK, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.heuristic_lm_factor", {TS_CONFIG_HTTP_CACHE_HEURISTIC_LM_FACTOR, TS_RECORDDATATYPE_FLOAT}},
-     {OutboundConnTrack::CONFIG_VAR_MAX, {TS_CONFIG_HTTP_PER_SERVER_CONNECTION_MAX, TS_RECORDDATATYPE_INT}},
-     {OutboundConnTrack::CONFIG_VAR_MIN, {TS_CONFIG_HTTP_SERVER_MIN_KEEP_ALIVE_CONNS, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.anonymize_remove_client_ip", {TS_CONFIG_HTTP_ANONYMIZE_REMOVE_CLIENT_IP, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.open_read_retry_time", {TS_CONFIG_HTTP_CACHE_OPEN_READ_RETRY_TIME, TS_RECORDDATATYPE_INT}},
-     {OutboundConnTrack::CONFIG_VAR_MATCH, {TS_CONFIG_HTTP_PER_SERVER_CONNECTION_MATCH, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.parent_proxy.fail_threshold", {TS_CONFIG_HTTP_PARENT_PROXY_FAIL_THRESHOLD, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.ignore_authentication", {TS_CONFIG_HTTP_CACHE_IGNORE_AUTHENTICATION, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.anonymize_remove_user_agent", {TS_CONFIG_HTTP_ANONYMIZE_REMOVE_USER_AGENT, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.connect_attempts_rr_retries", {TS_CONFIG_HTTP_CONNECT_ATTEMPTS_RR_RETRIES, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.max_open_read_retries", {TS_CONFIG_HTTP_CACHE_MAX_OPEN_READ_RETRIES, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.auth_server_session_private", {TS_CONFIG_HTTP_AUTH_SERVER_SESSION_PRIVATE, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.redirect_use_orig_cache_key", {TS_CONFIG_HTTP_REDIRECT_USE_ORIG_CACHE_KEY, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.ignore_client_no_cache", {TS_CONFIG_HTTP_CACHE_IGNORE_CLIENT_NO_CACHE, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.ims_on_client_no_cache", {TS_CONFIG_HTTP_CACHE_IMS_ON_CLIENT_NO_CACHE, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.ignore_server_no_cache", {TS_CONFIG_HTTP_CACHE_IGNORE_SERVER_NO_CACHE, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.heuristic_min_lifetime", {TS_CONFIG_HTTP_CACHE_HEURISTIC_MIN_LIFETIME, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.heuristic_max_lifetime", {TS_CONFIG_HTTP_CACHE_HEURISTIC_MAX_LIFETIME, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.server_session_sharing.match", {TS_CONFIG_HTTP_SERVER_SESSION_SHARING_MATCH, TS_RECORDDATATYPE_STRING}},
-     {"proxy.config.http.cache.ignore_accept_mismatch", {TS_CONFIG_HTTP_CACHE_IGNORE_ACCEPT_MISMATCH, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.open_write_fail_action", {TS_CONFIG_HTTP_CACHE_OPEN_WRITE_FAIL_ACTION, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.insert_squid_x_forwarded_for", {TS_CONFIG_HTTP_INSERT_SQUID_X_FORWARDED_FOR, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.connect_attempts_max_retries", {TS_CONFIG_HTTP_CONNECT_ATTEMPTS_MAX_RETRIES, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.max_open_write_retries", {TS_CONFIG_HTTP_CACHE_MAX_OPEN_WRITE_RETRIES, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.max_open_write_retry_timeout",
-      {TS_CONFIG_HTTP_CACHE_MAX_OPEN_WRITE_RETRY_TIMEOUT, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.forward.proxy_auth_to_parent", {TS_CONFIG_HTTP_FORWARD_PROXY_AUTH_TO_PARENT, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.parent_proxy.mark_down_hostdb", {TS_CONFIG_PARENT_FAILURES_UPDATE_HOSTDB, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.negative_revalidating_enabled", {TS_CONFIG_HTTP_NEGATIVE_REVALIDATING_ENABLED, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.guaranteed_min_lifetime", {TS_CONFIG_HTTP_CACHE_GUARANTEED_MIN_LIFETIME, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.guaranteed_max_lifetime", {TS_CONFIG_HTTP_CACHE_GUARANTEED_MAX_LIFETIME, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.transaction_active_timeout_in", {TS_CONFIG_HTTP_TRANSACTION_ACTIVE_TIMEOUT_IN, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.ignore_client_cc_max_age", {TS_CONFIG_HTTP_CACHE_IGNORE_CLIENT_CC_MAX_AGE, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.negative_revalidating_lifetime", {TS_CONFIG_HTTP_NEGATIVE_REVALIDATING_LIFETIME, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.transaction_active_timeout_out", {TS_CONFIG_HTTP_TRANSACTION_ACTIVE_TIMEOUT_OUT, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.background_fill_active_timeout", {TS_CONFIG_HTTP_BACKGROUND_FILL_ACTIVE_TIMEOUT, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.attach_server_session_to_client", {TS_CONFIG_HTTP_ATTACH_SERVER_SESSION_TO_CLIENT, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.max_proxy_cycles", {TS_CONFIG_HTTP_MAX_PROXY_CYCLES, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.cache_responses_to_cookies",
-      {TS_CONFIG_HTTP_CACHE_CACHE_RESPONSES_TO_COOKIES, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.keep_alive_no_activity_timeout_in",
-      {TS_CONFIG_HTTP_KEEP_ALIVE_NO_ACTIVITY_TIMEOUT_IN, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.post.check.content_length.enabled",
-      {TS_CONFIG_HTTP_POST_CHECK_CONTENT_LENGTH_ENABLED, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.cache_urls_that_look_dynamic",
-      {TS_CONFIG_HTTP_CACHE_CACHE_URLS_THAT_LOOK_DYNAMIC, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.transaction_no_activity_timeout_in",
-      {TS_CONFIG_HTTP_TRANSACTION_NO_ACTIVITY_TIMEOUT_IN, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.keep_alive_no_activity_timeout_out",
-      {TS_CONFIG_HTTP_KEEP_ALIVE_NO_ACTIVITY_TIMEOUT_OUT, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.uncacheable_requests_bypass_parent",
-      {TS_CONFIG_HTTP_UNCACHEABLE_REQUESTS_BYPASS_PARENT, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.transaction_no_activity_timeout_out",
-      {TS_CONFIG_HTTP_TRANSACTION_NO_ACTIVITY_TIMEOUT_OUT, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.background_fill_completed_threshold",
-      {TS_CONFIG_HTTP_BACKGROUND_FILL_COMPLETED_THRESHOLD, TS_RECORDDATATYPE_FLOAT}},
-     {"proxy.config.http.parent_proxy.total_connect_attempts",
-      {TS_CONFIG_HTTP_PARENT_PROXY_TOTAL_CONNECT_ATTEMPTS, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.ignore_accept_charset_mismatch",
-      {TS_CONFIG_HTTP_CACHE_IGNORE_ACCEPT_CHARSET_MISMATCH, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.ignore_accept_language_mismatch",
-      {TS_CONFIG_HTTP_CACHE_IGNORE_ACCEPT_LANGUAGE_MISMATCH, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.cache.ignore_accept_encoding_mismatch",
-      {TS_CONFIG_HTTP_CACHE_IGNORE_ACCEPT_ENCODING_MISMATCH, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.connect_attempts_max_retries_dead_server",
-      {TS_CONFIG_HTTP_CONNECT_ATTEMPTS_MAX_RETRIES_DEAD_SERVER, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.parent_proxy.per_parent_connect_attempts",
-      {TS_CONFIG_HTTP_PER_PARENT_CONNECT_ATTEMPTS, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.ssl.client.verify.server.policy", {TS_CONFIG_SSL_CLIENT_VERIFY_SERVER_POLICY, TS_RECORDDATATYPE_STRING}},
-     {"proxy.config.ssl.client.verify.server.properties",
-      {TS_CONFIG_SSL_CLIENT_VERIFY_SERVER_PROPERTIES, TS_RECORDDATATYPE_STRING}},
-     {"proxy.config.ssl.client.sni_policy", {TS_CONFIG_SSL_CLIENT_SNI_POLICY, TS_RECORDDATATYPE_STRING}},
-     {"proxy.config.ssl.client.cert.filename", {TS_CONFIG_SSL_CLIENT_CERT_FILENAME, TS_RECORDDATATYPE_STRING}},
-     {"proxy.config.ssl.client.cert.path", {TS_CONFIG_SSL_CERT_FILEPATH, TS_RECORDDATATYPE_STRING}},
-     {"proxy.config.ssl.client.private_key.filename", {TS_CONFIG_SSL_CLIENT_PRIVATE_KEY_FILENAME, TS_RECORDDATATYPE_STRING}},
-     {"proxy.config.ssl.client.CA.cert.filename", {TS_CONFIG_SSL_CLIENT_CA_CERT_FILENAME, TS_RECORDDATATYPE_STRING}},
-     {"proxy.config.ssl.client.alpn_protocols", {TS_CONFIG_SSL_CLIENT_ALPN_PROTOCOLS, TS_RECORDDATATYPE_STRING}},
-     {"proxy.config.hostdb.ip_resolve", {TS_CONFIG_HTTP_HOST_RESOLUTION_PREFERENCE, TS_RECORDDATATYPE_STRING}},
-     {"proxy.config.plugin.vc.default_buffer_index", {TS_CONFIG_PLUGIN_VC_DEFAULT_BUFFER_INDEX, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.plugin.vc.default_buffer_water_mark", {TS_CONFIG_PLUGIN_VC_DEFAULT_BUFFER_WATER_MARK, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.net.sock_notsent_lowat", {TS_CONFIG_NET_SOCK_NOTSENT_LOWAT, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.body_factory.response_suppression_mode",
-      {TS_CONFIG_BODY_FACTORY_RESPONSE_SUPPRESSION_MODE, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.parent_proxy.enable_parent_timeout_markdowns",
-      {TS_CONFIG_HTTP_ENABLE_PARENT_TIMEOUT_MARKDOWNS, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.http.parent_proxy.disable_parent_markdowns", {TS_CONFIG_HTTP_DISABLE_PARENT_MARKDOWNS, TS_RECORDDATATYPE_INT}},
-     {"proxy.config.net.default_inactivity_timeout", {TS_CONFIG_NET_DEFAULT_INACTIVITY_TIMEOUT, TS_RECORDDATATYPE_INT}}});
+  ts::Overridable_Txn_Vars({
+    {"proxy.config.srv_enabled",                                       {TS_CONFIG_SRV_ENABLED, TS_RECORDDATATYPE_INT}                           },
+    {"proxy.config.http.cache.http",                                   {TS_CONFIG_HTTP_CACHE_HTTP, TS_RECORDDATATYPE_INT}                       },
+    {"proxy.config.ssl.hsts_max_age",                                  {TS_CONFIG_SSL_HSTS_MAX_AGE, TS_RECORDDATATYPE_INT}                      },
+    {"proxy.config.http.normalize_ae",                                 {TS_CONFIG_HTTP_NORMALIZE_AE, TS_RECORDDATATYPE_INT}                     },
+    {"proxy.config.http.chunking.size",                                {TS_CONFIG_HTTP_CHUNKING_SIZE, TS_RECORDDATATYPE_INT}                    },
+    {"proxy.config.ssl.client.cert.path",                              {TS_CONFIG_SSL_CERT_FILEPATH, TS_RECORDDATATYPE_STRING}                  },
+    {"proxy.config.http.allow_half_open",                              {TS_CONFIG_HTTP_ALLOW_HALF_OPEN, TS_RECORDDATATYPE_INT}                  },
+    {"proxy.config.http.chunking_enabled",                             {TS_CONFIG_HTTP_CHUNKING_ENABLED, TS_RECORDDATATYPE_INT}                 },
+    {"proxy.config.http.cache.generation",                             {TS_CONFIG_HTTP_CACHE_GENERATION, TS_RECORDDATATYPE_INT}                 },
+    {"proxy.config.http.insert_client_ip",                             {TS_CONFIG_HTTP_ANONYMIZE_INSERT_CLIENT_IP, TS_RECORDDATATYPE_INT}       },
+    {"proxy.config.http.insert_forwarded",                             {TS_CONFIG_HTTP_INSERT_FORWARDED, TS_RECORDDATATYPE_STRING}              },
+    {"proxy.config.http.cache.range.write",                            {TS_CONFIG_HTTP_CACHE_RANGE_WRITE, TS_RECORDDATATYPE_INT}                },
+    {"proxy.config.http.allow_multi_range",                            {TS_CONFIG_HTTP_ALLOW_MULTI_RANGE, TS_RECORDDATATYPE_INT}                },
+    {"proxy.config.http.cache.range.lookup",                           {TS_CONFIG_HTTP_CACHE_RANGE_LOOKUP, TS_RECORDDATATYPE_INT}               },
+    {"proxy.config.net.sock_packet_tos_out",                           {TS_CONFIG_NET_SOCK_PACKET_TOS_OUT, TS_RECORDDATATYPE_INT}               },
+    {"proxy.config.http.slow.log.threshold",                           {TS_CONFIG_HTTP_SLOW_LOG_THRESHOLD, TS_RECORDDATATYPE_INT}               },
+    {"proxy.config.http.cache.max_stale_age",                          {TS_CONFIG_HTTP_CACHE_MAX_STALE_AGE, TS_RECORDDATATYPE_INT}              },
+    {"proxy.config.http.default_buffer_size",                          {TS_CONFIG_HTTP_DEFAULT_BUFFER_SIZE, TS_RECORDDATATYPE_INT}              },
+    {"proxy.config.http.response_server_str",                          {TS_CONFIG_HTTP_RESPONSE_SERVER_STR, TS_RECORDDATATYPE_STRING}           },
+    {"proxy.config.http.keep_alive_post_out",                          {TS_CONFIG_HTTP_KEEP_ALIVE_POST_OUT, TS_RECORDDATATYPE_INT}              },
+    {"proxy.config.net.sock_option_flag_out",                          {TS_CONFIG_NET_SOCK_OPTION_FLAG_OUT, TS_RECORDDATATYPE_INT}              },
+    {"proxy.config.net.sock_packet_mark_out",                          {TS_CONFIG_NET_SOCK_PACKET_MARK_OUT, TS_RECORDDATATYPE_INT}              },
+    {"proxy.config.websocket.active_timeout",                          {TS_CONFIG_WEBSOCKET_ACTIVE_TIMEOUT, TS_RECORDDATATYPE_INT}              },
+    {"proxy.config.http.connect.dead.policy",                          {TS_CONFIG_HTTP_CONNECT_DEAD_POLICY, TS_RECORDDATATYPE_INT}              },
+    {"proxy.config.http.flow_control.enabled",                         {TS_CONFIG_HTTP_FLOW_CONTROL_ENABLED, TS_RECORDDATATYPE_INT}             },
+    {"proxy.config.http.send_http11_requests",                         {TS_CONFIG_HTTP_SEND_HTTP11_REQUESTS, TS_RECORDDATATYPE_INT}             },
+    {"proxy.config.body_factory.template_base",                        {TS_CONFIG_BODY_FACTORY_TEMPLATE_BASE, TS_RECORDDATATYPE_STRING}         },
+    {"proxy.config.http.anonymize_remove_from",                        {TS_CONFIG_HTTP_ANONYMIZE_REMOVE_FROM, TS_RECORDDATATYPE_INT}            },
+    {"proxy.config.http.keep_alive_enabled_in",                        {TS_CONFIG_HTTP_KEEP_ALIVE_ENABLED_IN, TS_RECORDDATATYPE_INT}            },
+    {"proxy.config.http.doc_in_cache_skip_dns",                        {TS_CONFIG_HTTP_DOC_IN_CACHE_SKIP_DNS, TS_RECORDDATATYPE_INT}            },
+    {"proxy.config.http.forward_connect_method",                       {TS_CONFIG_HTTP_FORWARD_CONNECT_METHOD, TS_RECORDDATATYPE_INT}           },
+    {"proxy.config.http.request_buffer_enabled",                       {TS_CONFIG_HTTP_REQUEST_BUFFER_ENABLED, TS_RECORDDATATYPE_INT}           },
+    {"proxy.config.http.down_server.cache_time",                       {TS_CONFIG_HTTP_DOWN_SERVER_CACHE_TIME, TS_RECORDDATATYPE_INT}           },
+    {"proxy.config.http.proxy_protocol_out",                           {TS_CONFIG_HTTP_PROXY_PROTOCOL_OUT, TS_RECORDDATATYPE_INT}               },
+    {"proxy.config.http.insert_age_in_response",                       {TS_CONFIG_HTTP_INSERT_AGE_IN_RESPONSE, TS_RECORDDATATYPE_INT}           },
+    {"proxy.config.url_remap.pristine_host_hdr",                       {TS_CONFIG_URL_REMAP_PRISTINE_HOST_HDR, TS_RECORDDATATYPE_INT}           },
+    {"proxy.config.http.insert_request_via_str",                       {TS_CONFIG_HTTP_INSERT_REQUEST_VIA_STR, TS_RECORDDATATYPE_INT}           },
+    {"proxy.config.http.flow_control.low_water",                       {TS_CONFIG_HTTP_FLOW_CONTROL_LOW_WATER_MARK, TS_RECORDDATATYPE_INT}      },
+    {"proxy.config.http.cache.required_headers",                       {TS_CONFIG_HTTP_CACHE_REQUIRED_HEADERS, TS_RECORDDATATYPE_INT}           },
+    {"proxy.config.ssl.hsts_include_subdomains",                       {TS_CONFIG_SSL_HSTS_INCLUDE_SUBDOMAINS, TS_RECORDDATATYPE_INT}           },
+    {"proxy.config.http.number_of_redirections",                       {TS_CONFIG_HTTP_NUMBER_OF_REDIRECTIONS, TS_RECORDDATATYPE_INT}           },
+    {"proxy.config.http.keep_alive_enabled_out",                       {TS_CONFIG_HTTP_KEEP_ALIVE_ENABLED_OUT, TS_RECORDDATATYPE_INT}           },
+    {"proxy.config.http.response_server_enabled",                      {TS_CONFIG_HTTP_RESPONSE_SERVER_ENABLED, TS_RECORDDATATYPE_INT}          },
+    {"proxy.config.http.anonymize_remove_cookie",                      {TS_CONFIG_HTTP_ANONYMIZE_REMOVE_COOKIE, TS_RECORDDATATYPE_INT}          },
+    {"proxy.config.http.request_header_max_size",                      {TS_CONFIG_HTTP_REQUEST_HEADER_MAX_SIZE, TS_RECORDDATATYPE_INT}          },
+    {"proxy.config.http.parent_proxy.retry_time",                      {TS_CONFIG_HTTP_PARENT_PROXY_RETRY_TIME, TS_RECORDDATATYPE_INT}          },
+    {"proxy.config.http.insert_response_via_str",                      {TS_CONFIG_HTTP_INSERT_RESPONSE_VIA_STR, TS_RECORDDATATYPE_INT}          },
+    {"proxy.config.http.flow_control.high_water",                      {TS_CONFIG_HTTP_FLOW_CONTROL_HIGH_WATER_MARK, TS_RECORDDATATYPE_INT}     },
+    {"proxy.config.http.negative_caching_enabled",                     {TS_CONFIG_HTTP_NEGATIVE_CACHING_ENABLED, TS_RECORDDATATYPE_INT}         },
+    {"proxy.config.http.cache.when_to_revalidate",                     {TS_CONFIG_HTTP_CACHE_WHEN_TO_REVALIDATE, TS_RECORDDATATYPE_INT}         },
+    {"proxy.config.http.response_header_max_size",                     {TS_CONFIG_HTTP_RESPONSE_HEADER_MAX_SIZE, TS_RECORDDATATYPE_INT}         },
+    {"proxy.config.http.anonymize_remove_referer",                     {TS_CONFIG_HTTP_ANONYMIZE_REMOVE_REFERER, TS_RECORDDATATYPE_INT}         },
+    {"proxy.config.http.global_user_agent_header",                     {TS_CONFIG_HTTP_GLOBAL_USER_AGENT_HEADER, TS_RECORDDATATYPE_STRING}      },
+    {"proxy.config.net.sock_recv_buffer_size_out",                     {TS_CONFIG_NET_SOCK_RECV_BUFFER_SIZE_OUT, TS_RECORDDATATYPE_INT}         },
+    {"proxy.config.net.sock_send_buffer_size_out",                     {TS_CONFIG_NET_SOCK_SEND_BUFFER_SIZE_OUT, TS_RECORDDATATYPE_INT}         },
+    {"proxy.config.http.connect_attempts_timeout",                     {TS_CONFIG_HTTP_CONNECT_ATTEMPTS_TIMEOUT, TS_RECORDDATATYPE_INT}         },
+    {"proxy.config.websocket.no_activity_timeout",                     {TS_CONFIG_WEBSOCKET_NO_ACTIVITY_TIMEOUT, TS_RECORDDATATYPE_INT}         },
+    {"proxy.config.http.negative_caching_lifetime",                    {TS_CONFIG_HTTP_NEGATIVE_CACHING_LIFETIME, TS_RECORDDATATYPE_INT}        },
+    {"proxy.config.http.default_buffer_water_mark",                    {TS_CONFIG_HTTP_DEFAULT_BUFFER_WATER_MARK, TS_RECORDDATATYPE_INT}        },
+    {"proxy.config.http.cache.heuristic_lm_factor",                    {TS_CONFIG_HTTP_CACHE_HEURISTIC_LM_FACTOR, TS_RECORDDATATYPE_FLOAT}      },
+    {OutboundConnTrack::CONFIG_VAR_MAX,                                {TS_CONFIG_HTTP_PER_SERVER_CONNECTION_MAX, TS_RECORDDATATYPE_INT}        },
+    {OutboundConnTrack::CONFIG_VAR_MIN,                                {TS_CONFIG_HTTP_SERVER_MIN_KEEP_ALIVE_CONNS, TS_RECORDDATATYPE_INT}      },
+    {"proxy.config.http.anonymize_remove_client_ip",                   {TS_CONFIG_HTTP_ANONYMIZE_REMOVE_CLIENT_IP, TS_RECORDDATATYPE_INT}       },
+    {"proxy.config.http.cache.open_read_retry_time",                   {TS_CONFIG_HTTP_CACHE_OPEN_READ_RETRY_TIME, TS_RECORDDATATYPE_INT}       },
+    {OutboundConnTrack::CONFIG_VAR_MATCH,                              {TS_CONFIG_HTTP_PER_SERVER_CONNECTION_MATCH, TS_RECORDDATATYPE_INT}      },
+    {"proxy.config.http.parent_proxy.fail_threshold",                  {TS_CONFIG_HTTP_PARENT_PROXY_FAIL_THRESHOLD, TS_RECORDDATATYPE_INT}      },
+    {"proxy.config.http.cache.ignore_authentication",                  {TS_CONFIG_HTTP_CACHE_IGNORE_AUTHENTICATION, TS_RECORDDATATYPE_INT}      },
+    {"proxy.config.http.anonymize_remove_user_agent",                  {TS_CONFIG_HTTP_ANONYMIZE_REMOVE_USER_AGENT, TS_RECORDDATATYPE_INT}      },
+    {"proxy.config.http.connect_attempts_rr_retries",                  {TS_CONFIG_HTTP_CONNECT_ATTEMPTS_RR_RETRIES, TS_RECORDDATATYPE_INT}      },
+    {"proxy.config.http.cache.max_open_read_retries",                  {TS_CONFIG_HTTP_CACHE_MAX_OPEN_READ_RETRIES, TS_RECORDDATATYPE_INT}      },
+    {"proxy.config.http.auth_server_session_private",                  {TS_CONFIG_HTTP_AUTH_SERVER_SESSION_PRIVATE, TS_RECORDDATATYPE_INT}      },
+    {"proxy.config.http.redirect_use_orig_cache_key",                  {TS_CONFIG_HTTP_REDIRECT_USE_ORIG_CACHE_KEY, TS_RECORDDATATYPE_INT}      },
+    {"proxy.config.http.cache.ignore_client_no_cache",                 {TS_CONFIG_HTTP_CACHE_IGNORE_CLIENT_NO_CACHE, TS_RECORDDATATYPE_INT}     },
+    {"proxy.config.http.cache.ims_on_client_no_cache",                 {TS_CONFIG_HTTP_CACHE_IMS_ON_CLIENT_NO_CACHE, TS_RECORDDATATYPE_INT}     },
+    {"proxy.config.http.cache.ignore_server_no_cache",                 {TS_CONFIG_HTTP_CACHE_IGNORE_SERVER_NO_CACHE, TS_RECORDDATATYPE_INT}     },
+    {"proxy.config.http.cache.heuristic_min_lifetime",                 {TS_CONFIG_HTTP_CACHE_HEURISTIC_MIN_LIFETIME, TS_RECORDDATATYPE_INT}     },
+    {"proxy.config.http.cache.heuristic_max_lifetime",                 {TS_CONFIG_HTTP_CACHE_HEURISTIC_MAX_LIFETIME, TS_RECORDDATATYPE_INT}     },
+    {"proxy.config.http.server_session_sharing.match",                 {TS_CONFIG_HTTP_SERVER_SESSION_SHARING_MATCH, TS_RECORDDATATYPE_STRING}  },
+    {"proxy.config.http.cache.ignore_accept_mismatch",                 {TS_CONFIG_HTTP_CACHE_IGNORE_ACCEPT_MISMATCH, TS_RECORDDATATYPE_INT}     },
+    {"proxy.config.http.cache.open_write_fail_action",                 {TS_CONFIG_HTTP_CACHE_OPEN_WRITE_FAIL_ACTION, TS_RECORDDATATYPE_INT}     },
+    {"proxy.config.http.insert_squid_x_forwarded_for",                 {TS_CONFIG_HTTP_INSERT_SQUID_X_FORWARDED_FOR, TS_RECORDDATATYPE_INT}     },
+    {"proxy.config.http.connect_attempts_max_retries",                 {TS_CONFIG_HTTP_CONNECT_ATTEMPTS_MAX_RETRIES, TS_RECORDDATATYPE_INT}     },
+    {"proxy.config.http.cache.max_open_write_retries",                 {TS_CONFIG_HTTP_CACHE_MAX_OPEN_WRITE_RETRIES, TS_RECORDDATATYPE_INT}     },
+    {"proxy.config.http.cache.max_open_write_retry_timeout",
+     {TS_CONFIG_HTTP_CACHE_MAX_OPEN_WRITE_RETRY_TIMEOUT, TS_RECORDDATATYPE_INT}                                                                 },
+    {"proxy.config.http.forward.proxy_auth_to_parent",                 {TS_CONFIG_HTTP_FORWARD_PROXY_AUTH_TO_PARENT, TS_RECORDDATATYPE_INT}     },
+    {"proxy.config.http.parent_proxy.mark_down_hostdb",                {TS_CONFIG_PARENT_FAILURES_UPDATE_HOSTDB, TS_RECORDDATATYPE_INT}         },
+    {"proxy.config.http.negative_revalidating_enabled",                {TS_CONFIG_HTTP_NEGATIVE_REVALIDATING_ENABLED, TS_RECORDDATATYPE_INT}    },
+    {"proxy.config.http.cache.guaranteed_min_lifetime",                {TS_CONFIG_HTTP_CACHE_GUARANTEED_MIN_LIFETIME, TS_RECORDDATATYPE_INT}    },
+    {"proxy.config.http.cache.guaranteed_max_lifetime",                {TS_CONFIG_HTTP_CACHE_GUARANTEED_MAX_LIFETIME, TS_RECORDDATATYPE_INT}    },
+    {"proxy.config.http.transaction_active_timeout_in",                {TS_CONFIG_HTTP_TRANSACTION_ACTIVE_TIMEOUT_IN, TS_RECORDDATATYPE_INT}    },
+    {"proxy.config.http.cache.ignore_client_cc_max_age",               {TS_CONFIG_HTTP_CACHE_IGNORE_CLIENT_CC_MAX_AGE, TS_RECORDDATATYPE_INT}   },
+    {"proxy.config.http.negative_revalidating_lifetime",               {TS_CONFIG_HTTP_NEGATIVE_REVALIDATING_LIFETIME, TS_RECORDDATATYPE_INT}   },
+    {"proxy.config.http.transaction_active_timeout_out",               {TS_CONFIG_HTTP_TRANSACTION_ACTIVE_TIMEOUT_OUT, TS_RECORDDATATYPE_INT}   },
+    {"proxy.config.http.background_fill_active_timeout",               {TS_CONFIG_HTTP_BACKGROUND_FILL_ACTIVE_TIMEOUT, TS_RECORDDATATYPE_INT}   },
+    {"proxy.config.http.attach_server_session_to_client",              {TS_CONFIG_HTTP_ATTACH_SERVER_SESSION_TO_CLIENT, TS_RECORDDATATYPE_INT}  },
+    {"proxy.config.http.max_proxy_cycles",                             {TS_CONFIG_HTTP_MAX_PROXY_CYCLES, TS_RECORDDATATYPE_INT}                 },
+    {"proxy.config.http.cache.cache_responses_to_cookies",
+     {TS_CONFIG_HTTP_CACHE_CACHE_RESPONSES_TO_COOKIES, TS_RECORDDATATYPE_INT}                                                                   },
+    {"proxy.config.http.keep_alive_no_activity_timeout_in",
+     {TS_CONFIG_HTTP_KEEP_ALIVE_NO_ACTIVITY_TIMEOUT_IN, TS_RECORDDATATYPE_INT}                                                                  },
+    {"proxy.config.http.post.check.content_length.enabled",
+     {TS_CONFIG_HTTP_POST_CHECK_CONTENT_LENGTH_ENABLED, TS_RECORDDATATYPE_INT}                                                                  },
+    {"proxy.config.http.cache.cache_urls_that_look_dynamic",
+     {TS_CONFIG_HTTP_CACHE_CACHE_URLS_THAT_LOOK_DYNAMIC, TS_RECORDDATATYPE_INT}                                                                 },
+    {"proxy.config.http.transaction_no_activity_timeout_in",
+     {TS_CONFIG_HTTP_TRANSACTION_NO_ACTIVITY_TIMEOUT_IN, TS_RECORDDATATYPE_INT}                                                                 },
+    {"proxy.config.http.keep_alive_no_activity_timeout_out",
+     {TS_CONFIG_HTTP_KEEP_ALIVE_NO_ACTIVITY_TIMEOUT_OUT, TS_RECORDDATATYPE_INT}                                                                 },
+    {"proxy.config.http.uncacheable_requests_bypass_parent",
+     {TS_CONFIG_HTTP_UNCACHEABLE_REQUESTS_BYPASS_PARENT, TS_RECORDDATATYPE_INT}                                                                 },
+    {"proxy.config.http.transaction_no_activity_timeout_out",
+     {TS_CONFIG_HTTP_TRANSACTION_NO_ACTIVITY_TIMEOUT_OUT, TS_RECORDDATATYPE_INT}                                                                },
+    {"proxy.config.http.background_fill_completed_threshold",
+     {TS_CONFIG_HTTP_BACKGROUND_FILL_COMPLETED_THRESHOLD, TS_RECORDDATATYPE_FLOAT}                                                              },
+    {"proxy.config.http.parent_proxy.total_connect_attempts",
+     {TS_CONFIG_HTTP_PARENT_PROXY_TOTAL_CONNECT_ATTEMPTS, TS_RECORDDATATYPE_INT}                                                                },
+    {"proxy.config.http.cache.ignore_accept_charset_mismatch",
+     {TS_CONFIG_HTTP_CACHE_IGNORE_ACCEPT_CHARSET_MISMATCH, TS_RECORDDATATYPE_INT}                                                               },
+    {"proxy.config.http.cache.ignore_accept_language_mismatch",
+     {TS_CONFIG_HTTP_CACHE_IGNORE_ACCEPT_LANGUAGE_MISMATCH, TS_RECORDDATATYPE_INT}                                                              },
+    {"proxy.config.http.cache.ignore_accept_encoding_mismatch",
+     {TS_CONFIG_HTTP_CACHE_IGNORE_ACCEPT_ENCODING_MISMATCH, TS_RECORDDATATYPE_INT}                                                              },
+    {"proxy.config.http.connect_attempts_max_retries_dead_server",
+     {TS_CONFIG_HTTP_CONNECT_ATTEMPTS_MAX_RETRIES_DEAD_SERVER, TS_RECORDDATATYPE_INT}                                                           },
+    {"proxy.config.http.parent_proxy.per_parent_connect_attempts",
+     {TS_CONFIG_HTTP_PER_PARENT_CONNECT_ATTEMPTS, TS_RECORDDATATYPE_INT}                                                                        },
+    {"proxy.config.ssl.client.verify.server.policy",                   {TS_CONFIG_SSL_CLIENT_VERIFY_SERVER_POLICY, TS_RECORDDATATYPE_STRING}    },
+    {"proxy.config.ssl.client.verify.server.properties",               {TS_CONFIG_SSL_CLIENT_VERIFY_SERVER_PROPERTIES, TS_RECORDDATATYPE_STRING}},
+    {"proxy.config.ssl.client.sni_policy",                             {TS_CONFIG_SSL_CLIENT_SNI_POLICY, TS_RECORDDATATYPE_STRING}              },
+    {"proxy.config.ssl.client.cert.filename",                          {TS_CONFIG_SSL_CLIENT_CERT_FILENAME, TS_RECORDDATATYPE_STRING}           },
+    {"proxy.config.ssl.client.cert.path",                              {TS_CONFIG_SSL_CERT_FILEPATH, TS_RECORDDATATYPE_STRING}                  },
+    {"proxy.config.ssl.client.private_key.filename",                   {TS_CONFIG_SSL_CLIENT_PRIVATE_KEY_FILENAME, TS_RECORDDATATYPE_STRING}    },
+    {"proxy.config.ssl.client.CA.cert.filename",                       {TS_CONFIG_SSL_CLIENT_CA_CERT_FILENAME, TS_RECORDDATATYPE_STRING}        },
+    {"proxy.config.ssl.client.alpn_protocols",                         {TS_CONFIG_SSL_CLIENT_ALPN_PROTOCOLS, TS_RECORDDATATYPE_STRING}          },
+    {"proxy.config.hostdb.ip_resolve",                                 {TS_CONFIG_HTTP_HOST_RESOLUTION_PREFERENCE, TS_RECORDDATATYPE_STRING}    },
+    {"proxy.config.plugin.vc.default_buffer_index",                    {TS_CONFIG_PLUGIN_VC_DEFAULT_BUFFER_INDEX, TS_RECORDDATATYPE_INT}        },
+    {"proxy.config.plugin.vc.default_buffer_water_mark",               {TS_CONFIG_PLUGIN_VC_DEFAULT_BUFFER_WATER_MARK, TS_RECORDDATATYPE_INT}   },
+    {"proxy.config.net.sock_notsent_lowat",                            {TS_CONFIG_NET_SOCK_NOTSENT_LOWAT, TS_RECORDDATATYPE_INT}                },
+    {"proxy.config.body_factory.response_suppression_mode",
+     {TS_CONFIG_BODY_FACTORY_RESPONSE_SUPPRESSION_MODE, TS_RECORDDATATYPE_INT}                                                                  },
+    {"proxy.config.http.parent_proxy.enable_parent_timeout_markdowns",
+     {TS_CONFIG_HTTP_ENABLE_PARENT_TIMEOUT_MARKDOWNS, TS_RECORDDATATYPE_INT}                                                                    },
+    {"proxy.config.http.parent_proxy.disable_parent_markdowns",        {TS_CONFIG_HTTP_DISABLE_PARENT_MARKDOWNS, TS_RECORDDATATYPE_INT}         },
+    {"proxy.config.net.default_inactivity_timeout",                    {TS_CONFIG_NET_DEFAULT_INACTIVITY_TIMEOUT, TS_RECORDDATATYPE_INT}        }
+});
diff --git a/src/traffic_cache_tool/CacheDefs.cc b/src/traffic_cache_tool/CacheDefs.cc
index 631563f4969..5fb8ab67458 100644
--- a/src/traffic_cache_tool/CacheDefs.cc
+++ b/src/traffic_cache_tool/CacheDefs.cc
@@ -809,14 +809,14 @@ Stripe::dir_check()
       ++hist[std::min(h, SEGMENT_HISTOGRAM_WIDTH)];
       seg_chain_max = std::max(seg_chain_max, h);
     }
-    int fl_size = dir_freelist_length(s);
-    in_use += seg_in_use;
-    empty += seg_empty;
-    stale += seg_stale;
-    free += fl_size;
-    buckets_in_use += seg_buckets_in_use;
+    int fl_size      = dir_freelist_length(s);
+    in_use           += seg_in_use;
+    empty            += seg_empty;
+    stale            += seg_stale;
+    free             += fl_size;
+    buckets_in_use   += seg_buckets_in_use;
     max_chain_length = std::max(max_chain_length, seg_chain_max);
-    bytes_in_use += seg_bytes_in_use;
+    bytes_in_use     += seg_bytes_in_use;
 
     printf("  - Segment-%d | Entries: used=%d stale=%d free=%d disk-bytes=%d Buckets: used=%d empty=%d max=%d avg=%.2f dups=%d\n",
            s, seg_in_use, seg_stale, fl_size, seg_bytes_in_use, seg_buckets_in_use, seg_empty, seg_chain_max,
@@ -913,8 +913,8 @@ Stripe::loadMeta()
     delta              = Bytes(data.rebind().data() - stripe_buff2);
     _meta[A][HEAD]     = *meta;
     _meta_pos[A][HEAD] = round_down(pos + Bytes(delta));
-    pos += round_up(SBSIZE);
-    _directory._skip = Bytes(SBSIZE); // first guess, updated in @c updateLiveData when the header length is computed.
+    pos                += round_up(SBSIZE);
+    _directory._skip   = Bytes(SBSIZE); // first guess, updated in @c updateLiveData when the header length is computed.
     // Search for Footer A. Nothing for it except to grub through the disk.
     // The searched data is cached so it's available for directory parsing later if needed.
     while (pos < limit) {
@@ -957,7 +957,7 @@ Stripe::loadMeta()
 
       // Footer B must be at the same relative offset to Header B as Footer A -> Header A.
       pos += delta;
-      n = Bytes(pread(fd, stripe_buff, ts::CacheStoreBlocks::SCALE, pos));
+      n   = Bytes(pread(fd, stripe_buff, ts::CacheStoreBlocks::SCALE, pos));
       data.assign(stripe_buff, n);
       meta = static_cast(data.data());
       if (this->validateMeta(meta)) {
diff --git a/src/traffic_cache_tool/CacheDefs.h b/src/traffic_cache_tool/CacheDefs.h
index e69becaaf79..60c4999f375 100644
--- a/src/traffic_cache_tool/CacheDefs.h
+++ b/src/traffic_cache_tool/CacheDefs.h
@@ -50,7 +50,7 @@ namespace ts
 {
 /* INK_ALIGN() is only to be used to align on a power of 2 boundary */
 #define INK_ALIGN(size, boundary) (((size) + ((boundary)-1)) & ~((boundary)-1))
-#define ROUND_TO_STORE_BLOCK(_x) INK_ALIGN((_x), 8192)
+#define ROUND_TO_STORE_BLOCK(_x)  INK_ALIGN((_x), 8192)
 #define dir_clear(_e) \
   do {                \
     (_e)->w[0] = 0;   \
@@ -177,9 +177,9 @@ struct Doc {
 #endif
   uint32_t hlen;         ///< Length of this header.
   uint32_t doc_type : 8; ///< Doc type - indicates the format of this structure and its content.
-  uint32_t v_major : 8;  ///< Major version number.
-  uint32_t v_minor : 8;  ///< Minor version number.
-  uint32_t unused : 8;   ///< Unused, forced to zero.
+  uint32_t v_major  : 8; ///< Major version number.
+  uint32_t v_minor  : 8; ///< Minor version number.
+  uint32_t unused   : 8; ///< Unused, forced to zero.
   uint32_t sync_serial;
   uint32_t write_serial;
   uint32_t pinned; // pinned until
@@ -368,13 +368,13 @@ constexpr int CACHE_BLOCK_SIZE          = (1 << CACHE_BLOCK_SHIFT); // 512, smal
 
 namespace ct
 {
-#define dir_big(_e) ((uint32_t)((((_e)->w[1]) >> 8) & 0x3))
+#define dir_big(_e)         ((uint32_t)((((_e)->w[1]) >> 8) & 0x3))
 #define dir_bit(_e, _w, _b) ((uint32_t)(((_e)->w[_w] >> (_b)) & 1))
-#define dir_size(_e) ((uint32_t)(((_e)->w[1]) >> 10))
+#define dir_size(_e)        ((uint32_t)(((_e)->w[1]) >> 10))
 #define dir_approx_size(_e) ((dir_size(_e) + 1) * DIR_BLOCK_SIZE(dir_big(_e)))
-#define dir_head(_e) dir_bit(_e, 2, 13)
-#define DIR_MASK_TAG(_t) ((_t) & ((1 << DIR_TAG_WIDTH) - 1))
-#define dir_tag(_e) ((uint32_t)((_e)->w[2] & ((1 << DIR_TAG_WIDTH) - 1)))
+#define dir_head(_e)        dir_bit(_e, 2, 13)
+#define DIR_MASK_TAG(_t)    ((_t) & ((1 << DIR_TAG_WIDTH) - 1))
+#define dir_tag(_e)         ((uint32_t)((_e)->w[2] & ((1 << DIR_TAG_WIDTH) - 1)))
 #define dir_offset(_e) \
   ((int64_t)(((uint64_t)(_e)->w[0]) | (((uint64_t)((_e)->w[1] & 0xFF)) << 16) | (((uint64_t)(_e)->w[4]) << 24)))
 
@@ -385,10 +385,10 @@ namespace ct
     (_e)->w[4] = (uint16_t)((_o) >> 24);                                    \
   } while (0)
 
-#define dir_next(_e) (_e)->w[3]
-#define dir_phase(_e) dir_bit(_e, 2, 12)
-#define DIR_BLOCK_SHIFT(_i) (3 * (_i))
-#define DIR_BLOCK_SIZE(_i) (CACHE_BLOCK_SIZE << DIR_BLOCK_SHIFT(_i))
+#define dir_next(_e)         (_e)->w[3]
+#define dir_phase(_e)        dir_bit(_e, 2, 12)
+#define DIR_BLOCK_SHIFT(_i)  (3 * (_i))
+#define DIR_BLOCK_SIZE(_i)   (CACHE_BLOCK_SIZE << DIR_BLOCK_SHIFT(_i))
 #define dir_set_prev(_e, _o) (_e)->w[2] = (uint16_t)(_o)
 #define dir_set_next(_e, _o) (_e)->w[3] = (uint16_t)(_o)
 
diff --git a/src/traffic_cache_tool/CacheScan.cc b/src/traffic_cache_tool/CacheScan.cc
index 207c1ab7eca..033bc99ec78 100644
--- a/src/traffic_cache_tool/CacheScan.cc
+++ b/src/traffic_cache_tool/CacheScan.cc
@@ -314,7 +314,7 @@ CacheScan::unmarshal(char *buf, int len, RefCountObj *block_ref)
       zret.push(0, 0, "HTTPInfo::request unmarshal failed");
       return zret;
     }
-    len -= tmp;
+    len                                    -= tmp;
     alt->m_request_hdr.m_heap              = heap;
     alt->m_request_hdr.m_http              = hh;
     alt->m_request_hdr.m_mime              = hh->m_fields_impl;
diff --git a/src/traffic_cache_tool/CacheTool.cc b/src/traffic_cache_tool/CacheTool.cc
index 5210ccec174..c7b545f8195 100644
--- a/src/traffic_cache_tool/CacheTool.cc
+++ b/src/traffic_cache_tool/CacheTool.cc
@@ -397,8 +397,8 @@ VolumeAllocator::allocateFor(Span &span)
   for (auto &v : _av) {
     auto delta = v._config._alloc - v._size;
     if (delta > 0) {
-      v._deficit = (delta.count() * SCALE) / v._config._alloc.count();
-      v._shares  = delta.count() * v._deficit;
+      v._deficit   = (delta.count() * SCALE) / v._config._alloc.count();
+      v._shares    = delta.count() * v._deficit;
       total_shares += v._shares;
     } else {
       v._shares = 0;
@@ -418,11 +418,11 @@ VolumeAllocator::allocateFor(Span &span)
       // Not sure why this is needed. But a large and empty volume can dominate the shares
       // enough to get more than it actually needs if the other volume are relative small or full.
       // I need to do more math to see if the weighting can be adjusted to not have this happen.
-      n = std::min(n, delta);
-      v._size += n;
-      span_used += n;
+      n            = std::min(n, delta);
+      v._size      += n;
+      span_used    += n;
       total_shares -= v._shares;
-      Errata z = _cache.allocStripe(&span, v._config._idx, round_up(n));
+      Errata z     = _cache.allocStripe(&span, v._config._idx, round_up(n));
       if (Verbosity >= NORMAL) {
         std::cout << "           " << n << " to volume " << v._config._idx << std::endl;
       }
@@ -786,11 +786,11 @@ Span::allocStripe(int vol_idx, const CacheStripeBlocks &len)
           stripe->_type    = 1;
           return stripe;
         } else {
-          Stripe *ns = new Stripe(this, stripe->_start, len);
+          Stripe *ns     = new Stripe(this, stripe->_start, len);
           stripe->_start += len;
-          stripe->_len -= len;
-          ns->_vol_idx = vol_idx;
-          ns->_type    = 1;
+          stripe->_len   -= len;
+          ns->_vol_idx   = vol_idx;
+          ns->_type      = 1;
           _stripes.insert(spot, ns);
           return ns;
         }
@@ -956,17 +956,17 @@ Cache::build_stripe_hash_table()
   for (auto &elt : globalVec_stripe) {
     // printf("stripe length %" PRId64 "\n", elt->_len.count());
     rtable_entries[i] = static_cast(elt->_len) / Vol_hash_alloc_size;
-    rtable_size += rtable_entries[i];
-    uint64_t x = elt->hash_id.fold();
+    rtable_size       += rtable_entries[i];
+    uint64_t x        = elt->hash_id.fold();
     // seed random number generator
     rnd[i] = static_cast(x);
-    total += elt->_len;
+    total  += elt->_len;
     i++;
   }
   i = 0;
   for (auto &elt : globalVec_stripe) {
     forvol[i] = total ? static_cast(VOL_HASH_TABLE_SIZE * elt->_len) / total : 0;
-    used += forvol[i];
+    used      += forvol[i];
     gotvol[i] = 0;
     i++;
   }
diff --git a/src/traffic_crashlog/procinfo.cc b/src/traffic_crashlog/procinfo.cc
index db99549d5bd..3510dd1e261 100644
--- a/src/traffic_crashlog/procinfo.cc
+++ b/src/traffic_crashlog/procinfo.cc
@@ -220,7 +220,7 @@ crashlog_write_registers(FILE *fp, const crashlog_target &target)
 
 // x86 register names as per ucontext.h.
 #if defined(__i386__)
-#define REGFMT "0x%08" PRIx32
+#define REGFMT     "0x%08" PRIx32
 #define REGCAST(x) ((uint32_t)(x))
   static const char *names[NGREG] = {
     "GS",  "FS",  "ES",     "DS",  "EDI", "ESI", "EBP", "ESP",  "EBX", "EDX",
@@ -229,7 +229,7 @@ crashlog_write_registers(FILE *fp, const crashlog_target &target)
 #endif
 
 #if defined(__x86_64__)
-#define REGFMT "0x%016" PRIx64
+#define REGFMT     "0x%016" PRIx64
 #define REGCAST(x) ((uint64_t)(x))
   static const char *names[NGREG] = {
     "R8",  "R9",  "R10", "R11", "R12", "R13", "R14",    "R15", "RDI",    "RSI",     "RBP", "RBX",
diff --git a/src/traffic_crashlog/traffic_crashlog.cc b/src/traffic_crashlog/traffic_crashlog.cc
index 245245e273c..3ca2afecc16 100644
--- a/src/traffic_crashlog/traffic_crashlog.cc
+++ b/src/traffic_crashlog/traffic_crashlog.cc
@@ -44,15 +44,16 @@ extern char __pid_size_static_assert[sizeof(pid_t) == sizeof(int) ? 0 : -1];
 
 static AppVersionInfo appVersionInfo;
 static const ArgumentDescription argument_descriptions[] = {
-  {"target", '-', "Target process ID", "I", &target_pid, nullptr, nullptr},
-  {"host", '-', "Host triplet for the process being logged", "S*", &host_triplet, nullptr, nullptr},
-  {"wait", '-', "Stop until signalled at startup", "F", &wait_mode, nullptr, nullptr},
-  {"syslog", '-', "Syslog after writing a crash log", "F", &syslog_mode, nullptr, nullptr},
-  {"debug", '-', "Enable debugging mode", "F", &debug_mode, nullptr, nullptr},
-  {"user", '-', "Username used to set privileges", "S*", &user, nullptr, nullptr},
+  {"target", '-', "Target process ID",                         "I",  &target_pid,   nullptr, nullptr},
+  {"host",   '-', "Host triplet for the process being logged", "S*", &host_triplet, nullptr, nullptr},
+  {"wait",   '-', "Stop until signalled at startup",           "F",  &wait_mode,    nullptr, nullptr},
+  {"syslog", '-', "Syslog after writing a crash log",          "F",  &syslog_mode,  nullptr, nullptr},
+  {"debug",  '-', "Enable debugging mode",                     "F",  &debug_mode,   nullptr, nullptr},
+  {"user",   '-', "Username used to set privileges",           "S*", &user,         nullptr, nullptr},
   HELP_ARGUMENT_DESCRIPTION(),
   VERSION_ARGUMENT_DESCRIPTION(),
-  RUNROOT_ARGUMENT_DESCRIPTION()};
+  RUNROOT_ARGUMENT_DESCRIPTION()
+};
 
 static struct tm
 timestamp()
diff --git a/src/traffic_crashlog/traffic_crashlog.h b/src/traffic_crashlog/traffic_crashlog.h
index 37dded2eb5a..7563ef636aa 100644
--- a/src/traffic_crashlog/traffic_crashlog.h
+++ b/src/traffic_crashlog/traffic_crashlog.h
@@ -39,10 +39,10 @@
 
 // Printf format for memory addresses.
 #if SIZEOF_VOIDP == 8
-#define ADDRFMT "0x%016" PRIx64
+#define ADDRFMT     "0x%016" PRIx64
 #define ADDRCAST(x) ((uint64_t)(x))
 #elif SIZEOF_VOIDP == 4
-#define ADDRFMT "0x%08" PRIx32
+#define ADDRFMT     "0x%08" PRIx32
 #define ADDRCAST(x) ((uint32_t)(x))
 #else
 #error unsupported pointer size
diff --git a/src/traffic_ctl/CtrlCommands.cc b/src/traffic_ctl/CtrlCommands.cc
index 7db72f7346b..682879b82d5 100644
--- a/src/traffic_ctl/CtrlCommands.cc
+++ b/src/traffic_ctl/CtrlCommands.cc
@@ -32,8 +32,9 @@ using Codec = yamlcpp_json_emitter;
 const std::unordered_map _Fmt_str_to_enum = {
   {"pretty", BasePrinter::Options::OutputFormat::PRETTY},
   {"legacy", BasePrinter::Options::OutputFormat::LEGACY},
-  {"json", BasePrinter::Options::OutputFormat::JSON},
-  {"rpc", BasePrinter::Options::OutputFormat::RPC}};
+  {"json",   BasePrinter::Options::OutputFormat::JSON  },
+  {"rpc",    BasePrinter::Options::OutputFormat::RPC   }
+};
 
 BasePrinter::Options::OutputFormat
 parse_format(ts::Arguments *args)
@@ -199,7 +200,9 @@ void
 ConfigCommand::config_set()
 {
   auto const &data = get_parsed_arguments()->get(SET_STR);
-  ConfigSetRecordRequest request{{data[0], data[1]}};
+  ConfigSetRecordRequest request{
+    {data[0], data[1]}
+  };
   shared::rpc::JSONRPCResponse response = invoke_rpc(request);
 
   _printer->write_output(response);
@@ -290,7 +293,9 @@ void
 HostCommand::status_get()
 {
   auto const &data = get_parsed_arguments()->get(STATUS_STR);
-  HostGetStatusRequest request{{std::begin(data), std::end(data)}};
+  HostGetStatusRequest request{
+    {std::begin(data), std::end(data)}
+  };
 
   auto response = invoke_rpc(request);
 
@@ -301,10 +306,12 @@ void
 HostCommand::status_down()
 {
   auto hosts = get_parsed_arguments()->get(DOWN_STR);
-  HostSetStatusRequest request{{HostSetStatusRequest::Params::Op::DOWN,
-                                {std::begin(hosts), std::end(hosts)},
-                                get_parsed_arguments()->get(REASON_STR).value(),
-                                "0"}};
+  HostSetStatusRequest request{
+    {HostSetStatusRequest::Params::Op::DOWN,
+     {std::begin(hosts), std::end(hosts)},
+     get_parsed_arguments()->get(REASON_STR).value(),
+     "0"}
+  };
   auto response = invoke_rpc(request);
   _printer->write_output(response);
 }
@@ -313,10 +320,12 @@ void
 HostCommand::status_up()
 {
   auto hosts = get_parsed_arguments()->get(UP_STR);
-  HostSetStatusRequest request{{HostSetStatusRequest::Params::Op::UP,
-                                {std::begin(hosts), std::end(hosts)},
-                                get_parsed_arguments()->get(REASON_STR).value(),
-                                "0"}};
+  HostSetStatusRequest request{
+    {HostSetStatusRequest::Params::Op::UP,
+     {std::begin(hosts), std::end(hosts)},
+     get_parsed_arguments()->get(REASON_STR).value(),
+     "0"}
+  };
 
   auto response = invoke_rpc(request);
   _printer->write_output(response);
diff --git a/src/traffic_ctl/CtrlPrinters.cc b/src/traffic_ctl/CtrlPrinters.cc
index aeaf20396bc..900d1232f71 100644
--- a/src/traffic_ctl/CtrlPrinters.cc
+++ b/src/traffic_ctl/CtrlPrinters.cc
@@ -197,10 +197,10 @@ ConfigSetPrinter::write_output(YAML::Node const &result)
 {
   // we match the legacy format, the only one supported for now.
   static const std::unordered_map Update_Type_To_String_Message = {
-    {"0", "Set {}"},                                                                                           // UNDEFINED
+    {"0", "Set {}"                                                                                          }, // UNDEFINED
     {"1", "Set {}, please wait 10 seconds for traffic server to sync configuration, restart is not required"}, // DYNAMIC
-    {"2", "Set {}, restart required"},                                                                         // RESTART_TS
-    {"3", "Set {}, restart required"} // RESTART TM, we take care of this in case we get it from TS.
+    {"2", "Set {}, restart required"                                                                        }, // RESTART_TS
+    {"3", "Set {}, restart required"                                                                        }  // RESTART TM, we take care of this in case we get it from TS.
   };
   std::string text;
   try {
diff --git a/src/traffic_logcat/logcat.cc b/src/traffic_logcat/logcat.cc
index 9f398dc7a23..c1b337e6389 100644
--- a/src/traffic_logcat/logcat.cc
+++ b/src/traffic_logcat/logcat.cc
@@ -26,7 +26,7 @@
 #include "tscore/I_Layout.h"
 #include "tscore/runroot.h"
 
-#define PROGRAM_NAME "traffic_logcat"
+#define PROGRAM_NAME       "traffic_logcat"
 #define MAX_LOGBUFFER_SIZE 65536
 
 #include 
@@ -57,18 +57,19 @@ int auto_clear_cache_flag = 0;
 
 static const ArgumentDescription argument_descriptions[] = {
 
-  {"output_file", 'o', "Specify output file", "S1023", &output_file, NULL, NULL},
-  {"auto_filenames", 'a', "Automatically generate output names", "T", &auto_filenames, NULL, NULL},
-  {"follow", 'f', "Follow the log file as it grows", "T", &follow_flag, NULL, NULL},
-  {"clf", 'C', "Convert to Common Logging Format", "T", &clf_flag, NULL, NULL},
-  {"elf", 'E', "Convert to Extended Logging Format", "T", &elf_flag, NULL, NULL},
-  {"squid", 'S', "Convert to Squid Logging Format", "T", &squid_flag, NULL, NULL},
-  {"debug_tags", 'T', "Colon-Separated Debug Tags", "S1023", error_tags, NULL, NULL},
-  {"overwrite_output", 'w', "Overwrite existing output file(s)", "T", &overwrite_existing_file, NULL, NULL},
-  {"elf2", '2', "Convert to Extended2 Logging Format", "T", &elf2_flag, NULL, NULL},
+  {"output_file",      'o', "Specify output file",                 "S1023", &output_file,             NULL, NULL},
+  {"auto_filenames",   'a', "Automatically generate output names", "T",     &auto_filenames,          NULL, NULL},
+  {"follow",           'f', "Follow the log file as it grows",     "T",     &follow_flag,             NULL, NULL},
+  {"clf",              'C', "Convert to Common Logging Format",    "T",     &clf_flag,                NULL, NULL},
+  {"elf",              'E', "Convert to Extended Logging Format",  "T",     &elf_flag,                NULL, NULL},
+  {"squid",            'S', "Convert to Squid Logging Format",     "T",     &squid_flag,              NULL, NULL},
+  {"debug_tags",       'T', "Colon-Separated Debug Tags",          "S1023", error_tags,               NULL, NULL},
+  {"overwrite_output", 'w', "Overwrite existing output file(s)",   "T",     &overwrite_existing_file, NULL, NULL},
+  {"elf2",             '2', "Convert to Extended2 Logging Format", "T",     &elf2_flag,               NULL, NULL},
   HELP_ARGUMENT_DESCRIPTION(),
   VERSION_ARGUMENT_DESCRIPTION(),
-  RUNROOT_ARGUMENT_DESCRIPTION()};
+  RUNROOT_ARGUMENT_DESCRIPTION()
+};
 
 /*
  * Gets the inode number of a given file
diff --git a/src/traffic_logstats/logstats.cc b/src/traffic_logstats/logstats.cc
index c9c151c9f0a..f0471d8da25 100644
--- a/src/traffic_logstats/logstats.cc
+++ b/src/traffic_logstats/logstats.cc
@@ -635,29 +635,30 @@ struct CommandLineArgs {
 static CommandLineArgs cl;
 
 static ArgumentDescription argument_descriptions[] = {
-  {"log_file", 'f', "Specific logfile to parse", "S1023", cl.log_file, nullptr, nullptr},
-  {"origin_list", 'o', "Only show stats for listed Origins", "S4095", cl.origin_list, nullptr, nullptr},
-  {"origin_file", 'O', "File listing Origins to show", "S1023", cl.origin_file, nullptr, nullptr},
-  {"max_origins", 'M', "Max number of Origins to show", "I", &cl.max_origins, nullptr, nullptr},
-  {"urls", 'u', "Produce JSON stats for URLs, argument is LRU size", "I", &cl.urls, nullptr, nullptr},
-  {"show_urls", 'U', "Only show max this number of URLs", "I", &cl.show_urls, nullptr, nullptr},
-  {"as_object", 'A', "Produce URL stats as a JSON object instead of array", "T", &cl.as_object, nullptr, nullptr},
-  {"concise", 'C', "Eliminate metrics that can be inferred from other values", "T", &cl.concise, nullptr, nullptr},
-  {"incremental", 'i', "Incremental log parsing", "T", &cl.incremental, nullptr, nullptr},
-  {"statetag", 'S', "Name of the state file to use", "S1023", cl.state_tag, nullptr, nullptr},
-  {"tail", 't', "Parse the last  seconds of log", "I", &cl.tail, nullptr, nullptr},
-  {"summary", 's', "Only produce the summary", "T", &cl.summary, nullptr, nullptr},
-  {"json", 'j', "Produce JSON formatted output", "T", &cl.json, nullptr, nullptr},
-  {"cgi", 'c', "Produce HTTP headers suitable as a CGI", "T", &cl.cgi, nullptr, nullptr},
-  {"min_hits", 'm', "Minimum total hits for an Origin", "L", &cl.min_hits, nullptr, nullptr},
-  {"max_age", 'a', "Max age for log entries to be considered", "I", &cl.max_age, nullptr, nullptr},
-  {"line_len", 'l', "Output line length", "I", &cl.line_len, nullptr, nullptr},
-  {"debug_tags", 'T', "Colon-Separated Debug Tags", "S1023", &error_tags, nullptr, nullptr},
-  {"report_per_user", 'r', "Report stats per user instead of host", "T", &cl.report_per_user, nullptr, nullptr},
-  {"no_format_check", 'n', "Don't validate the log format field names", "T", &cl.no_format_check, nullptr, nullptr},
+  {"log_file",        'f', "Specific logfile to parse",                                "S1023", cl.log_file,         nullptr, nullptr},
+  {"origin_list",     'o', "Only show stats for listed Origins",                       "S4095", cl.origin_list,      nullptr, nullptr},
+  {"origin_file",     'O', "File listing Origins to show",                             "S1023", cl.origin_file,      nullptr, nullptr},
+  {"max_origins",     'M', "Max number of Origins to show",                            "I",     &cl.max_origins,     nullptr, nullptr},
+  {"urls",            'u', "Produce JSON stats for URLs, argument is LRU size",        "I",     &cl.urls,            nullptr, nullptr},
+  {"show_urls",       'U', "Only show max this number of URLs",                        "I",     &cl.show_urls,       nullptr, nullptr},
+  {"as_object",       'A', "Produce URL stats as a JSON object instead of array",      "T",     &cl.as_object,       nullptr, nullptr},
+  {"concise",         'C', "Eliminate metrics that can be inferred from other values", "T",     &cl.concise,         nullptr, nullptr},
+  {"incremental",     'i', "Incremental log parsing",                                  "T",     &cl.incremental,     nullptr, nullptr},
+  {"statetag",        'S', "Name of the state file to use",                            "S1023", cl.state_tag,        nullptr, nullptr},
+  {"tail",            't', "Parse the last  seconds of log",                      "I",     &cl.tail,            nullptr, nullptr},
+  {"summary",         's', "Only produce the summary",                                 "T",     &cl.summary,         nullptr, nullptr},
+  {"json",            'j', "Produce JSON formatted output",                            "T",     &cl.json,            nullptr, nullptr},
+  {"cgi",             'c', "Produce HTTP headers suitable as a CGI",                   "T",     &cl.cgi,             nullptr, nullptr},
+  {"min_hits",        'm', "Minimum total hits for an Origin",                         "L",     &cl.min_hits,        nullptr, nullptr},
+  {"max_age",         'a', "Max age for log entries to be considered",                 "I",     &cl.max_age,         nullptr, nullptr},
+  {"line_len",        'l', "Output line length",                                       "I",     &cl.line_len,        nullptr, nullptr},
+  {"debug_tags",      'T', "Colon-Separated Debug Tags",                               "S1023", &error_tags,         nullptr, nullptr},
+  {"report_per_user", 'r', "Report stats per user instead of host",                    "T",     &cl.report_per_user, nullptr, nullptr},
+  {"no_format_check", 'n', "Don't validate the log format field names",                "T",     &cl.no_format_check, nullptr, nullptr},
   HELP_ARGUMENT_DESCRIPTION(),
   VERSION_ARGUMENT_DESCRIPTION(),
-  RUNROOT_ARGUMENT_DESCRIPTION()};
+  RUNROOT_ARGUMENT_DESCRIPTION()
+};
 
 static const char *USAGE_LINE = "Usage: " PROGRAM_NAME " [-f logfile] [-o origin[,...]] [-O originfile] [-m minhits] [-binshv]";
 
@@ -1308,8 +1309,8 @@ parse_log_buff(LogBufferHeader *buf_header, bool summary = false, bool aggregate
     while ((field = fieldlist->next(field))) {
       switch (state) {
       case P_STATE_ELAPSED:
-        state   = P_STATE_IP;
-        elapsed = *((int64_t *)(read_from));
+        state     = P_STATE_IP;
+        elapsed   = *((int64_t *)(read_from));
         read_from += INK_MIN_ALIGN;
         break;
 
@@ -1331,8 +1332,8 @@ parse_log_buff(LogBufferHeader *buf_header, bool summary = false, bool aggregate
         break;
 
       case P_STATE_RESULT:
-        state  = P_STATE_CODE;
-        result = *((int64_t *)(read_from));
+        state     = P_STATE_CODE;
+        result    = *((int64_t *)(read_from));
         read_from += INK_MIN_ALIGN;
         if ((result < 32) || (result > 255)) {
           flag  = 1;
@@ -1353,8 +1354,8 @@ parse_log_buff(LogBufferHeader *buf_header, bool summary = false, bool aggregate
       case P_STATE_SIZE:
         // Warning: This is not 64-bit safe, when converting the log format,
         // this needs to be fixed as well.
-        state = P_STATE_METHOD;
-        size  = *((int64_t *)(read_from));
+        state     = P_STATE_METHOD;
+        size      = *((int64_t *)(read_from));
         read_from += INK_MIN_ALIGN;
         break;
 
@@ -1365,19 +1366,19 @@ parse_log_buff(LogBufferHeader *buf_header, bool summary = false, bool aggregate
         // Small optimization for common (3-4 char) cases
         switch (*reinterpret_cast(read_from)) {
         case GET_AS_INT:
-          method = METHOD_GET;
+          method    = METHOD_GET;
           read_from += LogAccess::round_strlen(3 + 1);
           break;
         case PUT_AS_INT:
-          method = METHOD_PUT;
+          method    = METHOD_PUT;
           read_from += LogAccess::round_strlen(3 + 1);
           break;
         case HEAD_AS_INT:
-          method = METHOD_HEAD;
+          method    = METHOD_HEAD;
           read_from += LogAccess::round_strlen(4 + 1);
           break;
         case POST_AS_INT:
-          method = METHOD_POST;
+          method    = METHOD_POST;
           read_from += LogAccess::round_strlen(4 + 1);
           break;
         default:
@@ -1418,12 +1419,12 @@ parse_log_buff(LogBufferHeader *buf_header, bool summary = false, bool aggregate
           if (HTTP_AS_INT == *reinterpret_cast(tok)) {
             tok += 4;
             if (':' == *tok) {
-              scheme = SCHEME_HTTP;
-              tok += 3;
+              scheme  = SCHEME_HTTP;
+              tok     += 3;
               tok_len = strlen(tok) + 7;
             } else if ('s' == *tok) {
-              scheme = SCHEME_HTTPS;
-              tok += 4;
+              scheme  = SCHEME_HTTPS;
+              tok     += 4;
               tok_len = strlen(tok) + 8;
             } else {
               tok_len = strlen(tok) + 4;
@@ -1744,7 +1745,7 @@ parse_log_buff(LogBufferHeader *buf_header, bool summary = false, bool aggregate
           }
         }
         read_from += LogAccess::round_strlen(tok_len + 1);
-        flag = 0; // We exited this state without errors
+        flag      = 0; // We exited this state without errors
         break;
 
       case P_STATE_END:
diff --git a/src/traffic_quic/quic_client.cc b/src/traffic_quic/quic_client.cc
index dbdfa895f75..cce5d1e194f 100644
--- a/src/traffic_quic/quic_client.cc
+++ b/src/traffic_quic/quic_client.cc
@@ -142,7 +142,7 @@ QUICClient::state_http_server_open(int event, void *data)
 //
 // Http09ClientApp
 //
-#define Http09ClientAppDebug(fmt, ...) Debug("quic_client_app", "[%s] " fmt, this->_qc->cids().data(), ##__VA_ARGS__)
+#define Http09ClientAppDebug(fmt, ...)  Debug("quic_client_app", "[%s] " fmt, this->_qc->cids().data(), ##__VA_ARGS__)
 #define Http09ClientAppVDebug(fmt, ...) Debug("v_quic_client_app", "[%s] " fmt, this->_qc->cids().data(), ##__VA_ARGS__)
 
 Http09ClientApp::Http09ClientApp(QUICNetVConnection *qvc, const QUICClientConfig *config) : QUICApplication(qvc), _config(config)
diff --git a/src/traffic_quic/traffic_quic.cc b/src/traffic_quic/traffic_quic.cc
index c54bfa0fbbd..ba995352df6 100644
--- a/src/traffic_quic/traffic_quic.cc
+++ b/src/traffic_quic/traffic_quic.cc
@@ -60,16 +60,16 @@ main(int argc, const char **argv)
   QUICClientConfig config;
 
   const ArgumentDescription argument_descriptions[] = {
-    {"addr", 'a', "Address", "S1023", config.addr, nullptr, nullptr},
-    {"output", 'o', "Write to FILE instead of stdout", "S1023", config.output, nullptr, nullptr},
-    {"port", 'p', "Port", "S15", config.port, nullptr, nullptr},
-    {"path", 'P', "Path", "S1017", config.path, nullptr, nullptr},
-    {"server", 's', "Server name", "S127", config.server_name, nullptr, nullptr},
-    {"debug", 'T', "Vertical-bar-separated Debug Tags", "S1023", config.debug_tags, nullptr, nullptr},
-    {"close", 'c', "Enable connection close exercise", "F", &config.close, nullptr, nullptr},
-    {"reset", 'r', "Enable stateless reset exercise", "F", &config.reset, nullptr, nullptr},
-    {"http0_9", '-', "Enable HTTP/0.9", "T", &config.http0_9, nullptr, nullptr},
-    {"http3", '-', "Enable HTTP/3", "F", &config.http3, nullptr, nullptr},
+    {"addr",    'a', "Address",                           "S1023", config.addr,        nullptr, nullptr},
+    {"output",  'o', "Write to FILE instead of stdout",   "S1023", config.output,      nullptr, nullptr},
+    {"port",    'p', "Port",                              "S15",   config.port,        nullptr, nullptr},
+    {"path",    'P', "Path",                              "S1017", config.path,        nullptr, nullptr},
+    {"server",  's', "Server name",                       "S127",  config.server_name, nullptr, nullptr},
+    {"debug",   'T', "Vertical-bar-separated Debug Tags", "S1023", config.debug_tags,  nullptr, nullptr},
+    {"close",   'c', "Enable connection close exercise",  "F",     &config.close,      nullptr, nullptr},
+    {"reset",   'r', "Enable stateless reset exercise",   "F",     &config.reset,      nullptr, nullptr},
+    {"http0_9", '-', "Enable HTTP/0.9",                   "T",     &config.http0_9,    nullptr, nullptr},
+    {"http3",   '-', "Enable HTTP/3",                     "F",     &config.http3,      nullptr, nullptr},
 
     HELP_ARGUMENT_DESCRIPTION(),
     VERSION_ARGUMENT_DESCRIPTION(),
@@ -200,6 +200,13 @@ APIHook::invoke(int, void *) const
   return 0;
 }
 
+int
+APIHook::blocking_invoke(int, void *) const
+{
+  ink_assert(false);
+  return 0;
+}
+
 APIHook *
 APIHooks::head() const
 {
diff --git a/src/traffic_server/FetchSM.cc b/src/traffic_server/FetchSM.cc
index aa735978475..38af0d0dd05 100644
--- a/src/traffic_server/FetchSM.cc
+++ b/src/traffic_server/FetchSM.cc
@@ -28,7 +28,7 @@
 #include "PluginVC.h"
 #include "ts/ts.h" // Ugly, but we need a bunch of the public APIs here ... :-/
 
-#define DEBUG_TAG "FetchSM"
+#define DEBUG_TAG             "FetchSM"
 #define FETCH_LOCK_RETRY_TIME HRTIME_MSECONDS(10)
 
 ClassAllocator FetchSMAllocator("FetchSMAllocator");
@@ -393,7 +393,7 @@ FetchSM::get_info_from_buffer(IOBufferReader *reader)
     if (client_response_hdr.parse_resp(&http_parser, reader, &bytes_used, 0) == PARSE_RESULT_DONE) {
       if ((bytes_used > 0) && (bytes_used <= read_avail)) {
         memcpy(info, buf, bytes_used);
-        info += bytes_used;
+        info         += bytes_used;
         client_bytes += bytes_used;
       }
     } else {
@@ -421,8 +421,8 @@ FetchSM::get_info_from_buffer(IOBufferReader *reader)
       if ((read_done > 0) && ((read_done <= read_avail))) {
         memcpy(info, buf, read_done);
         reader->consume(read_done);
-        read_avail -= read_done;
-        info += read_done;
+        read_avail   -= read_done;
+        info         += read_done;
         client_bytes += read_done;
       }
     }
@@ -456,8 +456,8 @@ FetchSM::get_info_from_buffer(IOBufferReader *reader)
       if ((read_done > 0) && (read_done <= read_avail)) {
         memcpy(info, buf, read_done);
         reader->consume(read_done);
-        read_avail -= read_done;
-        info += read_done;
+        read_avail   -= read_done;
+        info         += read_done;
         client_bytes += read_done;
       }
     }
diff --git a/src/traffic_server/HostStatus.cc b/src/traffic_server/HostStatus.cc
index b496cdc936f..1bdeba667ec 100644
--- a/src/traffic_server/HostStatus.cc
+++ b/src/traffic_server/HostStatus.cc
@@ -217,7 +217,7 @@ HostStatus::setHostStatus(const std::string_view name, TSHostStatus status, cons
       if (status == TSHostStatus::TS_HOST_STATUS_DOWN) {
         host_stat->active_marked_down = time(0);
         host_stat->active_down_time   = down_time;
-        host_stat->reasons |= Reason::ACTIVE;
+        host_stat->reasons            |= Reason::ACTIVE;
       } else {
         host_stat->active_marked_down = 0;
         host_stat->active_down_time   = 0;
@@ -231,7 +231,7 @@ HostStatus::setHostStatus(const std::string_view name, TSHostStatus status, cons
       if (status == TSHostStatus::TS_HOST_STATUS_DOWN) {
         host_stat->local_marked_down = time(0);
         host_stat->local_down_time   = down_time;
-        host_stat->reasons |= Reason::LOCAL;
+        host_stat->reasons           |= Reason::LOCAL;
       } else {
         host_stat->local_marked_down = 0;
         host_stat->local_down_time   = 0;
@@ -245,7 +245,7 @@ HostStatus::setHostStatus(const std::string_view name, TSHostStatus status, cons
       if (status == TSHostStatus::TS_HOST_STATUS_DOWN) {
         host_stat->manual_marked_down = time(0);
         host_stat->manual_down_time   = down_time;
-        host_stat->reasons |= Reason::MANUAL;
+        host_stat->reasons            |= Reason::MANUAL;
       } else {
         host_stat->manual_marked_down = 0;
         host_stat->manual_down_time   = 0;
@@ -259,7 +259,7 @@ HostStatus::setHostStatus(const std::string_view name, TSHostStatus status, cons
             HostStatusNames[status]);
       if (status == TSHostStatus::TS_HOST_STATUS_DOWN) {
         host_stat->self_detect_marked_down = time(0);
-        host_stat->reasons |= Reason::SELF_DETECT;
+        host_stat->reasons                 |= Reason::SELF_DETECT;
       } else {
         host_stat->self_detect_marked_down = 0;
         if (host_stat->reasons & Reason::SELF_DETECT) {
diff --git a/src/traffic_server/InkAPI.cc b/src/traffic_server/InkAPI.cc
index d9f7ee80aac..c9a0ac76e06 100644
--- a/src/traffic_server/InkAPI.cc
+++ b/src/traffic_server/InkAPI.cc
@@ -21,11 +21,11 @@
   limitations under the License.
  */
 
-#include 
 #include 
 #include 
 #include 
 #include 
+#include 
 
 #include "tscore/ink_platform.h"
 #include "tscore/ink_base64.h"
@@ -41,7 +41,7 @@
 #include "HTTP.h"
 #include "ProxySession.h"
 #include "Http2ClientSession.h"
-#include "Http1ServerSession.h"
+#include "PoolableSession.h"
 #include "HttpSM.h"
 #include "HttpConfig.h"
 #include "P_Net.h"
@@ -953,8 +953,8 @@ FileImpl::fwrite(const void *buf, size_t length)
     memcpy(&m_buf[m_bufpos], p, avail);
 
     m_bufpos += avail;
-    p += avail;
-    length -= avail;
+    p        += avail;
+    length   -= avail;
 
     if ((length > 0) && (m_bufpos > 0)) {
       if (fflush() <= 0) {
@@ -1379,7 +1379,7 @@ APIHook::prev() const
 int
 APIHook::invoke(int event, void *edata) const
 {
-  if ((event == EVENT_IMMEDIATE) || (event == EVENT_INTERVAL) || event == TS_EVENT_HTTP_TXN_CLOSE) {
+  if (event == EVENT_IMMEDIATE || event == EVENT_INTERVAL || event == TS_EVENT_HTTP_TXN_CLOSE) {
     if (ink_atomic_increment((int *)&m_cont->m_event_count, 1) < 0) {
       ink_assert(!"not reached");
     }
@@ -1392,6 +1392,20 @@ APIHook::invoke(int event, void *edata) const
   return m_cont->handleEvent(event, edata);
 }
 
+int
+APIHook::blocking_invoke(int event, void *edata) const
+{
+  if (event == EVENT_IMMEDIATE || event == EVENT_INTERVAL || event == TS_EVENT_HTTP_TXN_CLOSE) {
+    if (ink_atomic_increment((int *)&m_cont->m_event_count, 1) < 0) {
+      ink_assert(!"not reached");
+    }
+  }
+
+  WEAK_SCOPED_MUTEX_LOCK(lock, m_cont->mutex, this_ethread());
+
+  return m_cont->handleEvent(event, edata);
+}
+
 APIHook *
 APIHooks::head() const
 {
@@ -4934,12 +4948,11 @@ TSHttpSsnClientVConnGet(TSHttpSsn ssnp)
 TSVConn
 TSHttpSsnServerVConnGet(TSHttpSsn ssnp)
 {
-  TSVConn vconn       = nullptr;
   PoolableSession *ss = reinterpret_cast(ssnp);
   if (ss != nullptr) {
-    vconn = reinterpret_cast(ss->get_netvc());
+    return reinterpret_cast(ss->get_netvc());
   }
-  return vconn;
+  return nullptr;
 }
 
 TSVConn
@@ -7837,9 +7850,8 @@ TSHttpTxnServerFdGet(TSHttpTxn txnp, int *fdp)
   sdk_assert(sdk_sanity_check_txn(txnp) == TS_SUCCESS);
   sdk_assert(sdk_sanity_check_null_ptr((void *)fdp) == TS_SUCCESS);
 
-  HttpSM *sm = reinterpret_cast(txnp);
-  *fdp       = -1;
-
+  HttpSM *sm           = reinterpret_cast(txnp);
+  *fdp                 = -1;
   TSReturnCode retval  = TS_ERROR;
   ProxyTransaction *ss = sm->get_server_txn();
   if (ss != nullptr) {
@@ -9415,23 +9427,20 @@ TSSslContextFindByAddr(struct sockaddr const *addr)
 tsapi TSReturnCode
 TSSslSecretSet(const char *secret_name, int secret_name_length, const char *secret_data, int secret_data_len)
 {
-  TSReturnCode retval          = TS_SUCCESS;
+  TSReturnCode retval = TS_SUCCESS;
+  std::string const secret_name_str{secret_name, unsigned(secret_name_length)};
   SSLConfigParams *load_params = SSLConfig::load_acquire();
   SSLConfigParams *params      = SSLConfig::acquire();
   if (load_params != nullptr) { // Update the current data structure
     Debug("ssl.cert_update", "Setting secrets in SSLConfig load for: %.*s", secret_name_length, secret_name);
-    if (!load_params->secrets.setSecret(std::string(secret_name, secret_name_length), secret_data, secret_data_len)) {
-      retval = TS_ERROR;
-    }
-    load_params->updateCTX(std::string(secret_name, secret_name_length));
+    load_params->secrets.setSecret(secret_name_str, std::string_view(secret_data, secret_data_len));
+    load_params->updateCTX(secret_name_str);
     SSLConfig::load_release(load_params);
   }
   if (params != nullptr) {
     Debug("ssl.cert_update", "Setting secrets in SSLConfig for: %.*s", secret_name_length, secret_name);
-    if (!params->secrets.setSecret(std::string(secret_name, secret_name_length), secret_data, secret_data_len)) {
-      retval = TS_ERROR;
-    }
-    params->updateCTX(std::string(secret_name, secret_name_length));
+    params->secrets.setSecret(secret_name_str, std::string_view(secret_data, secret_data_len));
+    params->updateCTX(secret_name_str);
     SSLConfig::release(params);
   }
   return retval;
@@ -9449,32 +9458,34 @@ TSSslSecretUpdate(const char *secret_name, int secret_name_length)
   return retval;
 }
 
-tsapi TSReturnCode
-TSSslSecretGet(const char *secret_name, int secret_name_length, const char **secret_data_return, int *secret_data_len)
+tsapi char *
+TSSslSecretGet(const char *secret_name, int secret_name_length, int *secret_data_length)
 {
+  sdk_assert(secret_name != nullptr);
+  sdk_assert(secret_data_length != nullptr);
+
   bool loading            = true;
-  TSReturnCode retval     = TS_SUCCESS;
   SSLConfigParams *params = SSLConfig::load_acquire();
   if (params == nullptr) {
     params  = SSLConfig::acquire();
     loading = false;
   }
-  std::string_view secret_data;
-  if (!params->secrets.getSecret(std::string(secret_name, secret_name_length), secret_data)) {
-    retval = TS_ERROR;
-  }
-  if (secret_data_return) {
-    *secret_data_return = secret_data.data();
-  }
-  if (secret_data_len) {
-    *secret_data_len = secret_data.size();
+  std::string const secret_data = params->secrets.getSecret(std::string(secret_name, secret_name_length));
+  char *data{nullptr};
+  if (secret_data.empty()) {
+    *secret_data_length = 0;
+
+  } else {
+    data = static_cast(ats_malloc(secret_data.size()));
+    memcpy(data, secret_data.data(), secret_data.size());
+    *secret_data_length = secret_data.size();
   }
   if (loading) {
     SSLConfig::load_release(params);
   } else {
     SSLConfig::release(params);
   }
-  return retval;
+  return data;
 }
 
 /**
diff --git a/src/traffic_server/InkAPITest.cc b/src/traffic_server/InkAPITest.cc
index 74a26b4ec8c..4fbf97551f9 100644
--- a/src/traffic_server/InkAPITest.cc
+++ b/src/traffic_server/InkAPITest.cc
@@ -63,24 +63,24 @@
   }
 
 #define MAGIC_ALIVE 0xfeedbaba
-#define MAGIC_DEAD 0xdeadbeef
+#define MAGIC_DEAD  0xdeadbeef
 
 #define SYNSERVER_LISTEN_PORT 3300
-#define SYNSERVER_DUMMY_PORT -1
+#define SYNSERVER_DUMMY_PORT  -1
 
 #define PROXY_CONFIG_NAME_HTTP_PORT "proxy.config.http.server_port"
-#define PROXY_HTTP_DEFAULT_PORT 8080
+#define PROXY_HTTP_DEFAULT_PORT     8080
 
-#define REQUEST_MAX_SIZE 4095
+#define REQUEST_MAX_SIZE  4095
 #define RESPONSE_MAX_SIZE 4095
 
 #define HTTP_REQUEST_END "\r\n\r\n"
 
 // each request/response includes an identifier as a Mime field
-#define X_REQUEST_ID "X-Request-ID"
+#define X_REQUEST_ID  "X-Request-ID"
 #define X_RESPONSE_ID "X-Response-ID"
 
-#define ERROR_BODY "TESTING ERROR PAGE"
+#define ERROR_BODY              "TESTING ERROR PAGE"
 #define TRANSFORM_APPEND_STRING "This is a transformed response"
 
 extern int dns_failover_period;
@@ -8584,131 +8584,71 @@ EXCLUSIVE_REGRESSION_TEST(SDK_API_TSHttpConnectServerIntercept)(RegressionTest *
 // The order of these should be the same as TSOverridableConfigKey
 std::array SDK_Overridable_Configs = {
   {"proxy.config.url_remap.pristine_host_hdr",
-   "proxy.config.http.chunking_enabled",
-   "proxy.config.http.negative_caching_enabled",
-   "proxy.config.http.negative_caching_lifetime",
-   "proxy.config.http.cache.when_to_revalidate",
-   "proxy.config.http.keep_alive_enabled_in",
-   "proxy.config.http.keep_alive_enabled_out",
-   "proxy.config.http.keep_alive_post_out",
-   "proxy.config.http.server_session_sharing.match",
-   "proxy.config.net.sock_recv_buffer_size_out",
-   "proxy.config.net.sock_send_buffer_size_out",
-   "proxy.config.net.sock_option_flag_out",
-   "proxy.config.http.forward.proxy_auth_to_parent",
-   "proxy.config.http.anonymize_remove_from",
-   "proxy.config.http.anonymize_remove_referer",
-   "proxy.config.http.anonymize_remove_user_agent",
-   "proxy.config.http.anonymize_remove_cookie",
-   "proxy.config.http.anonymize_remove_client_ip",
-   "proxy.config.http.insert_client_ip",
-   "proxy.config.http.response_server_enabled",
-   "proxy.config.http.insert_squid_x_forwarded_for",
-   "proxy.config.http.send_http11_requests",
-   "proxy.config.http.cache.http",
-   "proxy.config.http.cache.ignore_client_no_cache",
-   "proxy.config.http.cache.ignore_client_cc_max_age",
-   "proxy.config.http.cache.ims_on_client_no_cache",
-   "proxy.config.http.cache.ignore_server_no_cache",
-   "proxy.config.http.cache.cache_responses_to_cookies",
-   "proxy.config.http.cache.ignore_authentication",
-   "proxy.config.http.cache.cache_urls_that_look_dynamic",
-   "proxy.config.http.cache.required_headers",
-   "proxy.config.http.insert_request_via_str",
-   "proxy.config.http.insert_response_via_str",
-   "proxy.config.http.cache.heuristic_min_lifetime",
-   "proxy.config.http.cache.heuristic_max_lifetime",
-   "proxy.config.http.cache.guaranteed_min_lifetime",
-   "proxy.config.http.cache.guaranteed_max_lifetime",
-   "proxy.config.http.cache.max_stale_age",
-   "proxy.config.http.keep_alive_no_activity_timeout_in",
-   "proxy.config.http.keep_alive_no_activity_timeout_out",
-   "proxy.config.http.transaction_no_activity_timeout_in",
-   "proxy.config.http.transaction_no_activity_timeout_out",
-   "proxy.config.http.transaction_active_timeout_out",
-   "proxy.config.http.connect_attempts_max_retries",
-   "proxy.config.http.connect_attempts_max_retries_dead_server",
-   "proxy.config.http.connect_attempts_rr_retries",
-   "proxy.config.http.connect_attempts_timeout",
-   "proxy.config.http.down_server.cache_time",
-   "proxy.config.http.doc_in_cache_skip_dns",
-   "proxy.config.http.background_fill_active_timeout",
-   "proxy.config.http.response_server_str",
-   "proxy.config.http.cache.heuristic_lm_factor",
-   "proxy.config.http.background_fill_completed_threshold",
-   "proxy.config.net.sock_packet_mark_out",
-   "proxy.config.net.sock_packet_tos_out",
-   "proxy.config.http.insert_age_in_response",
-   "proxy.config.http.chunking.size",
-   "proxy.config.http.flow_control.enabled",
-   "proxy.config.http.flow_control.low_water",
-   "proxy.config.http.flow_control.high_water",
-   "proxy.config.http.cache.range.lookup",
-   "proxy.config.http.default_buffer_size",
-   "proxy.config.http.default_buffer_water_mark",
-   "proxy.config.http.request_header_max_size",
-   "proxy.config.http.response_header_max_size",
-   "proxy.config.http.negative_revalidating_enabled",
-   "proxy.config.http.negative_revalidating_lifetime",
-   "proxy.config.ssl.hsts_max_age",
-   "proxy.config.ssl.hsts_include_subdomains",
-   "proxy.config.http.cache.open_read_retry_time",
-   "proxy.config.http.cache.max_open_read_retries",
-   "proxy.config.http.cache.range.write",
-   "proxy.config.http.post.check.content_length.enabled",
-   "proxy.config.http.global_user_agent_header",
-   "proxy.config.http.auth_server_session_private",
-   "proxy.config.http.slow.log.threshold",
-   "proxy.config.http.cache.generation",
-   "proxy.config.body_factory.template_base",
-   "proxy.config.http.cache.open_write_fail_action",
-   "proxy.config.http.number_of_redirections",
-   "proxy.config.http.cache.max_open_write_retries",
-   "proxy.config.http.cache.max_open_write_retry_timeout",
-   "proxy.config.http.redirect_use_orig_cache_key",
-   "proxy.config.http.attach_server_session_to_client",
-   "proxy.config.websocket.no_activity_timeout",
-   "proxy.config.websocket.active_timeout",
-   "proxy.config.http.uncacheable_requests_bypass_parent",
-   "proxy.config.http.parent_proxy.total_connect_attempts",
-   "proxy.config.http.transaction_active_timeout_in",
-   "proxy.config.srv_enabled",
-   "proxy.config.http.forward_connect_method",
-   "proxy.config.ssl.client.cert.filename",
-   "proxy.config.ssl.client.cert.path",
-   "proxy.config.http.parent_proxy.mark_down_hostdb",
-   "proxy.config.http.cache.ignore_accept_mismatch",
-   "proxy.config.http.cache.ignore_accept_language_mismatch",
-   "proxy.config.http.cache.ignore_accept_encoding_mismatch",
-   "proxy.config.http.cache.ignore_accept_charset_mismatch",
-   "proxy.config.http.parent_proxy.fail_threshold",
-   "proxy.config.http.parent_proxy.retry_time",
-   "proxy.config.http.parent_proxy.per_parent_connect_attempts",
-   "proxy.config.http.normalize_ae",
-   "proxy.config.http.insert_forwarded",
-   "proxy.config.http.proxy_protocol_out",
-   "proxy.config.http.allow_multi_range",
-   "proxy.config.http.request_buffer_enabled",
-   "proxy.config.http.allow_half_open",
+   "proxy.config.http.chunking_enabled", "proxy.config.http.negative_caching_enabled",
+   "proxy.config.http.negative_caching_lifetime", "proxy.config.http.cache.when_to_revalidate",
+   "proxy.config.http.keep_alive_enabled_in", "proxy.config.http.keep_alive_enabled_out",
+   "proxy.config.http.keep_alive_post_out", "proxy.config.http.server_session_sharing.match",
+   "proxy.config.net.sock_recv_buffer_size_out", "proxy.config.net.sock_send_buffer_size_out",
+   "proxy.config.net.sock_option_flag_out", "proxy.config.http.forward.proxy_auth_to_parent",
+   "proxy.config.http.anonymize_remove_from", "proxy.config.http.anonymize_remove_referer",
+   "proxy.config.http.anonymize_remove_user_agent", "proxy.config.http.anonymize_remove_cookie",
+   "proxy.config.http.anonymize_remove_client_ip", "proxy.config.http.insert_client_ip",
+   "proxy.config.http.response_server_enabled", "proxy.config.http.insert_squid_x_forwarded_for",
+   "proxy.config.http.send_http11_requests", "proxy.config.http.cache.http",
+   "proxy.config.http.cache.ignore_client_no_cache", "proxy.config.http.cache.ignore_client_cc_max_age",
+   "proxy.config.http.cache.ims_on_client_no_cache", "proxy.config.http.cache.ignore_server_no_cache",
+   "proxy.config.http.cache.cache_responses_to_cookies", "proxy.config.http.cache.ignore_authentication",
+   "proxy.config.http.cache.cache_urls_that_look_dynamic", "proxy.config.http.cache.required_headers",
+   "proxy.config.http.insert_request_via_str", "proxy.config.http.insert_response_via_str",
+   "proxy.config.http.cache.heuristic_min_lifetime", "proxy.config.http.cache.heuristic_max_lifetime",
+   "proxy.config.http.cache.guaranteed_min_lifetime", "proxy.config.http.cache.guaranteed_max_lifetime",
+   "proxy.config.http.cache.max_stale_age", "proxy.config.http.keep_alive_no_activity_timeout_in",
+   "proxy.config.http.keep_alive_no_activity_timeout_out", "proxy.config.http.transaction_no_activity_timeout_in",
+   "proxy.config.http.transaction_no_activity_timeout_out", "proxy.config.http.transaction_active_timeout_out",
+   "proxy.config.http.connect_attempts_max_retries", "proxy.config.http.connect_attempts_max_retries_dead_server",
+   "proxy.config.http.connect_attempts_rr_retries", "proxy.config.http.connect_attempts_timeout",
+   "proxy.config.http.down_server.cache_time", "proxy.config.http.doc_in_cache_skip_dns",
+   "proxy.config.http.background_fill_active_timeout", "proxy.config.http.response_server_str",
+   "proxy.config.http.cache.heuristic_lm_factor", "proxy.config.http.background_fill_completed_threshold",
+   "proxy.config.net.sock_packet_mark_out", "proxy.config.net.sock_packet_tos_out",
+   "proxy.config.http.insert_age_in_response", "proxy.config.http.chunking.size",
+   "proxy.config.http.flow_control.enabled", "proxy.config.http.flow_control.low_water",
+   "proxy.config.http.flow_control.high_water", "proxy.config.http.cache.range.lookup",
+   "proxy.config.http.default_buffer_size", "proxy.config.http.default_buffer_water_mark",
+   "proxy.config.http.request_header_max_size", "proxy.config.http.response_header_max_size",
+   "proxy.config.http.negative_revalidating_enabled", "proxy.config.http.negative_revalidating_lifetime",
+   "proxy.config.ssl.hsts_max_age", "proxy.config.ssl.hsts_include_subdomains",
+   "proxy.config.http.cache.open_read_retry_time", "proxy.config.http.cache.max_open_read_retries",
+   "proxy.config.http.cache.range.write", "proxy.config.http.post.check.content_length.enabled",
+   "proxy.config.http.global_user_agent_header", "proxy.config.http.auth_server_session_private",
+   "proxy.config.http.slow.log.threshold", "proxy.config.http.cache.generation",
+   "proxy.config.body_factory.template_base", "proxy.config.http.cache.open_write_fail_action",
+   "proxy.config.http.number_of_redirections", "proxy.config.http.cache.max_open_write_retries",
+   "proxy.config.http.cache.max_open_write_retry_timeout", "proxy.config.http.redirect_use_orig_cache_key",
+   "proxy.config.http.attach_server_session_to_client", "proxy.config.websocket.no_activity_timeout",
+   "proxy.config.websocket.active_timeout", "proxy.config.http.uncacheable_requests_bypass_parent",
+   "proxy.config.http.parent_proxy.total_connect_attempts", "proxy.config.http.transaction_active_timeout_in",
+   "proxy.config.srv_enabled", "proxy.config.http.forward_connect_method",
+   "proxy.config.ssl.client.cert.filename", "proxy.config.ssl.client.cert.path",
+   "proxy.config.http.parent_proxy.mark_down_hostdb", "proxy.config.http.cache.ignore_accept_mismatch",
+   "proxy.config.http.cache.ignore_accept_language_mismatch", "proxy.config.http.cache.ignore_accept_encoding_mismatch",
+   "proxy.config.http.cache.ignore_accept_charset_mismatch", "proxy.config.http.parent_proxy.fail_threshold",
+   "proxy.config.http.parent_proxy.retry_time", "proxy.config.http.parent_proxy.per_parent_connect_attempts",
+   "proxy.config.http.normalize_ae", "proxy.config.http.insert_forwarded",
+   "proxy.config.http.proxy_protocol_out", "proxy.config.http.allow_multi_range",
+   "proxy.config.http.request_buffer_enabled", "proxy.config.http.allow_half_open",
    OutboundConnTrack::CONFIG_VAR_MIN,
    OutboundConnTrack::CONFIG_VAR_MAX,
    OutboundConnTrack::CONFIG_VAR_MATCH,
-   "proxy.config.ssl.client.verify.server.policy",
-   "proxy.config.ssl.client.verify.server.properties",
-   "proxy.config.ssl.client.sni_policy",
-   "proxy.config.ssl.client.private_key.filename",
-   "proxy.config.ssl.client.CA.cert.filename",
-   "proxy.config.ssl.client.alpn_protocols",
-   "proxy.config.hostdb.ip_resolve",
-   "proxy.config.http.connect.dead.policy",
-   "proxy.config.http.max_proxy_cycles",
-   "proxy.config.plugin.vc.default_buffer_index",
-   "proxy.config.plugin.vc.default_buffer_water_mark",
-   "proxy.config.net.sock_notsent_lowat",
-   "proxy.config.body_factory.response_suppression_mode",
-   "proxy.config.http.parent_proxy.enable_parent_timeout_markdowns",
-   "proxy.config.http.parent_proxy.disable_parent_markdowns",
-   "proxy.config.net.default_inactivity_timeout"}};
+   "proxy.config.ssl.client.verify.server.policy", "proxy.config.ssl.client.verify.server.properties",
+   "proxy.config.ssl.client.sni_policy", "proxy.config.ssl.client.private_key.filename",
+   "proxy.config.ssl.client.CA.cert.filename", "proxy.config.ssl.client.alpn_protocols",
+   "proxy.config.hostdb.ip_resolve", "proxy.config.http.connect.dead.policy",
+   "proxy.config.http.max_proxy_cycles", "proxy.config.plugin.vc.default_buffer_index",
+   "proxy.config.plugin.vc.default_buffer_water_mark", "proxy.config.net.sock_notsent_lowat",
+   "proxy.config.body_factory.response_suppression_mode", "proxy.config.http.parent_proxy.enable_parent_timeout_markdowns",
+   "proxy.config.http.parent_proxy.disable_parent_markdowns", "proxy.config.net.default_inactivity_timeout"}
+};
 
 extern ClassAllocator httpSMAllocator;
 
diff --git a/src/traffic_server/traffic_server.cc b/src/traffic_server/traffic_server.cc
index ec544ac7f9b..e0cf1075662 100644
--- a/src/traffic_server/traffic_server.cc
+++ b/src/traffic_server/traffic_server.cc
@@ -199,41 +199,40 @@ static int delay_listen_for_cache = 0;
 AppVersionInfo appVersionInfo; // Build info for this application
 
 static ArgumentDescription argument_descriptions[] = {
-  {"net_threads", 'n', "Number of Net Threads", "I", &num_of_net_threads, "PROXY_NET_THREADS", nullptr},
-  {"udp_threads", 'U', "Number of UDP Threads", "I", &num_of_udp_threads, "PROXY_UDP_THREADS", nullptr},
-  {"accept_thread", 'a', "Use an Accept Thread", "T", &num_accept_threads, "PROXY_ACCEPT_THREAD", nullptr},
-  {"accept_till_done", 'b', "Accept Till Done", "T", &accept_till_done, "PROXY_ACCEPT_TILL_DONE", nullptr},
-  {"httpport", 'p', "Port descriptor for HTTP Accept", "S*", &http_accept_port_descriptor, "PROXY_HTTP_ACCEPT_PORT", nullptr},
-  {"disable_freelist", 'f', "Disable the freelist memory allocator", "T", &cmd_disable_freelist, "PROXY_DPRINTF_LEVEL", nullptr},
-  {"disable_pfreelist", 'F', "Disable the freelist memory allocator in ProxyAllocator", "T", &cmd_disable_pfreelist,
-   "PROXY_DPRINTF_LEVEL", nullptr},
-  {"maxRecords", 'm', "Max number of librecords metrics and configurations (default & minimum: 1600)", "I", &max_records_entries,
-   "PROXY_MAX_RECORDS", nullptr},
+  {"net_threads",       'n', "Number of Net Threads",                                                                               "I",     &num_of_net_threads,             "PROXY_NET_THREADS",       nullptr},
+  {"udp_threads",       'U', "Number of UDP Threads",                                                                               "I",     &num_of_udp_threads,             "PROXY_UDP_THREADS",       nullptr},
+  {"accept_thread",     'a', "Use an Accept Thread",                                                                                "T",     &num_accept_threads,             "PROXY_ACCEPT_THREAD",     nullptr},
+  {"accept_till_done",  'b', "Accept Till Done",                                                                                    "T",     &accept_till_done,               "PROXY_ACCEPT_TILL_DONE",  nullptr},
+  {"httpport",          'p', "Port descriptor for HTTP Accept",                                                                     "S*",    &http_accept_port_descriptor,    "PROXY_HTTP_ACCEPT_PORT",  nullptr},
+  {"disable_freelist",  'f', "Disable the freelist memory allocator",                                                               "T",     &cmd_disable_freelist,           "PROXY_DPRINTF_LEVEL",     nullptr},
+  {"disable_pfreelist", 'F', "Disable the freelist memory allocator in ProxyAllocator",                                             "T",     &cmd_disable_pfreelist,
+   "PROXY_DPRINTF_LEVEL",                                                                                                                                                                                nullptr},
+  {"maxRecords",        'm', "Max number of librecords metrics and configurations (default & minimum: 1600)",                       "I",     &max_records_entries,
+   "PROXY_MAX_RECORDS",                                                                                                                                                                                  nullptr},
 
 #if TS_HAS_TESTS
-  {"regression", 'R', "Regression Level (quick:1..long:3)", "I", ®ression_level, "PROXY_REGRESSION", nullptr},
-  {"regression_test", 'r', "Run Specific Regression Test", "S512", regression_test, "PROXY_REGRESSION_TEST", nullptr},
-  {"regression_list", 'l', "List Regression Tests", "T", ®ression_list, "PROXY_REGRESSION_LIST", nullptr},
-#endif // TS_HAS_TESTS
+  {"regression",        'R', "Regression Level (quick:1..long:3)",                                                                  "I",     ®ression_level,               "PROXY_REGRESSION",        nullptr},
+  {"regression_test",   'r', "Run Specific Regression Test",                                                                        "S512",  regression_test,                 "PROXY_REGRESSION_TEST",   nullptr},
+  {"regression_list",   'l', "List Regression Tests",                                                                               "T",     ®ression_list,                "PROXY_REGRESSION_LIST",   nullptr},
+#endif  // TS_HAS_TESTS
 
 #if TS_USE_DIAGS
-  {"debug_tags", 'T', "Vertical-bar-separated Debug Tags", "S1023", error_tags, "PROXY_DEBUG_TAGS", nullptr},
-  {"action_tags", 'B', "Vertical-bar-separated Behavior Tags", "S1023", action_tags, "PROXY_BEHAVIOR_TAGS", nullptr},
+  {"debug_tags",        'T', "Vertical-bar-separated Debug Tags",                                                                   "S1023", error_tags,                      "PROXY_DEBUG_TAGS",        nullptr},
+  {"action_tags",       'B', "Vertical-bar-separated Behavior Tags",                                                                "S1023", action_tags,                     "PROXY_BEHAVIOR_TAGS",     nullptr},
 #endif
 
-  {"interval", 'i', "Statistics Interval", "I", &show_statistics, "PROXY_STATS_INTERVAL", nullptr},
-  {"command", 'C',
+  {"interval",          'i', "Statistics Interval",                                                                                 "I",     &show_statistics,                "PROXY_STATS_INTERVAL",    nullptr},
+  {"command",           'C',
    "Maintenance Command to Execute\n"
-   "      Commands: list, check, clear, clear_cache, clear_hostdb, verify_config, verify_global_plugin, verify_remap_plugin, help",
-   "S511", &command_string, "PROXY_COMMAND_STRING", nullptr},
-  {"conf_dir", 'D', "config dir to verify", "S511", &conf_dir, "PROXY_CONFIG_CONFIG_DIR", nullptr},
-  {"clear_hostdb", 'k', "Clear HostDB on Startup", "F", &auto_clear_hostdb_flag, "PROXY_CLEAR_HOSTDB", nullptr},
-  {"clear_cache", 'K', "Clear Cache on Startup", "F", &cacheProcessor.auto_clear_flag, "PROXY_CLEAR_CACHE", nullptr},
-  {"bind_stdout", '-', "Regular file to bind stdout to", "S512", &bind_stdout, "PROXY_BIND_STDOUT", nullptr},
-  {"bind_stderr", '-', "Regular file to bind stderr to", "S512", &bind_stderr, "PROXY_BIND_STDERR", nullptr},
-  {"accept_mss", '-', "MSS for client connections", "I", &accept_mss, nullptr, nullptr},
-  {"poll_timeout", 't', "poll timeout in milliseconds", "I", &poll_timeout, nullptr, nullptr},
-  {"block", '-', "block for debug attach", "T", &cmd_block, nullptr, nullptr},
+   "      Commands: list, check, clear, clear_cache, clear_hostdb, verify_config, verify_global_plugin, verify_remap_plugin, help", "S511",  &command_string,                 "PROXY_COMMAND_STRING",    nullptr},
+  {"conf_dir",          'D', "config dir to verify",                                                                                "S511",  &conf_dir,                       "PROXY_CONFIG_CONFIG_DIR", nullptr},
+  {"clear_hostdb",      'k', "Clear HostDB on Startup",                                                                             "F",     &auto_clear_hostdb_flag,         "PROXY_CLEAR_HOSTDB",      nullptr},
+  {"clear_cache",       'K', "Clear Cache on Startup",                                                                              "F",     &cacheProcessor.auto_clear_flag, "PROXY_CLEAR_CACHE",       nullptr},
+  {"bind_stdout",       '-', "Regular file to bind stdout to",                                                                      "S512",  &bind_stdout,                    "PROXY_BIND_STDOUT",       nullptr},
+  {"bind_stderr",       '-', "Regular file to bind stderr to",                                                                      "S512",  &bind_stderr,                    "PROXY_BIND_STDERR",       nullptr},
+  {"accept_mss",        '-', "MSS for client connections",                                                                          "I",     &accept_mss,                     nullptr,                   nullptr},
+  {"poll_timeout",      't', "poll timeout in milliseconds",                                                                        "I",     &poll_timeout,                   nullptr,                   nullptr},
+  {"block",             '-', "block for debug attach",                                                                              "T",     &cmd_block,                      nullptr,                   nullptr},
   HELP_ARGUMENT_DESCRIPTION(),
   VERSION_ARGUMENT_DESCRIPTION(),
   RUNROOT_ARGUMENT_DESCRIPTION(),
@@ -729,11 +728,11 @@ initialize_jsonrpc_server()
   return ok;
 }
 
-#define CMD_ERROR -2      // serious error, exit maintenance mode
-#define CMD_FAILED -1     // error, but recoverable
-#define CMD_OK 0          // ok, or minor (user) error
-#define CMD_HELP 1        // ok, print help
-#define CMD_IN_PROGRESS 2 // task not completed. don't exit
+#define CMD_ERROR       -2 // serious error, exit maintenance mode
+#define CMD_FAILED      -1 // error, but recoverable
+#define CMD_OK          0  // ok, or minor (user) error
+#define CMD_HELP        1  // ok, print help
+#define CMD_IN_PROGRESS 2  // task not completed. don't exit
 
 static int
 cmd_list(char * /* cmd ATS_UNUSED */)
@@ -1010,7 +1009,7 @@ load_plugin(plugin_type_t plugin_type, const fs::path &plugin_path, std::string
   }
   case plugin_type_t::REMAP: {
     auto temporary_directory = fs::temp_directory_path();
-    temporary_directory /= fs::path(std::string("verify_plugin_") + std::to_string(getpid()));
+    temporary_directory      /= fs::path(std::string("verify_plugin_") + std::to_string(getpid()));
     std::error_code ec;
     if (!fs::create_directories(temporary_directory, ec)) {
       std::ostringstream error_os;
@@ -1104,15 +1103,14 @@ static const struct CMD {
   int (*f)(char *);
   bool no_process_lock; /// If set this command doesn't need a process level lock.
 } commands[] = {
-  {"list", "List cache configuration",
+  {"list",                 "List cache configuration",
    "LIST\n"
    "\n"
    "FORMAT: list\n"
    "\n"
    "List the sizes of the Host Database and Cache Index,\n"
-   "and the storage available to the cache.\n",
-   cmd_list, false},
-  {"check", "Check the cache (do not make any changes)",
+   "and the storage available to the cache.\n",                        cmd_list,                 false},
+  {"check",                "Check the cache (do not make any changes)",
    "CHECK\n"
    "\n"
    "FORMAT: check\n"
@@ -1120,58 +1118,51 @@ static const struct CMD {
    "Check the cache for inconsistencies or corruption.\n"
    "CHECK does not make any changes to the data stored in\n"
    "the cache. CHECK requires a scan of the contents of the\n"
-   "cache and may take a long time for large caches.\n",
-   cmd_check, true},
-  {"clear", "Clear the entire cache",
+   "cache and may take a long time for large caches.\n",               cmd_check,                true },
+  {"clear",                "Clear the entire cache",
    "CLEAR\n"
    "\n"
    "FORMAT: clear\n"
    "\n"
    "Clear the entire cache.  All data in the cache is\n"
    "lost and the cache is reconfigured based on the current\n"
-   "description of database sizes and available storage.\n",
-   cmd_clear, false},
-  {"clear_cache", "Clear the document cache",
+   "description of database sizes and available storage.\n",           cmd_clear,                false},
+  {"clear_cache",          "Clear the document cache",
    "CLEAR_CACHE\n"
    "\n"
    "FORMAT: clear_cache\n"
    "\n"
    "Clear the document cache.  All documents in the cache are\n"
    "lost and the cache is reconfigured based on the current\n"
-   "description of database sizes and available storage.\n",
-   cmd_clear, false},
-  {"clear_hostdb", "Clear the hostdb cache",
+   "description of database sizes and available storage.\n",           cmd_clear,                false},
+  {"clear_hostdb",         "Clear the hostdb cache",
    "CLEAR_HOSTDB\n"
    "\n"
    "FORMAT: clear_hostdb\n"
    "\n"
    "Clear the entire hostdb cache.  All host name resolution\n"
-   "information is lost.\n",
-   cmd_clear, false},
-  {CMD_VERIFY_CONFIG, "Verify the config",
+   "information is lost.\n",                                           cmd_clear,                false},
+  {CMD_VERIFY_CONFIG,      "Verify the config",
    "\n"
    "\n"
    "FORMAT: verify_config\n"
    "\n"
-   "Load the config and verify traffic_server comes up correctly. \n",
-   cmd_verify, true},
+   "Load the config and verify traffic_server comes up correctly. \n", cmd_verify,               true },
   {"verify_global_plugin", "Verify a global plugin's shared object file",
    "VERIFY_GLOBAL_PLUGIN\n"
    "\n"
    "FORMAT: verify_global_plugin [global_plugin_so_file]\n"
    "\n"
    "Load a global plugin's shared object file and verify it meets\n"
-   "minimal plugin API requirements. \n",
-   cmd_verify_global_plugin, false},
-  {"verify_remap_plugin", "Verify a remap plugin's shared object file",
+   "minimal plugin API requirements. \n",                              cmd_verify_global_plugin, false},
+  {"verify_remap_plugin",  "Verify a remap plugin's shared object file",
    "VERIFY_REMAP_PLUGIN\n"
    "\n"
    "FORMAT: verify_remap_plugin [remap_plugin_so_file]\n"
    "\n"
    "Load a remap plugin's shared object file and verify it meets\n"
-   "minimal plugin API requirements. \n",
-   cmd_verify_remap_plugin, false},
-  {"help", "Obtain a short description of a command (e.g. 'help clear')",
+   "minimal plugin API requirements. \n",                              cmd_verify_remap_plugin,  false},
+  {"help",                 "Obtain a short description of a command (e.g. 'help clear')",
    "HELP\n"
    "\n"
    "FORMAT: help [command_name]\n"
@@ -1179,8 +1170,7 @@ static const struct CMD {
    "EXAMPLES: help help\n"
    "          help commit\n"
    "\n"
-   "Provide a short description of a command (like this).\n",
-   cmd_help, false},
+   "Provide a short description of a command (like this).\n",          cmd_help,                 false},
 };
 
 static int
@@ -1411,30 +1401,30 @@ struct ShowStats : public Continuation {
 
     NET_READ_DYN_SUM(net_calls_to_readfromnet_stat, sval);
     int64_t d_rb = sval - last_rb;
-    last_rb += d_rb;
+    last_rb      += d_rb;
 
     NET_READ_DYN_SUM(net_calls_to_writetonet_stat, sval);
     int64_t d_wb = sval - last_wb;
-    last_wb += d_wb;
+    last_wb      += d_wb;
 
     NET_READ_DYN_STAT(net_read_bytes_stat, sval, cval);
     int64_t d_nrb = sval - last_nrb;
-    last_nrb += d_nrb;
-    int64_t d_nr = cval - last_nr;
-    last_nr += d_nr;
+    last_nrb      += d_nrb;
+    int64_t d_nr  = cval - last_nr;
+    last_nr       += d_nr;
 
     NET_READ_DYN_STAT(net_write_bytes_stat, sval, cval);
     int64_t d_nwb = sval - last_nwb;
-    last_nwb += d_nwb;
-    int64_t d_nw = cval - last_nw;
-    last_nw += d_nw;
+    last_nwb      += d_nwb;
+    int64_t d_nw  = cval - last_nw;
+    last_nw       += d_nw;
 
     NET_READ_GLOBAL_DYN_SUM(net_connections_currently_open_stat, sval);
     int64_t d_o = sval;
 
     NET_READ_DYN_STAT(net_handler_run_stat, sval, cval);
     int64_t d_p = cval - last_p;
-    last_p += d_p;
+    last_p      += d_p;
     printf("%" PRId64 ":%" PRId64 ":%" PRId64 ":%" PRId64 " %" PRId64 ":%" PRId64 " %" PRId64 " %" PRId64 "\n", d_rb, d_wb, d_nrb,
            d_nr, d_nwb, d_nw, d_o, d_p);
 #ifdef ENABLE_TIME_TRACE
diff --git a/src/traffic_top/stats.h b/src/traffic_top/stats.h
index dfb7870b403..621c8ec6f17 100644
--- a/src/traffic_top/stats.h
+++ b/src/traffic_top/stats.h
@@ -496,7 +496,7 @@ class Stats
   {
     // move past global
     size_t pos = response.find(constant::global);
-    pos += sizeof(constant::global) - 1;
+    pos        += sizeof(constant::global) - 1;
 
     // find parts of the line
     while (true) {
diff --git a/src/traffic_top/traffic_top.cc b/src/traffic_top/traffic_top.cc
index c20c74af220..4bddbc393cb 100644
--- a/src/traffic_top/traffic_top.cc
+++ b/src/traffic_top/traffic_top.cc
@@ -34,7 +34,7 @@
 
 // At least on solaris, the default ncurses defines macros such as
 // clear() that break stdlibc++.
-#define NOMACROS 1
+#define NOMACROS         1
 #define NCURSES_NOMACROS 1
 
 #if defined HAVE_NCURSESW_CURSES_H
diff --git a/src/traffic_wccp/wccp_client.cc b/src/traffic_wccp/wccp_client.cc
index 1cb5a4b6d0b..17ceee648f8 100644
--- a/src/traffic_wccp/wccp_client.cc
+++ b/src/traffic_wccp/wccp_client.cc
@@ -126,12 +126,12 @@ main(int argc, char **argv)
 
   static option OPTIONS[] = {
     {"address", 1, nullptr, OPT_ADDRESS},
-    {"router", 1, nullptr, OPT_ROUTER},
+    {"router",  1, nullptr, OPT_ROUTER },
     {"service", 1, nullptr, OPT_SERVICE},
-    {"debug", 0, nullptr, OPT_DEBUG},
-    {"daemon", 0, nullptr, OPT_DAEMON},
-    {"help", 0, nullptr, OPT_HELP},
-    {nullptr, 0, nullptr, 0} // required terminator.
+    {"debug",   0, nullptr, OPT_DEBUG  },
+    {"daemon",  0, nullptr, OPT_DAEMON },
+    {"help",    0, nullptr, OPT_HELP   },
+    {nullptr,   0, nullptr, 0          }  // required terminator.
   };
 
   in_addr ip_addr     = {INADDR_ANY};
diff --git a/src/tscore/ArgParser.cc b/src/tscore/ArgParser.cc
index ab233f9b417..8ad1c54039c 100644
--- a/src/tscore/ArgParser.cc
+++ b/src/tscore/ArgParser.cc
@@ -348,7 +348,7 @@ ArgParser::Command::output_option() const
     if (!it.second.short_option.empty()) {
       msg = it.second.short_option + ", ";
     }
-    msg += it.first;
+    msg          += it.first;
     unsigned num = it.second.arg_num;
     if (num != 0) {
       if (num == 1) {
diff --git a/src/tscore/BaseLogFile.cc b/src/tscore/BaseLogFile.cc
index 1d9fe67088a..43a6b13e0b1 100644
--- a/src/tscore/BaseLogFile.cc
+++ b/src/tscore/BaseLogFile.cc
@@ -496,13 +496,13 @@ BaseMetaInfo::_read_from_file()
           t = tok.getNext();
           if (t) {
             _creation_time = static_cast(ink_atoi64(t));
-            _flags |= VALID_CREATION_TIME;
+            _flags         |= VALID_CREATION_TIME;
           }
         } else if (strcmp(t, "object_signature") == 0) {
           t = tok.getNext();
           if (t) {
             _log_object_signature = ink_atoi64(t);
-            _flags |= VALID_SIGNATURE;
+            _flags                |= VALID_SIGNATURE;
             log_log_trace("BaseMetaInfo::_read_from_file\n"
                           "\tfilename = %s\n"
                           "\tsignature string = %s\n"
diff --git a/src/tscore/BufferWriterFormat.cc b/src/tscore/BufferWriterFormat.cc
index 9c4eb3a5aa7..1e97ce5fc5b 100644
--- a/src/tscore/BufferWriterFormat.cc
+++ b/src/tscore/BufferWriterFormat.cc
@@ -131,10 +131,10 @@ BWFSpec::BWFSpec(TextView fmt) : _name(fmt.take_prefix_at(':'))
         }
         _fill = isdigit(d0) ? d0 - '0' : tolower(d0) - 'a' + 10;
         _fill += (isdigit(d1) ? d1 - '0' : tolower(d1) - 'a' + 10) << 4;
-        sz += 4;
+        sz    += 4;
       } else if (sz.size() > 1 && Align::NONE != (_align = align_of(sz[1]))) {
         _fill = *sz;
-        sz += 2;
+        sz    += 2;
       } else if (Align::NONE != (_align = align_of(*sz))) {
         ++sz;
       }
@@ -285,7 +285,7 @@ namespace bw_fmt
           *dst++ = spec._fill;
         }
         // Right fill.
-        dst += size;
+        dst  += size;
         last = dst + delta / 2; // round down
         if (last > limit) {
           last = limit;
@@ -324,7 +324,8 @@ namespace bw_fmt
     char UPPER_DIGITS[]                                 = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
     char LOWER_DIGITS[]                                 = "0123456789abcdefghijklmnopqrstuvwxyz";
     static const std::array POWERS_OF_TEN = {
-      {1, 10, 100, 1000, 10000, 100000, 1000000, 10000000, 100000000, 1000000000, 10000000000}};
+      {1, 10, 100, 1000, 10000, 100000, 1000000, 10000000, 100000000, 1000000000, 10000000000}
+    };
   } // namespace
 
   /// Templated radix based conversions. Only a small number of radix are supported
@@ -340,7 +341,7 @@ namespace bw_fmt
     if (n) {
       while (n) {
         *--out = digits[n % RADIX];
-        n /= RADIX;
+        n      /= RADIX;
       }
     } else {
       *--out = '0';
@@ -757,142 +758,77 @@ bwformat(BufferWriter &w, BWFSpec const &spec, bwf::Errno const &e)
   // Hand rolled, might not be totally compliant everywhere, but probably close enough.
   // The long string will be locally accurate.
   // Clang requires the double braces. Why, Turing only knows.
-  static const std::array SHORT_NAME = {{
-    "SUCCESS: ",
-    "EPERM: ",
-    "ENOENT: ",
-    "ESRCH: ",
-    "EINTR: ",
-    "EIO: ",
-    "ENXIO: ",
-    "E2BIG ",
-    "ENOEXEC: ",
-    "EBADF: ",
-    "ECHILD: ",
-    "EAGAIN: ",
-    "ENOMEM: ",
-    "EACCES: ",
-    "EFAULT: ",
-    "ENOTBLK: ",
-    "EBUSY: ",
-    "EEXIST: ",
-    "EXDEV: ",
-    "ENODEV: ",
-    "ENOTDIR: ",
-    "EISDIR: ",
-    "EINVAL: ",
-    "ENFILE: ",
-    "EMFILE: ",
-    "ENOTTY: ",
-    "ETXTBSY: ",
-    "EFBIG: ",
-    "ENOSPC: ",
-    "ESPIPE: ",
-    "EROFS: ",
-    "EMLINK: ",
-    "EPIPE: ",
-    "EDOM: ",
-    "ERANGE: ",
-    "EDEADLK: ",
-    "ENAMETOOLONG: ",
-    "ENOLCK: ",
-    "ENOSYS: ",
-    "ENOTEMPTY: ",
-    "ELOOP: ",
-    "EWOULDBLOCK: ",
-    "ENOMSG: ",
-    "EIDRM: ",
-    "ECHRNG: ",
-    "EL2NSYNC: ",
-    "EL3HLT: ",
-    "EL3RST: ",
-    "ELNRNG: ",
-    "EUNATCH: ",
-    "ENOCSI: ",
-    "EL2HTL: ",
-    "EBADE: ",
-    "EBADR: ",
-    "EXFULL: ",
-    "ENOANO: ",
-    "EBADRQC: ",
-    "EBADSLT: ",
-    "EDEADLOCK: ",
-    "EBFONT: ",
-    "ENOSTR: ",
-    "ENODATA: ",
-    "ETIME: ",
-    "ENOSR: ",
-    "ENONET: ",
-    "ENOPKG: ",
-    "EREMOTE: ",
-    "ENOLINK: ",
-    "EADV: ",
-    "ESRMNT: ",
-    "ECOMM: ",
-    "EPROTO: ",
-    "EMULTIHOP: ",
-    "EDOTDOT: ",
-    "EBADMSG: ",
-    "EOVERFLOW: ",
-    "ENOTUNIQ: ",
-    "EBADFD: ",
-    "EREMCHG: ",
-    "ELIBACC: ",
-    "ELIBBAD: ",
-    "ELIBSCN: ",
-    "ELIBMAX: ",
-    "ELIBEXEC: ",
-    "EILSEQ: ",
-    "ERESTART: ",
-    "ESTRPIPE: ",
-    "EUSERS: ",
-    "ENOTSOCK: ",
-    "EDESTADDRREQ: ",
-    "EMSGSIZE: ",
-    "EPROTOTYPE: ",
-    "ENOPROTOOPT: ",
-    "EPROTONOSUPPORT: ",
-    "ESOCKTNOSUPPORT: ",
-    "EOPNOTSUPP: ",
-    "EPFNOSUPPORT: ",
-    "EAFNOSUPPORT: ",
-    "EADDRINUSE: ",
-    "EADDRNOTAVAIL: ",
-    "ENETDOWN: ",
-    "ENETUNREACH: ",
-    "ENETRESET: ",
-    "ECONNABORTED: ",
-    "ECONNRESET: ",
-    "ENOBUFS: ",
-    "EISCONN: ",
-    "ENOTCONN: ",
-    "ESHUTDOWN: ",
-    "ETOOMANYREFS: ",
-    "ETIMEDOUT: ",
-    "ECONNREFUSED: ",
-    "EHOSTDOWN: ",
-    "EHOSTUNREACH: ",
-    "EALREADY: ",
-    "EINPROGRESS: ",
-    "ESTALE: ",
-    "EUCLEAN: ",
-    "ENOTNAM: ",
-    "ENAVAIL: ",
-    "EISNAM: ",
-    "EREMOTEIO: ",
-    "EDQUOT: ",
-    "ENOMEDIUM: ",
-    "EMEDIUMTYPE: ",
-    "ECANCELED: ",
-    "ENOKEY: ",
-    "EKEYEXPIRED: ",
-    "EKEYREVOKED: ",
-    "EKEYREJECTED: ",
-    "EOWNERDEAD: ",
-    "ENOTRECOVERABLE: ",
-    "ERFKILL: ",
-    "EHWPOISON: ",
-  }};
+  static const std::array SHORT_NAME = {
+    {
+     "SUCCESS: ", "EPERM: ",
+     "ENOENT: ", "ESRCH: ",
+     "EINTR: ", "EIO: ",
+     "ENXIO: ", "E2BIG ",
+     "ENOEXEC: ", "EBADF: ",
+     "ECHILD: ", "EAGAIN: ",
+     "ENOMEM: ", "EACCES: ",
+     "EFAULT: ", "ENOTBLK: ",
+     "EBUSY: ", "EEXIST: ",
+     "EXDEV: ", "ENODEV: ",
+     "ENOTDIR: ", "EISDIR: ",
+     "EINVAL: ", "ENFILE: ",
+     "EMFILE: ", "ENOTTY: ",
+     "ETXTBSY: ", "EFBIG: ",
+     "ENOSPC: ", "ESPIPE: ",
+     "EROFS: ", "EMLINK: ",
+     "EPIPE: ", "EDOM: ",
+     "ERANGE: ", "EDEADLK: ",
+     "ENAMETOOLONG: ", "ENOLCK: ",
+     "ENOSYS: ", "ENOTEMPTY: ",
+     "ELOOP: ", "EWOULDBLOCK: ",
+     "ENOMSG: ", "EIDRM: ",
+     "ECHRNG: ", "EL2NSYNC: ",
+     "EL3HLT: ", "EL3RST: ",
+     "ELNRNG: ", "EUNATCH: ",
+     "ENOCSI: ", "EL2HTL: ",
+     "EBADE: ", "EBADR: ",
+     "EXFULL: ", "ENOANO: ",
+     "EBADRQC: ", "EBADSLT: ",
+     "EDEADLOCK: ", "EBFONT: ",
+     "ENOSTR: ", "ENODATA: ",
+     "ETIME: ", "ENOSR: ",
+     "ENONET: ", "ENOPKG: ",
+     "EREMOTE: ", "ENOLINK: ",
+     "EADV: ", "ESRMNT: ",
+     "ECOMM: ", "EPROTO: ",
+     "EMULTIHOP: ", "EDOTDOT: ",
+     "EBADMSG: ", "EOVERFLOW: ",
+     "ENOTUNIQ: ", "EBADFD: ",
+     "EREMCHG: ", "ELIBACC: ",
+     "ELIBBAD: ", "ELIBSCN: ",
+     "ELIBMAX: ", "ELIBEXEC: ",
+     "EILSEQ: ", "ERESTART: ",
+     "ESTRPIPE: ", "EUSERS: ",
+     "ENOTSOCK: ", "EDESTADDRREQ: ",
+     "EMSGSIZE: ", "EPROTOTYPE: ",
+     "ENOPROTOOPT: ", "EPROTONOSUPPORT: ",
+     "ESOCKTNOSUPPORT: ", "EOPNOTSUPP: ",
+     "EPFNOSUPPORT: ", "EAFNOSUPPORT: ",
+     "EADDRINUSE: ", "EADDRNOTAVAIL: ",
+     "ENETDOWN: ", "ENETUNREACH: ",
+     "ENETRESET: ", "ECONNABORTED: ",
+     "ECONNRESET: ", "ENOBUFS: ",
+     "EISCONN: ", "ENOTCONN: ",
+     "ESHUTDOWN: ", "ETOOMANYREFS: ",
+     "ETIMEDOUT: ", "ECONNREFUSED: ",
+     "EHOSTDOWN: ", "EHOSTUNREACH: ",
+     "EALREADY: ", "EINPROGRESS: ",
+     "ESTALE: ", "EUCLEAN: ",
+     "ENOTNAM: ", "ENAVAIL: ",
+     "EISNAM: ", "EREMOTEIO: ",
+     "EDQUOT: ", "ENOMEDIUM: ",
+     "EMEDIUMTYPE: ", "ECANCELED: ",
+     "ENOKEY: ", "EKEYEXPIRED: ",
+     "EKEYREVOKED: ", "EKEYREJECTED: ",
+     "EOWNERDEAD: ", "ENOTRECOVERABLE: ",
+     "ERFKILL: ", "EHWPOISON: ",
+     }
+  };
   // This provides convenient safe access to the errno short name array.
   auto short_name = [](int n) { return n < static_cast(SHORT_NAME.size()) ? SHORT_NAME[n] : "Unknown: "sv; };
   static const BWFormat number_fmt{"[{}]"sv}; // numeric value format.
diff --git a/src/tscore/CryptoHash.cc b/src/tscore/CryptoHash.cc
index 35fcbef3a65..8ee07eec11f 100644
--- a/src/tscore/CryptoHash.cc
+++ b/src/tscore/CryptoHash.cc
@@ -88,7 +88,7 @@ ink_code_to_hex_str(char *dest, uint8_t const *hash)
     *(d + 5) = hex_digits[hash[i + 2] & 15];
     *(d + 6) = hex_digits[hash[i + 3] >> 4];
     *(d + 7) = hex_digits[hash[i + 3] & 15];
-    d += 8;
+    d        += 8;
   }
   *d = '\0';
   return (dest);
diff --git a/src/tscore/Extendible.cc b/src/tscore/Extendible.cc
index c3003539252..e6e7cd83b71 100644
--- a/src/tscore/Extendible.cc
+++ b/src/tscore/Extendible.cc
@@ -61,7 +61,7 @@ namespace details
         auto &fld = pair_fld.second;
         if (fld.align == processing_align) {
           fld.field_offset = acc_offset;
-          acc_offset += fld.size;
+          acc_offset       += fld.size;
         } else if (fld.align < processing_align) {
           next_align = std::max(next_align, fld.align);
         }
diff --git a/src/tscore/HashSip.cc b/src/tscore/HashSip.cc
index 700f5f4f495..d2737518485 100644
--- a/src/tscore/HashSip.cc
+++ b/src/tscore/HashSip.cc
@@ -59,7 +59,7 @@ ATSHash64Sip24::update(const void *data, size_t len)
   uint8_t block_off = 0;
 
   if (!finalized) {
-    m = (unsigned char *)data;
+    m         = (unsigned char *)data;
     total_len += len;
 
     if (len + block_buffer_len < SIP_BLOCK_SIZE) {
diff --git a/src/tscore/IpMap.cc b/src/tscore/IpMap.cc
index 481ea0307f7..5200e1c19aa 100644
--- a/src/tscore/IpMap.cc
+++ b/src/tscore/IpMap.cc
@@ -760,7 +760,10 @@ namespace detail
     return w;
   }
 
-  template  IpMapBase::~IpMapBase() { this->clear(); }
+  template  IpMapBase::~IpMapBase()
+  {
+    this->clear();
+  }
 
   //----------------------------------------------------------------------------
   using Ip4Span = Interval;
diff --git a/src/tscore/Layout.cc b/src/tscore/Layout.cc
index e2cb534b23e..795d0fa17cf 100644
--- a/src/tscore/Layout.cc
+++ b/src/tscore/Layout.cc
@@ -126,13 +126,13 @@ Layout::runroot_setup()
   // If some path values are not in runroot.yaml, we give it a default value instead of error out.
   prefix      = dir_map[LAYOUT_PREFIX].empty() ? runroot_file.substr(0, runroot_file.find_last_of('/')) : dir_map[LAYOUT_PREFIX];
   exec_prefix = dir_map[LAYOUT_EXEC_PREFIX].empty() ? prefix : dir_map[LAYOUT_EXEC_PREFIX];
-  bindir = dir_map[LAYOUT_BINDIR].empty() ? layout_relative(prefix, TS_BUILD_BINDIR) : bindir = dir_map[LAYOUT_BINDIR];
-  sbindir    = dir_map[LAYOUT_SBINDIR].empty() ? layout_relative(prefix, TS_BUILD_SBINDIR) : dir_map[LAYOUT_SBINDIR];
-  sysconfdir = dir_map[LAYOUT_SYSCONFDIR].empty() ? layout_relative(prefix, TS_BUILD_SYSCONFDIR) : dir_map[LAYOUT_SYSCONFDIR];
-  datadir    = dir_map[LAYOUT_DATADIR].empty() ? layout_relative(prefix, TS_BUILD_DATADIR) : dir_map[LAYOUT_DATADIR];
-  includedir = dir_map[LAYOUT_INCLUDEDIR].empty() ? layout_relative(prefix, TS_BUILD_INCLUDEDIR) : dir_map[LAYOUT_INCLUDEDIR];
-  libdir     = dir_map[LAYOUT_LIBDIR].empty() ? layout_relative(prefix, TS_BUILD_LIBDIR) : dir_map[LAYOUT_LIBDIR];
-  libexecdir = dir_map[LAYOUT_LIBEXECDIR].empty() ? layout_relative(prefix, TS_BUILD_LIBEXECDIR) : dir_map[LAYOUT_LIBEXECDIR];
+  bindir      = dir_map[LAYOUT_BINDIR].empty() ? layout_relative(prefix, TS_BUILD_BINDIR) : bindir = dir_map[LAYOUT_BINDIR];
+  sbindir     = dir_map[LAYOUT_SBINDIR].empty() ? layout_relative(prefix, TS_BUILD_SBINDIR) : dir_map[LAYOUT_SBINDIR];
+  sysconfdir  = dir_map[LAYOUT_SYSCONFDIR].empty() ? layout_relative(prefix, TS_BUILD_SYSCONFDIR) : dir_map[LAYOUT_SYSCONFDIR];
+  datadir     = dir_map[LAYOUT_DATADIR].empty() ? layout_relative(prefix, TS_BUILD_DATADIR) : dir_map[LAYOUT_DATADIR];
+  includedir  = dir_map[LAYOUT_INCLUDEDIR].empty() ? layout_relative(prefix, TS_BUILD_INCLUDEDIR) : dir_map[LAYOUT_INCLUDEDIR];
+  libdir      = dir_map[LAYOUT_LIBDIR].empty() ? layout_relative(prefix, TS_BUILD_LIBDIR) : dir_map[LAYOUT_LIBDIR];
+  libexecdir  = dir_map[LAYOUT_LIBEXECDIR].empty() ? layout_relative(prefix, TS_BUILD_LIBEXECDIR) : dir_map[LAYOUT_LIBEXECDIR];
   localstatedir =
     dir_map[LAYOUT_LOCALSTATEDIR].empty() ? layout_relative(prefix, TS_BUILD_LOCALSTATEDIR) : dir_map[LAYOUT_LOCALSTATEDIR];
   runtimedir = dir_map[LAYOUT_RUNTIMEDIR].empty() ? layout_relative(prefix, TS_BUILD_RUNTIMEDIR) : dir_map[LAYOUT_RUNTIMEDIR];
diff --git a/src/tscore/MMH.cc b/src/tscore/MMH.cc
index b0ed1460671..0caca25208e 100644
--- a/src/tscore/MMH.cc
+++ b/src/tscore/MMH.cc
@@ -107,12 +107,12 @@ ink_code_MMH(unsigned char *input, int len, unsigned char *sixteen_byte_hash)
 static inline void
 MMH_update(MMH_CTX *ctx, unsigned char *ab)
 {
-  uint32_t *b = reinterpret_cast(ab);
+  uint32_t *b   = reinterpret_cast(ab);
   ctx->state[0] += b[0] * MMH_x[(ctx->blocks + 0) % MMH_X_SIZE];
   ctx->state[1] += b[1] * MMH_x[(ctx->blocks + 1) % MMH_X_SIZE];
   ctx->state[2] += b[2] * MMH_x[(ctx->blocks + 2) % MMH_X_SIZE];
   ctx->state[3] += b[3] * MMH_x[(ctx->blocks + 3) % MMH_X_SIZE];
-  ctx->blocks += 4;
+  ctx->blocks   += 4;
 }
 
 static inline void
@@ -120,15 +120,15 @@ MMH_updateb1(MMH_CTX *ctx, unsigned char *ab)
 {
   uint32_t *b = reinterpret_cast(ab - 1);
   uint32_t b0 = b[0], b1 = b[1], b2 = b[2], b3 = b[3], b4 = b[4];
-  b0 = (b0 << 8) + (b1 >> 24);
-  b1 = (b1 << 8) + (b2 >> 24);
-  b2 = (b2 << 8) + (b3 >> 24);
-  b3 = (b3 << 8) + (b4 >> 24);
+  b0            = (b0 << 8) + (b1 >> 24);
+  b1            = (b1 << 8) + (b2 >> 24);
+  b2            = (b2 << 8) + (b3 >> 24);
+  b3            = (b3 << 8) + (b4 >> 24);
   ctx->state[0] += b0 * MMH_x[(ctx->blocks + 0) % MMH_X_SIZE];
   ctx->state[1] += b1 * MMH_x[(ctx->blocks + 1) % MMH_X_SIZE];
   ctx->state[2] += b2 * MMH_x[(ctx->blocks + 2) % MMH_X_SIZE];
   ctx->state[3] += b3 * MMH_x[(ctx->blocks + 3) % MMH_X_SIZE];
-  ctx->blocks += 4;
+  ctx->blocks   += 4;
 }
 
 static inline void
@@ -136,15 +136,15 @@ MMH_updateb2(MMH_CTX *ctx, unsigned char *ab)
 {
   uint32_t *b = reinterpret_cast(ab - 2);
   uint32_t b0 = b[0], b1 = b[1], b2 = b[2], b3 = b[3], b4 = b[4];
-  b0 = (b0 << 16) + (b1 >> 16);
-  b1 = (b1 << 16) + (b2 >> 16);
-  b2 = (b2 << 16) + (b3 >> 16);
-  b3 = (b3 << 16) + (b4 >> 16);
+  b0            = (b0 << 16) + (b1 >> 16);
+  b1            = (b1 << 16) + (b2 >> 16);
+  b2            = (b2 << 16) + (b3 >> 16);
+  b3            = (b3 << 16) + (b4 >> 16);
   ctx->state[0] += b0 * MMH_x[(ctx->blocks + 0) % MMH_X_SIZE];
   ctx->state[1] += b1 * MMH_x[(ctx->blocks + 1) % MMH_X_SIZE];
   ctx->state[2] += b2 * MMH_x[(ctx->blocks + 2) % MMH_X_SIZE];
   ctx->state[3] += b3 * MMH_x[(ctx->blocks + 3) % MMH_X_SIZE];
-  ctx->blocks += 4;
+  ctx->blocks   += 4;
 }
 
 static inline void
@@ -152,15 +152,15 @@ MMH_updateb3(MMH_CTX *ctx, unsigned char *ab)
 {
   uint32_t *b = reinterpret_cast(ab - 3);
   uint32_t b0 = b[0], b1 = b[1], b2 = b[2], b3 = b[3], b4 = b[4];
-  b0 = (b0 << 24) + (b1 >> 8);
-  b1 = (b1 << 24) + (b2 >> 8);
-  b2 = (b2 << 24) + (b3 >> 8);
-  b3 = (b3 << 24) + (b4 >> 8);
+  b0            = (b0 << 24) + (b1 >> 8);
+  b1            = (b1 << 24) + (b2 >> 8);
+  b2            = (b2 << 24) + (b3 >> 8);
+  b3            = (b3 << 24) + (b4 >> 8);
   ctx->state[0] += b0 * MMH_x[(ctx->blocks + 0) % MMH_X_SIZE];
   ctx->state[1] += b1 * MMH_x[(ctx->blocks + 1) % MMH_X_SIZE];
   ctx->state[2] += b2 * MMH_x[(ctx->blocks + 2) % MMH_X_SIZE];
   ctx->state[3] += b3 * MMH_x[(ctx->blocks + 3) % MMH_X_SIZE];
-  ctx->blocks += 4;
+  ctx->blocks   += 4;
 }
 
 static inline void
@@ -168,15 +168,15 @@ MMH_updatel1(MMH_CTX *ctx, unsigned char *ab)
 {
   uint32_t *b = reinterpret_cast(ab - 1);
   uint32_t b0 = b[0], b1 = b[1], b2 = b[2], b3 = b[3], b4 = b[4];
-  b0 = (b0 >> 8) + (b1 << 24);
-  b1 = (b1 >> 8) + (b2 << 24);
-  b2 = (b2 >> 8) + (b3 << 24);
-  b3 = (b3 >> 8) + (b4 << 24);
+  b0            = (b0 >> 8) + (b1 << 24);
+  b1            = (b1 >> 8) + (b2 << 24);
+  b2            = (b2 >> 8) + (b3 << 24);
+  b3            = (b3 >> 8) + (b4 << 24);
   ctx->state[0] += b0 * MMH_x[(ctx->blocks + 0) % MMH_X_SIZE];
   ctx->state[1] += b1 * MMH_x[(ctx->blocks + 1) % MMH_X_SIZE];
   ctx->state[2] += b2 * MMH_x[(ctx->blocks + 2) % MMH_X_SIZE];
   ctx->state[3] += b3 * MMH_x[(ctx->blocks + 3) % MMH_X_SIZE];
-  ctx->blocks += 4;
+  ctx->blocks   += 4;
 }
 
 static inline void
@@ -184,15 +184,15 @@ MMH_updatel2(MMH_CTX *ctx, unsigned char *ab)
 {
   uint32_t *b = reinterpret_cast(ab - 2);
   uint32_t b0 = b[0], b1 = b[1], b2 = b[2], b3 = b[3], b4 = b[4];
-  b0 = (b0 >> 16) + (b1 << 16);
-  b1 = (b1 >> 16) + (b2 << 16);
-  b2 = (b2 >> 16) + (b3 << 16);
-  b3 = (b3 >> 16) + (b4 << 16);
+  b0            = (b0 >> 16) + (b1 << 16);
+  b1            = (b1 >> 16) + (b2 << 16);
+  b2            = (b2 >> 16) + (b3 << 16);
+  b3            = (b3 >> 16) + (b4 << 16);
   ctx->state[0] += b0 * MMH_x[(ctx->blocks + 0) % MMH_X_SIZE];
   ctx->state[1] += b1 * MMH_x[(ctx->blocks + 1) % MMH_X_SIZE];
   ctx->state[2] += b2 * MMH_x[(ctx->blocks + 2) % MMH_X_SIZE];
   ctx->state[3] += b3 * MMH_x[(ctx->blocks + 3) % MMH_X_SIZE];
-  ctx->blocks += 4;
+  ctx->blocks   += 4;
 }
 
 static inline void
@@ -200,15 +200,15 @@ MMH_updatel3(MMH_CTX *ctx, unsigned char *ab)
 {
   uint32_t *b = reinterpret_cast(ab - 3);
   uint32_t b0 = b[0], b1 = b[1], b2 = b[2], b3 = b[3], b4 = b[4];
-  b0 = (b0 >> 24) + (b1 << 8);
-  b1 = (b1 >> 24) + (b2 << 8);
-  b2 = (b2 >> 24) + (b3 << 8);
-  b3 = (b3 >> 24) + (b4 << 8);
+  b0            = (b0 >> 24) + (b1 << 8);
+  b1            = (b1 >> 24) + (b2 << 8);
+  b2            = (b2 >> 24) + (b3 << 8);
+  b3            = (b3 >> 24) + (b4 << 8);
   ctx->state[0] += b0 * MMH_x[(ctx->blocks + 0) % MMH_X_SIZE];
   ctx->state[1] += b1 * MMH_x[(ctx->blocks + 1) % MMH_X_SIZE];
   ctx->state[2] += b2 * MMH_x[(ctx->blocks + 2) % MMH_X_SIZE];
   ctx->state[3] += b3 * MMH_x[(ctx->blocks + 3) % MMH_X_SIZE];
-  ctx->blocks += 4;
+  ctx->blocks   += 4;
 }
 
 int
@@ -221,7 +221,7 @@ ink_code_incr_MMH_update(MMH_CTX *ctx, const char *ainput, int input_length)
     if (input_length >= l) {
       memcpy(ctx->buffer + ctx->buffer_size, in, l);
       ctx->buffer_size = 0;
-      in += l;
+      in               += l;
       if (ctx->buffer_size & 0x0f) {
         return 0;
       }
@@ -286,7 +286,7 @@ ink_code_incr_MMH_update(MMH_CTX *ctx, const char *ainput, int input_length)
   }
 Lstore:
   if (end - in) {
-    int oldbs = ctx->buffer_size;
+    int oldbs        = ctx->buffer_size;
     ctx->buffer_size += static_cast(end - in);
 #ifndef TEST
     ink_assert(ctx->buffer_size < 16);
diff --git a/src/tscore/MatcherUtils.cc b/src/tscore/MatcherUtils.cc
index e63b380da06..5df6f7f3ea9 100644
--- a/src/tscore/MatcherUtils.cc
+++ b/src/tscore/MatcherUtils.cc
@@ -98,7 +98,7 @@ readIntoBuffer(const char *file_path, const char *module_name, int *read_size_pt
       break;
     }
 
-    buf += ret;
+    buf       += ret;
     read_size += ret;
   }
 
@@ -381,7 +381,7 @@ processDurationString(char *str, int *seconds)
       }
 
       result += (multiplier * tmp);
-      s = current + 1;
+      s      = current + 1;
     }
     current++;
   }
@@ -511,7 +511,7 @@ parseConfigLine(char *line, matcher_line *p_line, const matcher_tags *tags)
             ink_assert(bytesCopy > 0);
 
             copyForward += bytesCopy;
-            copyFrom = s + 1;
+            copyFrom    = s + 1;
           } else {
             copyForward = s;
             copyFrom    = s + 1;
diff --git a/src/tscore/MemArena.cc b/src/tscore/MemArena.cc
index 4010d5e44a4..24d9714bd85 100644
--- a/src/tscore/MemArena.cc
+++ b/src/tscore/MemArena.cc
@@ -64,7 +64,7 @@ MemArena::make_block(size_t n)
   // Allocate space for the Block instance and the request memory and construct a Block at the front.
   // In theory this could use ::operator new(n) but this causes a size mismatch during ::operator delete.
   // Easier to use malloc and override @c delete.
-  auto free_space = n - sizeof(Block);
+  auto free_space  = n - sizeof(Block);
   _active_reserved += free_space;
   return BlockPtr(new (::malloc(n)) Block(free_space));
 }
diff --git a/src/tscore/ParseRules.cc b/src/tscore/ParseRules.cc
index 020749e784a..57e7391c25c 100644
--- a/src/tscore/ParseRules.cc
+++ b/src/tscore/ParseRules.cc
@@ -65,7 +65,7 @@ ink_atoi64(const char *str, const char **end)
   } else {
     if (unlikely(*str == '-')) {
       negative = 1;
-      str += 1;
+      str      += 1;
     }
 
     /*
@@ -163,7 +163,7 @@ ink_atoi64(const char *str, int len)
   } else {
     if (unlikely(*str == '-')) {
       negative = 1;
-      str += 1;
+      str      += 1;
     }
 
     /*
diff --git a/src/tscore/Regression.cc b/src/tscore/Regression.cc
index 137d8daf35d..cb648869eea 100644
--- a/src/tscore/Regression.cc
+++ b/src/tscore/Regression.cc
@@ -217,9 +217,9 @@ RegressionTest::main(int /* argc */, const char **argv, int level)
   int regression_level       = level;
 
   const ArgumentDescription argument_descriptions[] = {
-    {"regression", 'R', "Regression Level (quick:1..long:3)", "I", ®ression_level, "PROXY_REGRESSION", nullptr},
-    {"regression_test", 'r', "Run Specific Regression Test", "S512", regression_test, "PROXY_REGRESSION_TEST", nullptr},
-    {"regression_list", 'l', "List Regression Tests", "T", ®ression_list, "PROXY_REGRESSION_LIST", nullptr},
+    {"regression",      'R', "Regression Level (quick:1..long:3)", "I",    ®ression_level, "PROXY_REGRESSION",      nullptr},
+    {"regression_test", 'r', "Run Specific Regression Test",       "S512", regression_test,   "PROXY_REGRESSION_TEST", nullptr},
+    {"regression_list", 'l', "List Regression Tests",              "T",    ®ression_list,  "PROXY_REGRESSION_LIST", nullptr},
   };
 
   AppVersionInfo version;
diff --git a/src/tscore/SourceLocation.cc b/src/tscore/SourceLocation.cc
index c586935b6ab..d5dbe873b95 100644
--- a/src/tscore/SourceLocation.cc
+++ b/src/tscore/SourceLocation.cc
@@ -60,7 +60,10 @@ ts::BufferWriter &
 SourceLocation::print(ts::BufferWriter &w, ts::BWFSpec const &) const
 {
   if (this->valid()) {
-    ts::TextView base{ts::TextView{file, strlen(file)}.take_suffix_at('/')};
+    ts::TextView base{
+      ts::TextView{file, strlen(file)}
+      .take_suffix_at('/')
+    };
     w.print("{}:{}{}", base, line, ts::bwf::OptionalAffix(func, ")"_sv, " ("_sv));
   };
   return w;
diff --git a/src/tscore/TextBuffer.cc b/src/tscore/TextBuffer.cc
index 58054a54f63..670aef2ef37 100644
--- a/src/tscore/TextBuffer.cc
+++ b/src/tscore/TextBuffer.cc
@@ -106,7 +106,7 @@ TextBuffer::copyFrom(const void *source, unsigned num_bytes)
   memcpy(nextAdd, source, num_bytes);
   spaceLeft -= num_bytes;
 
-  nextAdd += num_bytes;
+  nextAdd    += num_bytes;
   nextAdd[0] = '\0';
 
   return num_bytes;
@@ -139,7 +139,7 @@ TextBuffer::enlargeBuffer(unsigned N)
     if (newSpace != nullptr) {
       nextAdd     = newSpace + static_cast(nextAdd - bufferStart);
       bufferStart = newSpace;
-      spaceLeft += addedSize;
+      spaceLeft   += addedSize;
       currentSize = newSize;
     } else {
       // Out of Memory, Sigh
@@ -179,7 +179,7 @@ TextBuffer::rawReadFromFile(int fd)
     // Error on read
     return readSize;
   } else {
-    nextAdd = nextAdd + readSize;
+    nextAdd   = nextAdd + readSize;
     spaceLeft -= readSize;
     return readSize;
   }
@@ -225,7 +225,7 @@ TextBuffer::readFromFD(int fd)
   } else {
     nextAdd    = nextAdd + readSize;
     nextAdd[0] = '\0';
-    spaceLeft -= readSize + 1;
+    spaceLeft  -= readSize + 1;
     return readSize;
   }
 }
@@ -250,8 +250,8 @@ TextBuffer::vformat(const char *fmt, va_list ap)
       // count does not include the NUL, we can just increment and the next format will
       // overwrite the previous NUL.
       this->spaceLeft -= num;
-      this->nextAdd += num;
-      done = true;
+      this->nextAdd   += num;
+      done            = true;
     } else {
       if (enlargeBuffer(num + 1) == -1) {
         return;
diff --git a/src/tscore/hugepages.cc b/src/tscore/hugepages.cc
index 3b7067a2772..f0e05c4e2ea 100644
--- a/src/tscore/hugepages.cc
+++ b/src/tscore/hugepages.cc
@@ -28,9 +28,9 @@
 
 #ifdef MAP_HUGETLB
 #define MEMINFO_PATH "/proc/meminfo"
-#define LINE_SIZE 256
-#define TOKEN "Hugepagesize:"
-#define TOKEN_SIZE (strlen(TOKEN))
+#define LINE_SIZE    256
+#define TOKEN        "Hugepagesize:"
+#define TOKEN_SIZE   (strlen(TOKEN))
 
 static int hugepage_size = -1;
 static bool hugepage_enabled;
diff --git a/src/tscore/ink_base64.cc b/src/tscore/ink_base64.cc
index bc68758bc94..d845f42287c 100644
--- a/src/tscore/ink_base64.cc
+++ b/src/tscore/ink_base64.cc
@@ -53,7 +53,7 @@ ats_base64_encode(const unsigned char *inBuffer, size_t inBufferSize, char *outB
     *obuf++ = _codes[inBuffer[2] & 077];
 
     inBufferSize -= 3;
-    inBuffer += 3;
+    inBuffer     += 3;
   }
 
   /*
@@ -105,7 +105,7 @@ ats_base64_encode(const char *inBuffer, size_t inBufferSize, char *outBuffer, si
 #undef DECODE
 #endif
 
-#define DECODE(x) printableToSixBit[(unsigned char)x]
+#define DECODE(x)     printableToSixBit[(unsigned char)x]
 #define MAX_PRINT_VAL 63
 
 /* Converts a printable character to it's six bit representation */
@@ -143,9 +143,9 @@ ats_base64_decode(const char *inBuffer, size_t inBufferSize, unsigned char *outB
     buf[1] = static_cast(DECODE(inBuffer[1]) << 4 | DECODE(inBuffer[2]) >> 2);
     buf[2] = static_cast(DECODE(inBuffer[2]) << 6 | DECODE(inBuffer[3]));
 
-    buf += 3;
-    inBuffer += 4;
-    decodedBytes += 3;
+    buf               += 3;
+    inBuffer          += 4;
+    decodedBytes      += 3;
     inputBytesDecoded += 4;
   }
 
diff --git a/src/tscore/ink_file.cc b/src/tscore/ink_file.cc
index 6e960aaa726..cf444548114 100644
--- a/src/tscore/ink_file.cc
+++ b/src/tscore/ink_file.cc
@@ -365,7 +365,7 @@ ink_filepath_make(char *path, int pathsz, const char *rootpath, const char *addp
     return static_cast(maxlen);
   }
   ink_strlcpy(path, rootpath, pathsz);
-  path += rootlen;
+  path   += rootlen;
   pathsz -= rootlen;
   if (*(path - 1) != '/') {
     *(path++) = '/';
diff --git a/src/tscore/ink_hrtime.cc b/src/tscore/ink_hrtime.cc
index 9bffa1a53ce..39facb6fe33 100644
--- a/src/tscore/ink_hrtime.cc
+++ b/src/tscore/ink_hrtime.cc
@@ -74,7 +74,7 @@ int64_to_str(char *buf, unsigned int buf_size, int64_t val, unsigned int *total_
   } else {
     do {
       *working_buf-- = static_cast(val % 10) + '0';
-      val /= 10;
+      val            /= 10;
       ++num_chars;
     } while (val);
   }
diff --git a/src/tscore/ink_inet.cc b/src/tscore/ink_inet.cc
index 50e13e32841..09e0fe06a55 100644
--- a/src/tscore/ink_inet.cc
+++ b/src/tscore/ink_inet.cc
@@ -317,7 +317,7 @@ ats_ip_range_parse(std::string_view src, IpAddr &lower, IpAddr &upper)
             } else if (cidr <= 32) {
               lower = upper = addr;
               if (cidr < 32) {
-                in_addr_t mask = htonl(INADDR_BROADCAST << (32 - cidr));
+                in_addr_t mask   = htonl(INADDR_BROADCAST << (32 - cidr));
                 lower._addr._ip4 &= mask;
                 upper._addr._ip4 |= ~mask;
               }
@@ -345,7 +345,7 @@ ats_ip_range_parse(std::string_view src, IpAddr &lower, IpAddr &upper)
             } else if (cidr <= 128) { // lower bytes changed, upper bytes unaffected.
               lower = upper = addr;
               if (cidr < 128) {
-                mask = htobe64(~static_cast(0) << (128 - cidr));
+                mask                = htobe64(~static_cast(0) << (128 - cidr));
                 lower._addr._u64[1] &= mask;
                 upper._addr._u64[1] |= ~mask;
               }
diff --git a/src/tscore/ink_queue.cc b/src/tscore/ink_queue.cc
index c4364c1225b..059a18419fe 100644
--- a/src/tscore/ink_queue.cc
+++ b/src/tscore/ink_queue.cc
@@ -478,8 +478,8 @@ ink_freelists_dump(FILE *f)
             static_cast(fll->fl->used) * static_cast(fll->fl->type_size), static_cast(fll->fl->used),
             fll->fl->type_size, fll->fl->chunk_size, fll->fl->hugepages_failure, fll->fl->name ? fll->fl->name : "");
     total_allocated += static_cast(fll->fl->allocated) * static_cast(fll->fl->type_size);
-    total_used += static_cast(fll->fl->used) * static_cast(fll->fl->type_size);
-    fll = fll->next;
+    total_used      += static_cast(fll->fl->used) * static_cast(fll->fl->type_size);
+    fll             = fll->next;
   }
   fprintf(f, " %18" PRIu64 " | %18" PRIu64 " |            | TOTAL\n", total_allocated, total_used);
   fprintf(f, "-----------------------------------------------------------------------------------------\n");
diff --git a/src/tscore/ink_rand.cc b/src/tscore/ink_rand.cc
index edfaeaf5ad0..26f761215a1 100644
--- a/src/tscore/ink_rand.cc
+++ b/src/tscore/ink_rand.cc
@@ -57,11 +57,11 @@
 #include "tscore/ink_platform.h"
 #include "tscore/ink_rand.h"
 
-#define NN 312
-#define MM 156
+#define NN       312
+#define MM       156
 #define MATRIX_A 0xB5026F5AA96619E9ULL
-#define UM 0xFFFFFFFF80000000ULL /* Most significant 33 bits */
-#define LM 0x7FFFFFFFULL         /* Least significant 31 bits */
+#define UM       0xFFFFFFFF80000000ULL /* Most significant 33 bits */
+#define LM       0x7FFFFFFFULL         /* Least significant 31 bits */
 
 static uint64_t mag01[2] = {0ULL, MATRIX_A};
 
diff --git a/src/tscore/ink_res_init.cc b/src/tscore/ink_res_init.cc
index fdc34bf73ba..79f57e96d0e 100644
--- a/src/tscore/ink_res_init.cc
+++ b/src/tscore/ink_res_init.cc
@@ -94,7 +94,8 @@
 #endif
 
 HostResPreferenceOrder const HOST_RES_DEFAULT_PREFERENCE_ORDER = {
-  {HOST_RES_PREFER_IPV4, HOST_RES_PREFER_IPV6, HOST_RES_PREFER_NONE}};
+  {HOST_RES_PREFER_IPV4, HOST_RES_PREFER_IPV6, HOST_RES_PREFER_NONE}
+};
 
 HostResPreferenceOrder host_res_default_preference_order;
 
@@ -115,7 +116,7 @@ ink_res_nclose(ink_res_state statp)
   if (statp->_vcsock >= 0) {
     (void)close(statp->_vcsock);
     statp->_vcsock = -1;
-    statp->_flags &= ~(INK_RES_F_VC | INK_RES_F_CONN);
+    statp->_flags  &= ~(INK_RES_F_VC | INK_RES_F_CONN);
   }
 }
 
diff --git a/src/tscore/ink_string++.cc b/src/tscore/ink_string++.cc
index f5d1ab152c6..3fdbd1fe802 100644
--- a/src/tscore/ink_string++.cc
+++ b/src/tscore/ink_string++.cc
@@ -164,7 +164,7 @@ StrListOverflow::alloc(int size, StrListOverflow **new_heap_ptr)
 
   char *start = (reinterpret_cast(this)) + overflow_head_hdr_size;
   char *rval  = start + heap_used;
-  heap_used += size;
+  heap_used   += size;
   ink_assert(heap_used <= heap_size);
   return (void *)rval;
 }
diff --git a/src/tscore/ink_syslog.cc b/src/tscore/ink_syslog.cc
index 48d56d22d3a..f010a100b31 100644
--- a/src/tscore/ink_syslog.cc
+++ b/src/tscore/ink_syslog.cc
@@ -37,15 +37,25 @@ struct syslog_fac {
 };
 
 static const syslog_fac convert_table[] = {
-  {(char *)"LOG_KERN", (char *)"KERN", LOG_KERN},       {(char *)"LOG_USER", (char *)"USER", LOG_USER},
-  {(char *)"LOG_MAIL", (char *)"MAIL", LOG_MAIL},       {(char *)"LOG_DAEMON", (char *)"DAEMON", LOG_DAEMON},
-  {(char *)"LOG_AUTH", (char *)"AUTH", LOG_AUTH},       {(char *)"LOG_LPR", (char *)"LPR", LOG_LPR},
-  {(char *)"LOG_NEWS", (char *)"NEWS", LOG_NEWS},       {(char *)"LOG_UUCP", (char *)"UUCP", LOG_UUCP},
-  {(char *)"LOG_CRON", (char *)"CRON", LOG_CRON},       {(char *)"LOG_LOCAL0", (char *)"LOCAL0", LOG_LOCAL0},
-  {(char *)"LOG_LOCAL1", (char *)"LOCAL1", LOG_LOCAL1}, {(char *)"LOG_LOCAL2", (char *)"LOCAL2", LOG_LOCAL2},
-  {(char *)"LOG_LOCAL3", (char *)"LOCAL3", LOG_LOCAL3}, {(char *)"LOG_LOCAL4", (char *)"LOCAL4", LOG_LOCAL4},
-  {(char *)"LOG_LOCAL5", (char *)"LOCAL5", LOG_LOCAL5}, {(char *)"LOG_LOCAL6", (char *)"LOCAL6", LOG_LOCAL6},
-  {(char *)"LOG_LOCAL7", (char *)"LOCAL7", LOG_LOCAL7}, {(char *)"INVALID_LOG_FAC", (char *)"INVALID", -1}};
+  {(char *)"LOG_KERN",        (char *)"KERN",    LOG_KERN  },
+  {(char *)"LOG_USER",        (char *)"USER",    LOG_USER  },
+  {(char *)"LOG_MAIL",        (char *)"MAIL",    LOG_MAIL  },
+  {(char *)"LOG_DAEMON",      (char *)"DAEMON",  LOG_DAEMON},
+  {(char *)"LOG_AUTH",        (char *)"AUTH",    LOG_AUTH  },
+  {(char *)"LOG_LPR",         (char *)"LPR",     LOG_LPR   },
+  {(char *)"LOG_NEWS",        (char *)"NEWS",    LOG_NEWS  },
+  {(char *)"LOG_UUCP",        (char *)"UUCP",    LOG_UUCP  },
+  {(char *)"LOG_CRON",        (char *)"CRON",    LOG_CRON  },
+  {(char *)"LOG_LOCAL0",      (char *)"LOCAL0",  LOG_LOCAL0},
+  {(char *)"LOG_LOCAL1",      (char *)"LOCAL1",  LOG_LOCAL1},
+  {(char *)"LOG_LOCAL2",      (char *)"LOCAL2",  LOG_LOCAL2},
+  {(char *)"LOG_LOCAL3",      (char *)"LOCAL3",  LOG_LOCAL3},
+  {(char *)"LOG_LOCAL4",      (char *)"LOCAL4",  LOG_LOCAL4},
+  {(char *)"LOG_LOCAL5",      (char *)"LOCAL5",  LOG_LOCAL5},
+  {(char *)"LOG_LOCAL6",      (char *)"LOCAL6",  LOG_LOCAL6},
+  {(char *)"LOG_LOCAL7",      (char *)"LOCAL7",  LOG_LOCAL7},
+  {(char *)"INVALID_LOG_FAC", (char *)"INVALID", -1        }
+};
 static const int convert_table_size = sizeof(convert_table) / sizeof(syslog_fac) - 1;
 
 // int facility_string_to_int(const char* str)
diff --git a/src/tscore/lockfile.cc b/src/tscore/lockfile.cc
index cb7f975e549..62f8a0524f9 100644
--- a/src/tscore/lockfile.cc
+++ b/src/tscore/lockfile.cc
@@ -85,7 +85,7 @@ Lockfile::Open(pid_t *holding_pid)
       }
 
       size -= err;
-      t += err;
+      t    += err;
     }
 
     *t = '\0';
diff --git a/src/tscore/runroot.cc b/src/tscore/runroot.cc
index 7736a97629f..faf8d6d9098 100644
--- a/src/tscore/runroot.cc
+++ b/src/tscore/runroot.cc
@@ -194,7 +194,7 @@ runroot_handler(const char **argv, bool json)
   // if --run-root is provided
   if (!arg.empty() && arg != prefix) {
     // 1. pass in path
-    prefix += "=";
+    prefix            += "=";
     std::string value = arg.substr(prefix.size(), arg.size() - 1);
     path              = get_yaml_path(value);
     if (!path.empty()) {
diff --git a/src/tscore/test_atomic.cc b/src/tscore/test_atomic.cc
index bb2ff0f1be7..d95ee13ab42 100644
--- a/src/tscore/test_atomic.cc
+++ b/src/tscore/test_atomic.cc
@@ -33,7 +33,7 @@
 
 #ifndef LONG_ATOMICLIST_TEST
 
-#define MAX_ALIST_TEST 10
+#define MAX_ALIST_TEST  10
 #define MAX_ALIST_ARRAY 100000
 InkAtomicList al[MAX_ALIST_TEST];
 void *al_test[MAX_ALIST_TEST][MAX_ALIST_ARRAY];
@@ -60,9 +60,9 @@ testalist(void *ame)
 
 #ifdef LONG_ATOMICLIST_TEST
 /************************************************************************/
-#define MAX_ATOMIC_LISTS (4 * 1024)
+#define MAX_ATOMIC_LISTS   (4 * 1024)
 #define MAX_ITEMS_PER_LIST (1 * 1024)
-#define MAX_TEST_THREADS 64
+#define MAX_TEST_THREADS   64
 static InkAtomicList alists[MAX_ATOMIC_LISTS];
 struct listItem *items[MAX_ATOMIC_LISTS * MAX_ITEMS_PER_LIST];
 
diff --git a/src/tscore/unit_tests/freelist_benchmark.cc b/src/tscore/unit_tests/freelist_benchmark.cc
index 161f89a2f61..683e296c078 100644
--- a/src/tscore/unit_tests/freelist_benchmark.cc
+++ b/src/tscore/unit_tests/freelist_benchmark.cc
@@ -171,7 +171,10 @@ TEST_CASE("simple new and free", "")
   // go 100 times in default (--benchmark-samples)
   char name[16];
   snprintf(name, sizeof(name), "nthreads = %d", nthreads);
-  BENCHMARK(name) { return setup_test_case_1(nthreads); };
+  BENCHMARK(name)
+  {
+    return setup_test_case_1(nthreads);
+  };
 }
 } // namespace
 
diff --git a/src/tscore/unit_tests/test_AcidPtr.cc b/src/tscore/unit_tests/test_AcidPtr.cc
index da5c18718b8..56817eb6abd 100644
--- a/src/tscore/unit_tests/test_AcidPtr.cc
+++ b/src/tscore/unit_tests/test_AcidPtr.cc
@@ -112,7 +112,7 @@ TEST_CASE("AcidPtr Isolation")
   CHECK(*p.getPtr() == 40);
   {
     AcidCommitPtr w = p;
-    *w += 1;
+    *w                   += 1;
     CHECK(*p.getPtr() == 40); // new value not committed until end of scope
   }
   CHECK(*p.getPtr() == 41);
@@ -132,12 +132,12 @@ TEST_CASE("AcidPtr persistence")
   {
     AcidCommitPtr w = p;
     r2                   = p.getPtr();
-    *w += 1; // update p at end of scope
+    *w                   += 1; // update p at end of scope
   }
   r3 = p.getPtr();
   {
     *AcidCommitPtr(p) += 1; // leaves scope immediately if not named.
-    r4 = p.getPtr();
+    r4                     = p.getPtr();
   }
   CHECK(*r1 == 40); // references to data are still valid, but inconsistent. (todo: rename AcidPtr to AiPtr?)
   CHECK(*r2 == 40);
@@ -155,7 +155,7 @@ TEST_CASE("AcidPtr Abort")
   CHECK(*p.getPtr() == 40);
   {
     AcidCommitPtr w = p;
-    *w += 1;
+    *w                   += 1;
     w.abort();
     CHECK(w == nullptr);
   }
diff --git a/src/tscore/unit_tests/test_BufferWriter.cc b/src/tscore/unit_tests/test_BufferWriter.cc
index 52678b9aad6..f548e7870ae 100644
--- a/src/tscore/unit_tests/test_BufferWriter.cc
+++ b/src/tscore/unit_tests/test_BufferWriter.cc
@@ -80,8 +80,16 @@ TEST_CASE("BufferWriter::write(StringView)", "[BWWSV]")
     {
       return 0;
     }
-    X &clip(size_t) override { return *this; }
-    X &extend(size_t) override { return *this; }
+    X &
+    clip(size_t) override
+    {
+      return *this;
+    }
+    X &
+    extend(size_t) override
+    {
+      return *this;
+    }
     std::ostream &
     operator>>(std::ostream &stream) const override
     {
diff --git a/src/tscore/unit_tests/test_History.cc b/src/tscore/unit_tests/test_History.cc
index 7505f10aa4c..73cfab4a1a7 100644
--- a/src/tscore/unit_tests/test_History.cc
+++ b/src/tscore/unit_tests/test_History.cc
@@ -29,7 +29,7 @@
 
 using std::string_view;
 
-#define REMEMBER(e, r) history.push_back(MakeSourceLocation(), e, r)
+#define REMEMBER(e, r)        history.push_back(MakeSourceLocation(), e, r)
 #define SM_REMEMBER(sm, e, r) sm->history.push_back(MakeSourceLocation(), e, r)
 
 // State Machine mock
diff --git a/src/tscore/unit_tests/test_List.cc b/src/tscore/unit_tests/test_List.cc
index c0cbb816984..8b113ad2bbe 100644
--- a/src/tscore/unit_tests/test_List.cc
+++ b/src/tscore/unit_tests/test_List.cc
@@ -52,7 +52,7 @@ TEST_CASE("test list", "[libts][List]")
   int tot = 0;
   for (int i = 0; i < 101; i++) {
     Foo *foo = q.dequeue();
-    tot += foo->x;
+    tot      += foo->x;
     delete foo;
   }
   REQUIRE(tot == 4957);
diff --git a/src/tscore/unit_tests/test_MMH.cc b/src/tscore/unit_tests/test_MMH.cc
index 36fc53407ec..9821550a081 100644
--- a/src/tscore/unit_tests/test_MMH.cc
+++ b/src/tscore/unit_tests/test_MMH.cc
@@ -93,15 +93,15 @@ TEST_CASE("MMH", "[libts][MMH]")
   int l                  = sizeof(MMH_x);
   unsigned char *s1      = (unsigned char *)ats_malloc(l + sizeof(uint32_t));
   unsigned char *free_s1 = s1;
-  s1 += 1;
+  s1                     += 1;
   memcpy(s1, s, l);
   unsigned char *s2      = (unsigned char *)ats_malloc(l + sizeof(uint32_t));
   unsigned char *free_s2 = s2;
-  s2 += 2;
+  s2                     += 2;
   memcpy(s2, s, l);
   unsigned char *s3      = (unsigned char *)ats_malloc(l + sizeof(uint32_t));
   unsigned char *free_s3 = s3;
-  s3 += 3;
+  s3                     += 3;
   memcpy(s3, s, l);
 
   printf("test alignment\n");
diff --git a/src/tscore/unit_tests/test_Regex.cc b/src/tscore/unit_tests/test_Regex.cc
index e457345fd85..bb1aa301727 100644
--- a/src/tscore/unit_tests/test_Regex.cc
+++ b/src/tscore/unit_tests/test_Regex.cc
@@ -38,8 +38,10 @@ struct test_t {
   std::array tests;
 };
 
-std::array test_data{{{{"^foo"}, {{{{"foo"}, true}, {{"bar"}, false}, {{"foobar"}, true}, {{"foobarbaz"}, true}}}},
-                                 {{"foo$"}, {{{{"foo"}, true}, {{"bar"}, false}, {{"foobar"}, false}, {{"foobarbaz"}, false}}}}}};
+std::array test_data{
+  {{{"^foo"}, {{{{"foo"}, true}, {{"bar"}, false}, {{"foobar"}, true}, {{"foobarbaz"}, true}}}},
+   {{"foo$"}, {{{{"foo"}, true}, {{"bar"}, false}, {{"foobar"}, false}, {{"foobarbaz"}, false}}}}}
+};
 
 TEST_CASE("Regex", "[libts][Regex]")
 {
diff --git a/src/tscore/unit_tests/test_Version.cc b/src/tscore/unit_tests/test_Version.cc
index a962e3cbde6..c1ee8bd0942 100644
--- a/src/tscore/unit_tests/test_Version.cc
+++ b/src/tscore/unit_tests/test_Version.cc
@@ -34,12 +34,14 @@ TEST_CASE("AppVersionInfo", "[libts][version]")
   AppVersionInfo info;
 
   const char *errMsgFormat = "wrong build number, expected '%s', got '%s'\n";
-  const char *bench[][3]   = {// date, time, resulting build number
-                            {"Oct  4 1957", "19:28:34", BUILD_NUMBER},
-                            {"Oct  4 1957", "19:28:34", "100419"},
-                            {"Apr  4 1957", "09:08:04", "040409"},
-                            {" 4 Apr 1957", "09:08:04", "??????"},
-                            {"Apr  4 1957", "09-08-04", "??????"}};
+  const char *bench[][3]   = {
+  // date, time, resulting build number
+    {"Oct  4 1957", "19:28:34", BUILD_NUMBER},
+    {"Oct  4 1957", "19:28:34", "100419"    },
+    {"Apr  4 1957", "09:08:04", "040409"    },
+    {" 4 Apr 1957", "09:08:04", "??????"    },
+    {"Apr  4 1957", "09-08-04", "??????"    }
+  };
 
   int benchSize = sizeof(bench) / sizeof(bench[0]);
 
diff --git a/src/tscore/unit_tests/test_ink_inet.cc b/src/tscore/unit_tests/test_ink_inet.cc
index 4fd47475610..6fed519eaf1 100644
--- a/src/tscore/unit_tests/test_ink_inet.cc
+++ b/src/tscore/unit_tests/test_ink_inet.cc
@@ -43,18 +43,18 @@ TEST_CASE("ink_inet", "[libts][inet][ink_inet]")
   };
 
   constexpr ip_parse_spec names[] = {
-    {{"::"}, {"::"}, {nullptr}, {nullptr}},
-    {{"[::1]:99"}, {"::1"}, {"99"}, {nullptr}},
-    {{"127.0.0.1:8080"}, {"127.0.0.1"}, {"8080"}, {nullptr}},
-    {{"127.0.0.1:8080-Bob"}, {"127.0.0.1"}, {"8080"}, {"-Bob"}},
-    {{"127.0.0.1:"}, {"127.0.0.1"}, {nullptr}, {":"}},
-    {{"foo.example.com"}, {"foo.example.com"}, {nullptr}, {nullptr}},
-    {{"foo.example.com:99"}, {"foo.example.com"}, {"99"}, {nullptr}},
-    {{"ffee::24c3:3349:3cee:0143"}, {"ffee::24c3:3349:3cee:0143"}, {nullptr}, {nullptr}},
+    {{"::"},                                   {"::"},                                   {nullptr}, {nullptr}},
+    {{"[::1]:99"},                             {"::1"},                                  {"99"},    {nullptr}},
+    {{"127.0.0.1:8080"},                       {"127.0.0.1"},                            {"8080"},  {nullptr}},
+    {{"127.0.0.1:8080-Bob"},                   {"127.0.0.1"},                            {"8080"},  {"-Bob"} },
+    {{"127.0.0.1:"},                           {"127.0.0.1"},                            {nullptr}, {":"}    },
+    {{"foo.example.com"},                      {"foo.example.com"},                      {nullptr}, {nullptr}},
+    {{"foo.example.com:99"},                   {"foo.example.com"},                      {"99"},    {nullptr}},
+    {{"ffee::24c3:3349:3cee:0143"},            {"ffee::24c3:3349:3cee:0143"},            {nullptr}, {nullptr}},
     {{"fe80:88b5:4a:20c:29ff:feae:1c33:8080"}, {"fe80:88b5:4a:20c:29ff:feae:1c33:8080"}, {nullptr}, {nullptr}},
-    {{"[ffee::24c3:3349:3cee:0143]"}, {"ffee::24c3:3349:3cee:0143"}, {nullptr}, {nullptr}},
-    {{"[ffee::24c3:3349:3cee:0143]:80"}, {"ffee::24c3:3349:3cee:0143"}, {"80"}, {nullptr}},
-    {{"[ffee::24c3:3349:3cee:0143]:8080x"}, {"ffee::24c3:3349:3cee:0143"}, {"8080"}, {"x"}},
+    {{"[ffee::24c3:3349:3cee:0143]"},          {"ffee::24c3:3349:3cee:0143"},            {nullptr}, {nullptr}},
+    {{"[ffee::24c3:3349:3cee:0143]:80"},       {"ffee::24c3:3349:3cee:0143"},            {"80"},    {nullptr}},
+    {{"[ffee::24c3:3349:3cee:0143]:8080x"},    {"ffee::24c3:3349:3cee:0143"},            {"8080"},  {"x"}    },
   };
 
   for (auto const &s : names) {
diff --git a/src/tscpp/api/GzipDeflateTransformation.cc b/src/tscpp/api/GzipDeflateTransformation.cc
index d371e3076d1..2b25303804e 100644
--- a/src/tscpp/api/GzipDeflateTransformation.cc
+++ b/src/tscpp/api/GzipDeflateTransformation.cc
@@ -113,7 +113,7 @@ GzipDeflateTransformation::consume(std::string_view data)
       return;
     }
 
-    int bytes_to_write = buffer_size - state_->z_stream_.avail_out;
+    int bytes_to_write      = buffer_size - state_->z_stream_.avail_out;
     state_->bytes_produced_ += bytes_to_write;
 
     LOG_DEBUG("Iteration %d: Deflate compressed %ld bytes to %d bytes, producing output...", iteration, data.size(),
@@ -146,7 +146,7 @@ GzipDeflateTransformation::handleInputComplete()
 
     status = deflate(&state_->z_stream_, Z_FINISH);
 
-    int bytes_to_write = buffer_size - state_->z_stream_.avail_out;
+    int bytes_to_write      = buffer_size - state_->z_stream_.avail_out;
     state_->bytes_produced_ += bytes_to_write;
 
     if (status == Z_OK || status == Z_STREAM_END) {
diff --git a/src/tscpp/api/Headers.cc b/src/tscpp/api/Headers.cc
index 6b19ffdc171..2d113e68217 100644
--- a/src/tscpp/api/Headers.cc
+++ b/src/tscpp/api/Headers.cc
@@ -699,10 +699,10 @@ Headers::wireStr()
   string retval;
   for (auto &&iter : *this) {
     HeaderField hf = iter;
-    retval += hf.name().str();
-    retval += ": ";
-    retval += hf.values(", ");
-    retval += "\r\n";
+    retval         += hf.name().str();
+    retval         += ": ";
+    retval         += hf.values(", ");
+    retval         += "\r\n";
   }
   return retval;
 }
diff --git a/src/tscpp/api/InterceptPlugin.cc b/src/tscpp/api/InterceptPlugin.cc
index 2eb76175635..a5e45640237 100644
--- a/src/tscpp/api/InterceptPlugin.cc
+++ b/src/tscpp/api/InterceptPlugin.cc
@@ -246,7 +246,7 @@ InterceptPlugin::doRead()
         consume(string(data, num_body_bytes_in_block), InterceptPlugin::REQUEST_BODY);
       }
       consumed += data_len;
-      block = TSIOBufferBlockNext(block);
+      block    = TSIOBufferBlockNext(block);
     }
   }
   LOG_DEBUG("Consumed %d bytes from input vio", consumed);
@@ -287,7 +287,7 @@ InterceptPlugin::handleEvent(int abstract_event, void *edata)
     state_->input_.buffer_ = TSIOBufferCreate();
     state_->input_.reader_ = TSIOBufferReaderAlloc(state_->input_.buffer_);
     state_->input_.vio_    = TSVConnRead(state_->net_vc_, state_->cont_, state_->input_.buffer_,
-                                      INT64_MAX /* number of bytes to read - high value initially */);
+                                         INT64_MAX /* number of bytes to read - high value initially */);
 
     state_->hdr_buf_ = TSMBufferCreate();
     state_->hdr_loc_ = TSHttpHdrCreate(state_->hdr_buf_);
diff --git a/src/tscpp/api/TransformationPlugin.cc b/src/tscpp/api/TransformationPlugin.cc
index 6fb38167bc3..337dfedb2e2 100644
--- a/src/tscpp/api/TransformationPlugin.cc
+++ b/src/tscpp/api/TransformationPlugin.cc
@@ -364,7 +364,7 @@ TransformationPlugin::doProduce(std::string_view data)
   }
 
   // Finally we can copy this data into the output_buffer
-  int64_t bytes_written = TSIOBufferWrite(state_->output_buffer_, data.data(), write_length);
+  int64_t bytes_written  = TSIOBufferWrite(state_->output_buffer_, data.data(), write_length);
   state_->bytes_written_ += bytes_written; // So we can set BytesDone on outputComplete().
   LOG_DEBUG("TransformationPlugin=%p tshttptxn=%p write to TSIOBuffer %" PRId64 " bytes total bytes written %" PRId64, this,
             state_->txn_, bytes_written, state_->bytes_written_);
diff --git a/src/tscpp/api/utils_internal.cc b/src/tscpp/api/utils_internal.cc
index 783ddb8bf88..c7268115157 100644
--- a/src/tscpp/api/utils_internal.cc
+++ b/src/tscpp/api/utils_internal.cc
@@ -298,7 +298,7 @@ utils::internal::consumeFromTSIOBufferReader(TSIOBufferReader reader)
         char_data = TSIOBufferBlockReadStart(block, reader, &data_len);
         str.append(char_data, data_len);
         consumed += data_len;
-        block = TSIOBufferBlockNext(block);
+        block    = TSIOBufferBlockNext(block);
       }
     }
     TSIOBufferReaderConsume(reader, consumed);
diff --git a/src/tscpp/util/unit_tests/test_IntrusiveDList.cc b/src/tscpp/util/unit_tests/test_IntrusiveDList.cc
index cb77bf089cf..f939e08a6f1 100644
--- a/src/tscpp/util/unit_tests/test_IntrusiveDList.cc
+++ b/src/tscpp/util/unit_tests/test_IntrusiveDList.cc
@@ -86,7 +86,7 @@ class Container
 public:
   ~Container();
 
-  template  self_type &debug(std::string_view fmt, Args &&... args);
+  template  self_type &debug(std::string_view fmt, Args &&...args);
 
   size_t count() const;
   self_type &clear();
@@ -121,7 +121,7 @@ Container::count() const
 
 template 
 auto
-Container::debug(std::string_view fmt, Args &&... args) -> self_type &
+Container::debug(std::string_view fmt, Args &&...args) -> self_type &
 {
   Message *msg = new Message;
   ts::bwprintv(msg->_text, fmt, std::forward_as_tuple(args...));
diff --git a/src/wccp/WccpConfig.cc b/src/wccp/WccpConfig.cc
index 3c89cf59171..309f180db90 100644
--- a/src/wccp/WccpConfig.cc
+++ b/src/wccp/WccpConfig.cc
@@ -72,15 +72,29 @@ typedef std::vector CfgOpts;
 
 #define N_OPTS(x) (sizeof(x) / sizeof(*x))
 
-CfgString FORWARD_OPTS[]    = {{"gre", false}, {"l2", false}};
+CfgString FORWARD_OPTS[] = {
+  {"gre", false},
+  {"l2",  false}
+};
 size_t const N_FORWARD_OPTS = sizeof(FORWARD_OPTS) / sizeof(*FORWARD_OPTS);
 
-CfgString RETURN_OPTS[]    = {{"gre", false}, {"l2", false}};
+CfgString RETURN_OPTS[] = {
+  {"gre", false},
+  {"l2",  false}
+};
 size_t const N_RETURN_OPTS = sizeof(RETURN_OPTS) / sizeof(*RETURN_OPTS);
 
-CfgString ASSIGN_OPTS[] = {{"hash", false}, {"mask", false}};
+CfgString ASSIGN_OPTS[] = {
+  {"hash", false},
+  {"mask", false}
+};
 
-CfgString HASH_OPTS[] = {{"src_ip", false}, {"dst_ip", false}, {"src_port", false}, {"dst_port", false}};
+CfgString HASH_OPTS[] = {
+  {"src_ip",   false},
+  {"dst_ip",   false},
+  {"src_port", false},
+  {"dst_port", false}
+};
 
 ts::Errata::Code
 code_max(ts::Errata const &err)
diff --git a/src/wccp/WccpEndPoint.cc b/src/wccp/WccpEndPoint.cc
index 2298a84dd43..71f391bfa3b 100644
--- a/src/wccp/WccpEndPoint.cc
+++ b/src/wccp/WccpEndPoint.cc
@@ -29,13 +29,13 @@
 namespace wccp
 {
 #if defined IP_RECVDSTADDR
-#define DSTADDR_SOCKOPT IP_RECVDSTADDR
+#define DSTADDR_SOCKOPT  IP_RECVDSTADDR
 #define DSTADDR_DATASIZE (CMSG_SPACE(sizeof(struct in_addr)))
-#define dstaddr(x) (CMSG_DATA(x))
+#define dstaddr(x)       (CMSG_DATA(x))
 #elif defined IP_PKTINFO
-#define DSTADDR_SOCKOPT IP_PKTINFO
+#define DSTADDR_SOCKOPT  IP_PKTINFO
 #define DSTADDR_DATASIZE (CMSG_SPACE(sizeof(struct in_pktinfo)))
-#define dstaddr(x) (&(((struct in_pktinfo *)(CMSG_DATA(x)))->ipi_addr))
+#define dstaddr(x)       (&(((struct in_pktinfo *)(CMSG_DATA(x)))->ipi_addr))
 #else
 #error "can't determine socket option"
 #endif
@@ -480,7 +480,7 @@ CacheImpl::GroupData::cullRouters(time_t now)
 CacheImpl::GroupData &
 CacheImpl::GroupData::viewChanged(time_t now)
 {
-  m_generation += 1;
+  m_generation      += 1;
   m_generation_time = now;
   m_assign_info.setActive(false); // invalidate current assignment.
   m_assignment_pending = m_routers.size() && m_caches.size();
@@ -678,7 +678,7 @@ CacheImpl::housekeeping()
         if (0 <= zret) {
           logf(LVL_DEBUG, "Sent HERE_I_AM for SG %d to seed router %s [gen=#%d,t=%lu,n=%lu].", group.m_svc.getSvcId(),
                ip_addr_to_str(sspot->m_addr), group.m_generation, now, here_i_am.getCount());
-          sspot->m_xmit = now;
+          sspot->m_xmit  = now;
           sspot->m_count += 1;
         } else
           logf(LVL_DEBUG, "Error [%d:%s] sending HERE_I_AM for SG %d to seed router %s [#%d,%lu].", zret, strerror(errno),
diff --git a/src/wccp/WccpLocal.h b/src/wccp/WccpLocal.h
index 62765c63b40..ff82c6032fc 100644
--- a/src/wccp/WccpLocal.h
+++ b/src/wccp/WccpLocal.h
@@ -692,7 +692,7 @@ class CacheIdElt
                                  */
   unsigned int m_unassigned : 1;
   unsigned int m_reserved_1 : 1; ///< Reserved (unused).
-  unsigned int m_is_mask : 1;    ///< Set -> mask, Clear -> hash.
+  unsigned int m_is_mask    : 1; ///< Set -> mask, Clear -> hash.
   unsigned int m_reserved_2 : 6; ///< Reserved (unused).
                                  /** Trailing elements common to all cache ID variants.
                                      Unfortunately, although @c weight and @c status are common, they are
diff --git a/src/wccp/WccpMsg.cc b/src/wccp/WccpMsg.cc
index f054b862fe7..d983752e633 100644
--- a/src/wccp/WccpMsg.cc
+++ b/src/wccp/WccpMsg.cc
@@ -307,8 +307,8 @@ MaskAssignElt::getVarSize() const
   MaskValueSetElt const *set = reinterpret_cast(this + 1);
   while (n--) {
     size_t k = set->getSize();
-    zret += k;
-    set = reinterpret_cast(reinterpret_cast(set) + k);
+    zret     += k;
+    set      = reinterpret_cast(reinterpret_cast(set) + k);
   }
   return zret;
 }
diff --git a/src/wccp/wccp-test-router.cc b/src/wccp/wccp-test-router.cc
index 73997ddc5bb..aa53632badb 100644
--- a/src/wccp/wccp-test-router.cc
+++ b/src/wccp/wccp-test-router.cc
@@ -70,7 +70,10 @@ main(int argc, char **argv)
   static int const OPT_MD5     = 259; ///< MD5 key.
 
   static option OPTIONS[] = {
-    {"address", 1, 0, OPT_ADDRESS}, {"md5", 1, 0, OPT_MD5}, {"help", 0, 0, OPT_HELP}, {0, 0, 0, 0} // required terminator.
+    {"address", 1, 0, OPT_ADDRESS},
+    {"md5",     1, 0, OPT_MD5    },
+    {"help",    0, 0, OPT_HELP   },
+    {0,         0, 0, 0          }  // required terminator.
   };
 
   in_addr ip_addr = {INADDR_ANY};
diff --git a/tests/gold_tests/chunked_encoding/chunked_encoding.test.py b/tests/gold_tests/chunked_encoding/chunked_encoding.test.py
index 78410d90536..6aff817da5f 100644
--- a/tests/gold_tests/chunked_encoding/chunked_encoding.test.py
+++ b/tests/gold_tests/chunked_encoding/chunked_encoding.test.py
@@ -50,7 +50,7 @@
     "body": "knock knock"}
 response_header2 = {"headers": "HTTP/1.1 200 OK\r\nServer: uServer\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n",
                     "timestamp": "1415926535.898",
-                    "body": ""}
+                    "body": "12345678901234567890"}
 
 request_header3 = {
     "headers": "POST / HTTP/1.1\r\nHost: www.yetanotherexample.com\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 11\r\n\r\n",
diff --git a/tests/gold_tests/h2/gold/nghttp_0_stdout.gold b/tests/gold_tests/h2/gold/nghttp_0_stdout.gold
index e8e9acabd41..f19a43516d3 100644
--- a/tests/gold_tests/h2/gold/nghttp_0_stdout.gold
+++ b/tests/gold_tests/h2/gold/nghttp_0_stdout.gold
@@ -12,5 +12,3 @@
 ``
 [``] recv (stream_id=1) :status: 200
 ``
-``; END_STREAM
-``
diff --git a/tests/gold_tests/h2/gold/server_after_headers.gold b/tests/gold_tests/h2/gold/server_after_headers.gold
new file mode 100644
index 00000000000..44b65295b7c
--- /dev/null
+++ b/tests/gold_tests/h2/gold/server_after_headers.gold
@@ -0,0 +1,5 @@
+``
+``Sent frame for key 1: HEADERS
+``Submitting RST_STREAM frame for key 1 after HEADERS frame with error code ENHANCE_YOUR_CALM.
+``Sent frame for key 1: RST_STREAM
+``
diff --git a/tests/gold_tests/h2/h2origin.test.py b/tests/gold_tests/h2/h2origin.test.py
new file mode 100644
index 00000000000..23ebbac887f
--- /dev/null
+++ b/tests/gold_tests/h2/h2origin.test.py
@@ -0,0 +1,94 @@
+'''
+Test communication to origin with H2
+'''
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+Test.Summary = '''
+Test communication to origin with H2
+'''
+
+Test.ContinueOnFail = True
+
+#
+# Communicate to origin with HTTP/2
+#
+ts = Test.MakeATSProcess("ts", enable_tls="true")
+
+# add ssl materials like key, certificates for the server
+ts.addDefaultSSLFiles()
+replay_file = "replay_h2origin/"
+server = Test.MakeVerifierServerProcess("h2-origin", replay_file)
+ts.Disk.records_config.update({
+    'proxy.config.ssl.server.cert.path': '{0}'.format(ts.Variables.SSLDir),
+    'proxy.config.ssl.server.private_key.path': '{0}'.format(ts.Variables.SSLDir),
+    'proxy.config.diags.debug.enabled': 1,
+    'proxy.config.diags.debug.tags': 'http',
+    'proxy.config.exec_thread.autoconfig': 0,
+    # Allow for more parallelism
+    'proxy.config.exec_thread.limit': 4,
+    'proxy.config.ssl.client.alpn_protocols': 'h2,http/1.1',
+    # Sticking with thread pool because global pool does not work with h2
+    'proxy.config.http.server_session_sharing.pool': 'thread',
+    'proxy.config.http.server_session_sharing.match': 'ip,sni,cert',
+    'proxy.config.ssl.client.verify.server.policy': 'PERMISSIVE',
+})
+
+ts.Disk.remap_config.AddLine(
+    'map / https://127.0.0.1:{0}'.format(server.Variables.https_port)
+)
+ts.Disk.ssl_multicert_config.AddLine(
+    'dest_ip=* ssl_cert_name=server.pem ssl_key_name=server.key'
+)
+
+ts.Disk.logging_yaml.AddLines(
+    '''
+logging:
+  formats:
+    - name: testformat
+      format: '% % % % %<{uuid}cqh> % % % % % %'
+  logs:
+    - mode: ascii
+      format: testformat
+      filename: squid
+'''.split("\n")
+)
+
+tr = Test.AddTestRun("Test traffic to origin using HTTP/2")
+tr.Processes.Default.StartBefore(server)
+tr.Processes.Default.StartBefore(ts)
+tr.AddVerifierClientProcess("client", replay_file, http_ports=[ts.Variables.port], https_ports=[ts.Variables.ssl_port])
+tr.StillRunningAfter = ts
+tr.TimeOut = 60
+
+# Just a check to flush out the traffic log until we have a clean shutdown for traffic_server
+tr = Test.AddTestRun("Wait for the access log to write out")
+tr.DelayStart = 10
+tr.StillRunningAfter = ts
+tr.StillRunningAfter = server
+tr.Processes.Default.Command = 'ls'
+tr.Processes.Default.ReturnCode = 0
+
+# UUIDs 1-4 should be http/1.1 clients and H2 origin
+# UUIDs 5-9 should be http/2 clients and H2 origins
+ts.Disk.squid_log.Content = Testers.ContainsExpression(" [1-4] http/1.1 http/2", "cases 1-4 request http/1.1")
+ts.Disk.squid_log.Content += Testers.ExcludesExpression(" [1-4] http/2 http/2", "cases 1-4 request http/1.1")
+ts.Disk.squid_log.Content += Testers.ContainsExpression(" 1[1-4] http/1.1 http/2", "cases 12-14 request http/1.1")
+ts.Disk.squid_log.Content += Testers.ExcludesExpression(" 1[2-4] http/2 http/2", "cases 12-14 request http/1.1")
+ts.Disk.squid_log.Content += Testers.ContainsExpression(" [5-9] http/2 http/2", "cases 5-11 request http/2")
+ts.Disk.squid_log.Content += Testers.ExcludesExpression(" [5-9] http/1.1 http/2", "cases 5-11 request http/2")
+ts.Disk.squid_log.Content += Testers.ContainsExpression(" 1[0-1] http/2 http/2", "cases 5-11 request http/2")
+ts.Disk.squid_log.Content += Testers.ExcludesExpression(" 1[0-1] http/1.1 http/2", "cases 5-11 request http/2")
diff --git a/tests/gold_tests/h2/h2origin_single_thread.test.py b/tests/gold_tests/h2/h2origin_single_thread.test.py
new file mode 100644
index 00000000000..7e10ba06cbe
--- /dev/null
+++ b/tests/gold_tests/h2/h2origin_single_thread.test.py
@@ -0,0 +1,90 @@
+'''
+Test communication to origin with H2
+'''
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+Test.Summary = '''
+Test communication to origin with H2
+'''
+
+Test.ContinueOnFail = True
+
+#
+# Communicate to origin with HTTP/2
+#
+ts = Test.MakeATSProcess("ts", enable_tls="true")
+
+# add ssl materials like key, certificates for the server
+ts.addDefaultSSLFiles()
+replay_file = "replay_h2origin"
+server = Test.MakeVerifierServerProcess("h2-origin", replay_file)
+ts.Disk.records_config.update({
+    'proxy.config.ssl.server.cert.path': '{0}'.format(ts.Variables.SSLDir),
+    'proxy.config.ssl.server.private_key.path': '{0}'.format(ts.Variables.SSLDir),
+    'proxy.config.diags.debug.enabled': 1,
+    'proxy.config.diags.debug.tags': 'http',
+    'proxy.config.exec_thread.autoconfig': 0,
+    # Limiting ourselves to 1 thread to exercise origin reuse
+    'proxy.config.exec_thread.limit': 1,
+    'proxy.config.ssl.client.alpn_protocols': 'h2,http/1.1',
+    # Sticking with hybrid pool because global pool does not work with h2
+    'proxy.config.http.server_session_sharing.pool': 'hybrid',
+    'proxy.config.http.server_session_sharing.match': 'hostonly',
+    'proxy.config.ssl.client.verify.server.policy': 'PERMISSIVE',
+})
+
+ts.Disk.remap_config.AddLine(
+    'map / https://127.0.0.1:{0}'.format(server.Variables.https_port)
+)
+ts.Disk.ssl_multicert_config.AddLine(
+    'dest_ip=* ssl_cert_name=server.pem ssl_key_name=server.key'
+)
+
+ts.Disk.logging_yaml.AddLines(
+    '''
+logging:
+  formats:
+    - name: testformat
+      format: '% % % % %<{uuid}cqh> % % % % % %'
+  logs:
+    - mode: ascii
+      format: testformat
+      filename: squid
+'''.split("\n")
+)
+
+tr = Test.AddTestRun("Test traffic to origin using HTTP/2")
+tr.Processes.Default.StartBefore(server)
+tr.Processes.Default.StartBefore(ts)
+tr.AddVerifierClientProcess("client", replay_file, http_ports=[ts.Variables.port], https_ports=[ts.Variables.ssl_port])
+tr.StillRunningAfter = ts
+
+# Just a check to flush out the traffic log until we have a clean shutdown for traffic_server
+tr = Test.AddTestRun("Wait for the access log to write out")
+tr.DelayStart = 10
+tr.StillRunningAfter = ts
+tr.StillRunningAfter = server
+tr.Processes.Default.Command = 'ls'
+tr.Processes.Default.ReturnCode = 0
+
+# UUIDs 1-4 should be http/1.1 clients and H2 origin
+# UUIDs 5-9 should be http/2 clients and H2 origins
+ts.Disk.squid_log.Content = Testers.ContainsExpression(" [1-4] http/1.1 http/2", "cases 1-4 request http/1.1")
+ts.Disk.squid_log.Content += Testers.ExcludesExpression(" [1-4] http/2 http/2", "cases 1-4 request http/1.1")
+ts.Disk.squid_log.Content += Testers.ContainsExpression(" [5-9] http/2 http/2", "cases 5-9 request http/2")
+ts.Disk.squid_log.Content += Testers.ExcludesExpression(" [5-9] http/1.1 http/2", "cases 5-9 request http/2")
+ts.Disk.squid_log.Content += Testers.ContainsExpression(" http/2 1 1 1 [2-9]", "At least one case of origin reuse")
diff --git a/tests/gold_tests/h2/h2spec.test.py b/tests/gold_tests/h2/h2spec.test.py
index 37740dd7c96..31a274496ac 100644
--- a/tests/gold_tests/h2/h2spec.test.py
+++ b/tests/gold_tests/h2/h2spec.test.py
@@ -50,7 +50,7 @@
     'proxy.config.http.insert_response_via_str': 1,
     'proxy.config.ssl.server.cert.path': '{0}'.format(ts.Variables.SSLDir),
     'proxy.config.ssl.server.private_key.path': '{0}'.format(ts.Variables.SSLDir),
-    'proxy.config.diags.debug.enabled': 0,
+    'proxy.config.diags.debug.enabled': 1,
     'proxy.config.diags.debug.tags': 'http',
 })
 
diff --git a/tests/gold_tests/h2/http2.test.py b/tests/gold_tests/h2/http2.test.py
index 11e6fb109b7..3d203970228 100644
--- a/tests/gold_tests/h2/http2.test.py
+++ b/tests/gold_tests/h2/http2.test.py
@@ -26,7 +26,7 @@
 Test.SkipUnless(
     Condition.HasCurlFeature('http2')
 )
-Test.ContinueOnFail = True
+#Test.ContinueOnFail = True
 
 # ----
 # Setup Origin Server
@@ -192,6 +192,7 @@
     post_body, ts.Variables.ssl_port)
 tr.Processes.Default.ReturnCode = 0
 tr.Processes.Default.Streams.All = "gold/post_chunked.gold"
+tr.TimeOut = 60
 tr.StillRunningAfter = server
 
 # Test Case 7: Post with big chunked body
@@ -202,6 +203,7 @@
     ts.Variables.ssl_port)
 tr.Processes.Default.ReturnCode = 0
 tr.Processes.Default.Streams.All = "gold/post_chunked.gold"
+tr.TimeOut = 60
 tr.StillRunningAfter = server
 
 # Test Case 8: Huge response header
@@ -211,6 +213,7 @@
 tr.Processes.Default.Streams.stdout = "gold/http2_8_stdout.gold"
 # Different versions of curl will have different cases for HTTP/2 field names.
 tr.Processes.Default.Streams.stderr = Testers.GoldFile("gold/http2_8_stderr.gold", case_insensitive=True)
+tr.TimeOut = 60
 tr.StillRunningAfter = server
 
 # Test Case 9: Header Only Response - e.g. 204
@@ -220,4 +223,5 @@
 tr.Processes.Default.Streams.stdout = "gold/http2_9_stdout.gold"
 # Different versions of curl will have different cases for HTTP/2 field names.
 tr.Processes.Default.Streams.stderr = Testers.GoldFile("gold/http2_9_stderr.gold", case_insensitive=True)
+tr.TimeOut = 60
 tr.StillRunningAfter = server
diff --git a/tests/gold_tests/h2/http2_flow_control.replay.yaml b/tests/gold_tests/h2/http2_flow_control.replay.yaml
index f8eca55d59e..e99d6ed3a7c 100644
--- a/tests/gold_tests/h2/http2_flow_control.replay.yaml
+++ b/tests/gold_tests/h2/http2_flow_control.replay.yaml
@@ -64,7 +64,7 @@ sessions:
         - [ X-Response, { value: 'zero-response', as: equal } ]
 
   - client-request:
-      delay: 500ms
+      await: zero-request
 
       headers:
         fields:
@@ -88,9 +88,9 @@ sessions:
       headers:
         fields:
         - [ X-Response, first-response ]
-        - [ Content-Length, 28 ]
+        - [ Content-Length, 1200 ]
       content:
-        size: 28
+        size: 1200
 
     proxy-response:
       headers:
@@ -120,9 +120,9 @@ sessions:
       headers:
         fields:
         - [ X-Response, second-response ]
-        - [ Content-Length, 28 ]
+        - [ Content-Length, 1200 ]
       content:
-        size: 28
+        size: 1200
 
     proxy-response:
       headers:
@@ -152,9 +152,9 @@ sessions:
       headers:
         fields:
         - [ X-Response, third-response ]
-        - [ Content-Length, 28 ]
+        - [ Content-Length, 1200 ]
       content:
-        size: 28
+        size: 1200
 
     proxy-response:
       headers:
@@ -190,9 +190,9 @@ sessions:
       headers:
         fields:
         - [ X-Response, fourth-response ]
-        - [ Content-Length, 28 ]
+        - [ Content-Length, 120000 ]
       content:
-        size: 28
+        size: 120000
 
     proxy-response:
       headers:
@@ -226,12 +226,77 @@ sessions:
       headers:
         fields:
         - [ X-Response, fifth-response ]
-        - [ Content-Length, 28 ]
+        - [ Content-Length, 10000 ]
       content:
-        size: 28
+        size: 10000
 
     proxy-response:
       headers:
         fields:
         - [ X-Response, {value: 'fifth-response', as: equal } ]
 
+  - client-request:
+      # Populate the cache with a large response.
+
+      headers:
+        fields:
+        - [ :method, GET ]
+        - [ :scheme, https ]
+        - [ :authority, www.example.com ]
+        - [ :path, /sixth-request ]
+        - [ uuid, sixth-request ]
+        - [ X-Request, sixth-request ]
+
+    proxy-request:
+      headers:
+        fields:
+        - [ X-Request, {value: 'sixth-request', as: equal } ]
+
+    server-response:
+      status: 200
+      reason: OK
+      headers:
+        fields:
+        - [ X-Response, sixth-response ]
+        - [ Cache-Control, max-age=3600 ]
+        - [ Content-Length, 120000 ]
+      content:
+        size: 120000
+
+    proxy-response:
+      headers:
+        fields:
+        - [ X-Response, {value: 'sixth-response', as: equal } ]
+
+
+  # Retrieve an item from the cache. /sixth-request should have been cached in
+  # the previous transaction.
+  - client-request:
+
+      # Give the above transaction enough time to finish.
+      await: sixth-request
+
+      # Add some time to ensure that the sixth-request response is cached.
+      delay: 100ms
+      headers:
+        fields:
+        - [ :method, GET ]
+        - [ :scheme, https ]
+        - [ :authority, www.example.com ]
+        - [ :path, /sixth-request ]
+        - [ uuid, sixth-request-cached ]
+        - [ X-Request, sixth-request-cached ]
+      content:
+        size: 0
+
+    # Configure an error response which we don't expect to receive from the
+    # server because this should be served out of the cache.
+    server-response:
+      status: 500
+      reason: Bad Request
+
+    proxy-response:
+      status: 200
+      headers:
+        fields:
+        - [ X-Response, {value: 'sixth-response', as: equal } ]
diff --git a/tests/gold_tests/h2/http2_flow_control.test.py b/tests/gold_tests/h2/http2_flow_control.test.py
index 0094583fb34..10cd403e977 100644
--- a/tests/gold_tests/h2/http2_flow_control.test.py
+++ b/tests/gold_tests/h2/http2_flow_control.test.py
@@ -16,8 +16,8 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 
-import os
 import re
+from enum import Enum
 from typing import List, Optional
 
 
@@ -28,12 +28,13 @@ class Http2FlowControlTest:
     """Define an object to test HTTP/2 flow control behavior."""
 
     _replay_file: str = 'http2_flow_control.replay.yaml'
+    _replay_chunked_file: str = 'http2_flow_control_chunked.replay.yaml'
     _valid_policy_values: List[int] = list(range(0, 3))
     _flow_control_policy: Optional[int] = None
     _flow_control_policy_is_malformed: bool = False
 
     _default_initial_window_size: int = 65535
-    _default_max_concurrent_streams_in: int = 100
+    _default_max_concurrent_streams: int = 100
     _default_flow_control_policy: int = 0
 
     _dns_counter: int = 0
@@ -41,28 +42,41 @@ class Http2FlowControlTest:
     _ts_counter: int = 0
     _client_counter: int = 0
 
+    IS_OUTBOUND = True
+    IS_INBOUND = False
+
+    IS_HTTP2_TO_ORIGIN = True
+    IS_HTTP1_TO_ORIGIN = False
+
+    class ServerType(Enum):
+        """Define the type of server to use in a TestRun."""
+
+        HTTP1_CONTENT_LENGTH = 0
+        HTTP1_CHUNKED = 1
+        HTTP2 = 2
+
     def __init__(
             self,
             description: str,
             initial_window_size: Optional[int] = None,
-            max_concurrent_streams_in: Optional[int] = None,
+            max_concurrent_streams: Optional[int] = None,
             flow_control_policy: Optional[int] = None):
         """Declare the various test Processes.
 
         :param description: A description of the test.
 
         :param initial_window_size: The value with which to configure the
-        proxy.config.http2.initial_window_size_in ATS parameter in the
+        proxy.config.http2.initial_window_size_(in|out) ATS parameter in the
         records.config file. If the paramenter is None, then no window size
         will be explicitly set and ATS will use the default value.
 
-        :param max_concurrent_streams_in: The value with which to configure the
-        proxy.config.http2.max_concurrent_streams_in ATS parameter in the
+        :param max_concurrent_streams: The value with which to configure the
+        proxy.config.http2.max_concurrent_streams_(in|out) ATS parameter in the
         records.config file. If the paramenter is None, then no window size
         will be explicitly set and ATS will use the default value.
 
         :param flow_control_policy: The value with which to configure the
-        proxy.config.http2.flow_control.policy_in ATS parameter the
+        proxy.config.http2.flow_control.policy_(in|out) ATS parameter the
         records.config file. If the paramenter is None, then no policy
         configuration will be explicitly set and ATS will use the default
         value.
@@ -74,10 +88,10 @@ def __init__(
             initial_window_size if initial_window_size is not None
             else self._default_initial_window_size)
 
-        self._max_concurrent_streams_in = max_concurrent_streams_in
-        self._expected_max_concurrent_streams_in = (
-            max_concurrent_streams_in if max_concurrent_streams_in is not None
-            else self._default_max_concurrent_streams_in)
+        self._max_concurrent_streams = max_concurrent_streams
+        self._expected_max_concurrent_streams = (
+            max_concurrent_streams if max_concurrent_streams is not None
+            else self._default_max_concurrent_streams)
 
         self._flow_control_policy = flow_control_policy
         self._expected_flow_control_policy = (
@@ -88,30 +102,32 @@ def __init__(
             self._flow_control_policy is not None and
             self._flow_control_policy not in self._valid_policy_values)
 
-        self._dns = self._configure_dns()
-        self._server = self._configure_server()
-        self._ts = self._configure_trafficserver()
-
-    def _configure_dns(self):
+    def _configure_dns(self, tr: 'TestRun') -> 'Process':
         """Configure the DNS."""
-        dns = Test.MakeDNServer(f'dns-{Http2FlowControlTest._dns_counter}')
+        dns = tr.MakeDNServer(f'dns-{Http2FlowControlTest._dns_counter}')
         Http2FlowControlTest._dns_counter += 1
         return dns
 
-    def _configure_server(self):
+    def _configure_server(self, tr: 'TestRun',
+                          server_type: ServerType) -> 'Process':
         """Configure the test server."""
-        server = Test.MakeVerifierServerProcess(
+        if server_type == self.ServerType.HTTP1_CHUNKED:
+            replay_file = self._replay_chunked_file
+        else:
+            replay_file = self._replay_file
+
+        server = tr.AddVerifierServerProcess(
             f'server-{Http2FlowControlTest._server_counter}',
-            self._replay_file)
+            replay_file)
         Http2FlowControlTest._server_counter += 1
         return server
 
-    def _configure_trafficserver(self):
+    def _configure_trafficserver(self, tr: 'TestRun', is_outbound: bool,
+                                 server_type: ServerType) -> 'Process':
         """Configure a Traffic Server process."""
-        ts = Test.MakeATSProcess(
+        ts = tr.MakeATSProcess(
             f'ts-{Http2FlowControlTest._ts_counter}',
-            enable_tls=True,
-            enable_cache=False)
+            enable_tls=True)
         Http2FlowControlTest._ts_counter += 1
 
         ts.addDefaultSSLFiles()
@@ -120,24 +136,43 @@ def _configure_trafficserver(self):
             'proxy.config.ssl.server.private_key.path': f'{ts.Variables.SSLDir}',
             'proxy.config.ssl.client.verify.server.policy': 'PERMISSIVE',
             'proxy.config.dns.nameservers': '127.0.0.1:{0}'.format(self._dns.Variables.Port),
+            'proxy.config.dns.resolv_conf': 'NULL',
+            'proxy.config.http.insert_age_in_response': 0,
 
             'proxy.config.diags.debug.enabled': 3,
             'proxy.config.diags.debug.tags': 'http',
         })
 
+        if server_type == self.ServerType.HTTP2:
+            ts.Disk.records_config.update({
+                'proxy.config.ssl.client.alpn_protocols': 'h2,http/1.1',
+            })
+
         if self._initial_window_size is not None:
+            if is_outbound:
+                configuration = 'proxy.config.http2.initial_window_size_out'
+            else:
+                configuration = 'proxy.config.http2.initial_window_size_in'
             ts.Disk.records_config.update({
-                'proxy.config.http2.initial_window_size_in': self._initial_window_size,
+                configuration: self._initial_window_size,
             })
 
         if self._flow_control_policy is not None:
+            if is_outbound:
+                configuration = 'proxy.config.http2.flow_control.policy_out'
+            else:
+                configuration = 'proxy.config.http2.flow_control.policy_in'
             ts.Disk.records_config.update({
-                'proxy.config.http2.flow_control.policy_in': self._flow_control_policy,
+                configuration: self._flow_control_policy,
             })
 
-        if self._max_concurrent_streams_in is not None:
+        if self._max_concurrent_streams is not None:
+            if is_outbound:
+                configuration = 'proxy.config.http2.max_concurrent_streams_out'
+            else:
+                configuration = 'proxy.config.http2.max_concurrent_streams_in'
             ts.Disk.records_config.update({
-                'proxy.config.http2.max_concurrent_streams_in': self._max_concurrent_streams_in,
+                configuration: self._max_concurrent_streams,
             })
 
         ts.Disk.ssl_multicert_config.AddLine(
@@ -145,17 +180,21 @@ def _configure_trafficserver(self):
         )
 
         ts.Disk.remap_config.AddLine(
-            f'map / http://127.0.0.1:{self._server.Variables.http_port}'
+            f'map / https://127.0.0.1:{self._server.Variables.https_port}'
         )
 
         if self._flow_control_policy_is_malformed:
+            if is_outbound:
+                configuration = 'proxy.config.http2.flow_control.policy_out'
+            else:
+                configuration = 'proxy.config.http2.flow_control.policy_in'
             ts.Disk.diags_log.Content = Testers.ContainsExpression(
-                "ERROR.*proxy.config.http2.flow_control.policy_in",
-                "There should be an about an invalid flow control policy.")
+                f"ERROR.*{configuration}",
+                "Expected an error about an invalid flow control policy.")
 
         return ts
 
-    def _configure_client(self, tr):
+    def _configure_client(self, tr, ):
         """Configure a client process.
 
         :param tr: The TestRun to associate the client with.
@@ -166,36 +205,39 @@ def _configure_client(self, tr):
             https_ports=[self._ts.Variables.ssl_port])
         Http2FlowControlTest._client_counter += 1
 
+    def _configure_log_expectations(self, host):
+        """Configure the log expectations for the client or server."""
+        hostname = "server" if host == self._server else "client"
         if self._flow_control_policy_is_malformed:
             # Since we're just testing ATS configuration errors, there's no
             # need to set up client expectations.
             return
 
         # ATS currently always sends a MAX_CONCURRENT_STREAMS setting.
-        tr.Processes.Default.Streams.stdout += Testers.ContainsExpression(
-            f'MAX_CONCURRENT_STREAMS:{self._expected_max_concurrent_streams_in}',
-            "Client should receive a MAX_CONCURRENT_STREAMS setting.")
+        host.Streams.stdout += Testers.ContainsExpression(
+            f'MAX_CONCURRENT_STREAMS:{self._expected_max_concurrent_streams}',
+            f"{hostname} should receive a MAX_CONCURRENT_STREAMS setting.")
 
         if self._initial_window_size is not None:
-            tr.Processes.Default.Streams.stdout += Testers.ContainsExpression(
+            host.Streams.stdout += Testers.ContainsExpression(
                 f'INITIAL_WINDOW_SIZE:{self._expected_initial_stream_window_size}',
-                "Client should receive an INITIAL_WINDOW_SIZE setting.")
+                f"{hostname} should receive an INITIAL_WINDOW_SIZE setting.")
 
         if self._expected_flow_control_policy == 0:
             update_window_size = (
                 self._expected_initial_stream_window_size -
                 self._default_initial_window_size)
             if update_window_size > 0:
-                tr.Processes.Default.Streams.stdout += Testers.ContainsExpression(
+                host.Streams.stdout += Testers.ContainsExpression(
                     f'WINDOW_UPDATE.*id 0: {update_window_size}',
-                    "Client should receive a session WINDOW_UPDATE.")
+                    f"{hostname} should receive a session WINDOW_UPDATE.")
 
         if self._expected_flow_control_policy in (1, 2):
             # Verify the larger window size.
 
             session_window_size = (
                 self._expected_initial_stream_window_size *
-                self._expected_max_concurrent_streams_in)
+                self._expected_max_concurrent_streams)
 
             # ATS will send a WINDOW_UPDATE frame to the client to increase
             # the session window size to the configured value from the default
@@ -206,9 +248,9 @@ def _configure_client(self, tr):
             # A WINDOW_UPDATE can only increase the window size. So make sure that
             # the new window size is greater than the default window size.
             if update_window_size > Http2FlowControlTest._default_initial_window_size:
-                tr.Processes.Default.Streams.stdout += Testers.ContainsExpression(
+                host.Streams.stdout += Testers.ContainsExpression(
                     f'WINDOW_UPDATE.*id 0: {update_window_size}',
-                    "Client should receive an initial session WINDOW_UPDATE.")
+                    f"{hostname} should receive an initial session WINDOW_UPDATE.")
             else:
                 # Our test traffic is large enough that eventually we should
                 # send a session WINDOW_UPDATE frame for the smaller window.
@@ -216,47 +258,105 @@ def _configure_client(self, tr):
                 # session window may not receive a 100 byte WINDOW_UPDATE frame
                 # if the client is sending DATA frames in 10 byte chunks due to
                 # a smaller stream window.
-                tr.Processes.Default.Streams.stdout += Testers.ContainsExpression(
+                host.Streams.stdout += Testers.ContainsExpression(
                     'WINDOW_UPDATE.*id 0: ',
-                    "Client should receive a session WINDOW_UPDATE.")
+                    f"{hostname} should receive a session WINDOW_UPDATE.")
 
             if self._expected_flow_control_policy == 2:
                 # Verify the streams window sizes get updated.
                 stream_window_1 = session_window_size
                 stream_window_2 = int(session_window_size / 2)
                 stream_window_3 = int(session_window_size / 3)
-                tr.Processes.Default.Streams.stdout += Testers.ContainsExpression(
-                    (f'INITIAL_WINDOW_SIZE:{stream_window_1}.*'
-                     f'INITIAL_WINDOW_SIZE:{stream_window_2}.*'
-                     f'INITIAL_WINDOW_SIZE:{stream_window_3}'),
-                    "Client should stream receive window updates",
-                    reflags=re.DOTALL | re.MULTILINE)
+                if self._server:
+                    # Toward the server, there is a potential race condition
+                    # between sending of first-request and the sending of the
+                    # SETTINGS frame which reduces the stream window size.
+                    # Allow for either scenario.
+                    host.Streams.stdout += Testers.ContainsExpression(
+                        (f'INITIAL_WINDOW_SIZE:{stream_window_1}.*'
+                         f'INITIAL_WINDOW_SIZE:{stream_window_2}.*'),
+                        f"{hostname} should stream receive window updates",
+                        reflags=re.DOTALL | re.MULTILINE)
+                else:
+                    host.Streams.stdout += Testers.ContainsExpression(
+                        (f'INITIAL_WINDOW_SIZE:{stream_window_1}.*'
+                         f'INITIAL_WINDOW_SIZE:{stream_window_2}.*'
+                         f'INITIAL_WINDOW_SIZE:{stream_window_3}'),
+                        f"{hostname} should stream receive window updates",
+                        reflags=re.DOTALL | re.MULTILINE)
 
         if self._expected_initial_stream_window_size < 1000:
+            first_id = 5 if self._server else 3
+
+            if self._server and self._expected_flow_control_policy == 2:
+                # Toward the server, there is a potential race condition
+                # between sending of first-request and the sending of the
+                # SETTINGS frame which reduces the stream window size. Allow
+                # for either scenario.
+                window_update_size = f'33|{self._expected_initial_stream_window_size}'
+            else:
+                window_update_size = f'{self._expected_initial_stream_window_size}'
             # For the smaller session window sizes, we expect WINDOW_UPDATE frames.
-            tr.Processes.Default.Streams.stdout += Testers.ContainsExpression(
-                f'WINDOW_UPDATE.*id 3: {self._expected_initial_stream_window_size}',
-                "Client should receive a stream WINDOW_UPDATE.")
-
-            tr.Processes.Default.Streams.stdout += Testers.ContainsExpression(
-                f'WINDOW_UPDATE.*id 5: {self._expected_initial_stream_window_size}',
-                "Client should receive a stream WINDOW_UPDATE.")
-
-            tr.Processes.Default.Streams.stdout += Testers.ContainsExpression(
-                f'WINDOW_UPDATE.*id 7: {self._expected_initial_stream_window_size}',
-                "Client should receive a stream WINDOW_UPDATE.")
-
-    def run(self):
-        """Configure the TestRun."""
-        tr = Test.AddTestRun(self._description)
+            host.Streams.stdout += Testers.ContainsExpression(
+                f'WINDOW_UPDATE.*id {first_id}: {window_update_size}',
+                f"{hostname} should receive a stream WINDOW_UPDATE.")
+
+            host.Streams.stdout += Testers.ContainsExpression(
+                f'WINDOW_UPDATE.*id {first_id + 2}: {window_update_size}',
+                f"{hostname} should receive a stream WINDOW_UPDATE.")
+
+            host.Streams.stdout += Testers.ContainsExpression(
+                f'WINDOW_UPDATE.*id {first_id + 4}: {window_update_size}',
+                f"{hostname} should receive a stream WINDOW_UPDATE.")
+
+    def _configure_test_run_common(self, tr, is_outbound: bool,
+                                   server_type: ServerType) -> None:
+        """Perform the common Process configuration."""
+        self._dns = self._configure_dns(tr)
+        self._server = self._configure_server(tr, server_type)
+        self._ts = self._configure_trafficserver(tr, is_outbound, server_type)
         if not self._flow_control_policy_is_malformed:
             self._configure_client(tr)
             tr.Processes.Default.StartBefore(self._dns)
             tr.Processes.Default.StartBefore(self._server)
-            tr.StillRunningAfter = self._ts
         else:
             tr.Processes.Default.Command = "true"
         tr.Processes.Default.StartBefore(self._ts)
+        tr.TimeOut = 20
+
+    def _configure_inbound_http1_to_origin_test_run(self) -> None:
+        """Configure the TestRun for inbound stream configuration."""
+        tr = Test.AddTestRun(f'{self._description} - inbound, '
+                             'HTTP/1 Content-Length origin')
+        self._configure_test_run_common(tr, self.IS_INBOUND,
+                                        self.ServerType.HTTP1_CONTENT_LENGTH)
+        self._configure_log_expectations(tr.Processes.Default)
+
+        tr = Test.AddTestRun(f'{self._description} - inbound, '
+                             'HTTP/1 chunked origin')
+        self._configure_test_run_common(tr, self.IS_INBOUND,
+                                        self.ServerType.HTTP1_CHUNKED)
+        self._configure_log_expectations(tr.Processes.Default)
+
+    def _configure_inbound_http2_to_origin_test_run(self) -> None:
+        """Configure the TestRun for inbound stream configuration."""
+        tr = Test.AddTestRun(f'{self._description} - inbound, HTTP/2 origin')
+        self._configure_test_run_common(tr, self.IS_INBOUND,
+                                        self.ServerType.HTTP2)
+        self._configure_log_expectations(tr.Processes.Default)
+
+    def _configure_outbound_test_run(self) -> None:
+        """Configure the TestRun outbound stream configuration."""
+        tr = Test.AddTestRun(f'{self._description} - outbound, HTTP/2 origin')
+        self._configure_test_run_common(tr, self.IS_OUTBOUND,
+                                        self.ServerType.HTTP2)
+        self._configure_log_expectations(self._server)
+
+    def run(self) -> None:
+        """Configure the test run for various origin side configurations."""
+        self._configure_inbound_http1_to_origin_test_run()
+        self._configure_inbound_http2_to_origin_test_run()
+        self._configure_outbound_test_run()
 
 
 #
@@ -266,18 +366,18 @@ def run(self):
 test.run()
 
 #
-# Configuring max_concurrent_streams_in.
+# Configuring max_concurrent_streams_(in|out).
 #
 test = Http2FlowControlTest(
-    description="Configure max_concurrent_streams_in",
-    max_concurrent_streams_in=53)
+    description="Configure max_concurrent_streams",
+    max_concurrent_streams=53)
 test.run()
 
 #
 # Configuring initial_window_size.
 #
 test = Http2FlowControlTest(
-    description="Configure a larger initial_window_size_in",
+    description="Configure a larger initial_window_size_(in|out)",
     initial_window_size=100123)
 test.run()
 
@@ -288,20 +388,21 @@ def run(self):
     description="Configure an unrecognized flow_control.in.policy",
     flow_control_policy=23)
 test.run()
+
 test = Http2FlowControlTest(
-    description="Flow control policy 0 (default): small initial_window_size_in",
+    description="Flow control policy 0 (default): small initial_window_size",
     initial_window_size=500,  # The default is 65 KB.
     flow_control_policy=0)
 test.run()
 test = Http2FlowControlTest(
-    description="Flow control policy 1: 100 byte session, 10 byte stream windows",
-    max_concurrent_streams_in=10,
+    description="Flow control policy 1: 100 byte session, 10 byte streams",
+    max_concurrent_streams=10,
     initial_window_size=10,
     flow_control_policy=1)
 test.run()
 test = Http2FlowControlTest(
-    description="Flow control policy 2: 100 byte session, dynamic stream windows",
-    max_concurrent_streams_in=10,
+    description="Flow control policy 2: 100 byte session, dynamic streams",
+    max_concurrent_streams=10,
     initial_window_size=10,
     flow_control_policy=2)
 test.run()
diff --git a/tests/gold_tests/h2/http2_flow_control_chunked.replay.yaml b/tests/gold_tests/h2/http2_flow_control_chunked.replay.yaml
new file mode 100644
index 00000000000..b30ff37c696
--- /dev/null
+++ b/tests/gold_tests/h2/http2_flow_control_chunked.replay.yaml
@@ -0,0 +1,304 @@
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+meta:
+  version: "1.0"
+
+# This replay file generates an HTTP/2 session with three streams in order to
+# verify that ATS generates the expected SETTINGS and WINDOW_UPDATE frames.
+
+sessions:
+
+- protocol:
+  - name: http
+    version: 2
+  - name: tls
+    sni: www.example.com
+  - name: tcp
+  - name: ip
+
+  transactions:
+
+  - client-request:
+      headers:
+        fields:
+        - [ :method, GET ]
+        - [ :scheme, https ]
+        - [ :authority, www.example.com ]
+        - [ :path, /zero-request ]
+        - [ uuid, zero-request ]
+        - [ X-Request, zero-request ]
+        - [ Content-Length, 0 ]
+
+    proxy-request:
+      headers:
+        fields:
+        - [ X-Request, { value: 'zero-request', as: equal } ]
+
+    server-response:
+      status: 200
+      reason: OK
+      headers:
+        fields:
+        - [ X-Response, zero-response ]
+        - [ Transfer-Encoding, chunked ]
+      content:
+        size: 28
+
+    proxy-response:
+      headers:
+        fields:
+        - [ X-Response, { value: 'zero-response', as: equal } ]
+
+  - client-request:
+      await: zero-request
+
+      headers:
+        fields:
+        - [ :method, POST ]
+        - [ :scheme, https ]
+        - [ :authority, www.example.com ]
+        - [ :path, /first-request ]
+        - [ uuid, first-request ]
+        - [ X-Request, first-request ]
+      content:
+        size: 1200
+
+    proxy-request:
+      headers:
+        fields:
+        - [ X-Request, { value: 'first-request', as: equal } ]
+
+    server-response:
+      status: 200
+      reason: OK
+      headers:
+        fields:
+        - [ X-Response, first-response ]
+        - [ Transfer-Encoding, chunked ]
+      content:
+        size: 1200
+
+    proxy-response:
+      headers:
+        fields:
+        - [ X-Response, { value: 'first-response', as: equal } ]
+
+  - client-request:
+      headers:
+        fields:
+        - [ :method, POST ]
+        - [ :scheme, https ]
+        - [ :authority, www.example.com ]
+        - [ :path, /second-request ]
+        - [ uuid, second-request ]
+        - [ X-Request, second-request ]
+      content:
+        size: 1200
+
+    proxy-request:
+      headers:
+        fields:
+        - [ X-Request, {value: 'second-request', as: equal } ]
+
+    # Intermix a Content-Length encoding just to make sure they interact well
+    # with each other.
+    server-response:
+      status: 200
+      reason: OK
+      headers:
+        fields:
+        - [ X-Response, second-response ]
+        - [ Content-Length, 1200 ]
+      content:
+        size: 1200
+
+    proxy-response:
+      headers:
+        fields:
+        - [ X-Response, {value: 'second-response', as: equal } ]
+
+  - client-request:
+      headers:
+        fields:
+        - [ :method, POST ]
+        - [ :scheme, https ]
+        - [ :authority, www.example.com ]
+        - [ :path, /third-request ]
+        - [ uuid, third-request ]
+        - [ X-Request, third-request ]
+      content:
+        size: 1200
+
+    proxy-request:
+      headers:
+        fields:
+        - [ X-Request, {value: 'third-request', as: equal } ]
+
+    server-response:
+      status: 200
+      reason: OK
+      headers:
+        fields:
+        - [ X-Response, third-response ]
+        - [ Transfer-Encoding, chunked ]
+      content:
+        size: 1200
+
+    proxy-response:
+      headers:
+        fields:
+        - [ X-Response, {value: 'third-response', as: equal } ]
+
+  - client-request:
+      # Intentionally test a stream after the three other parallel POST
+      # requests.
+      delay: 500ms
+
+      headers:
+        fields:
+        - [ :method, POST ]
+        - [ :scheme, https ]
+        - [ :authority, www.example.com ]
+        - [ :path, /fourth-request ]
+        - [ uuid, fourth-request ]
+        - [ X-Request, fourth-request ]
+      content:
+        # Send a very large DATA frame so that we exceed the 65,535 window
+        # size of most of the test runs.
+        size: 120000
+
+    proxy-request:
+      headers:
+        fields:
+        - [ X-Request, {value: 'fourth-request', as: equal } ]
+
+    server-response:
+      status: 200
+      reason: OK
+      headers:
+        fields:
+        - [ X-Response, fourth-response ]
+        - [ Transfer-Encoding, chunked ]
+      content:
+        size: 120000
+
+    proxy-response:
+      headers:
+        fields:
+        - [ X-Response, {value: 'fourth-response', as: equal } ]
+
+  - client-request:
+      # Give the above request time to process and give us an opportunity to
+      # receive any other WINDOW_UPDATE frames.
+      delay: 500ms
+
+      headers:
+        fields:
+        - [ :method, POST ]
+        - [ :scheme, https ]
+        - [ :authority, www.example.com ]
+        - [ :path, /fifth-request ]
+        - [ uuid, fifth-request ]
+        - [ X-Request, fifth-request ]
+      content:
+        size: 10000
+
+    proxy-request:
+      headers:
+        fields:
+        - [ X-Request, {value: 'fifth-request', as: equal } ]
+
+    server-response:
+      status: 200
+      reason: OK
+      headers:
+        fields:
+        - [ X-Response, fifth-response ]
+        - [ Transfer-Encoding, chunked ]
+      content:
+        size: 10000
+
+    proxy-response:
+      headers:
+        fields:
+        - [ X-Response, {value: 'fifth-response', as: equal } ]
+
+  - client-request:
+      # Populate the cache with a large response.
+
+      headers:
+        fields:
+        - [ :method, GET ]
+        - [ :scheme, https ]
+        - [ :authority, www.example.com ]
+        - [ :path, /sixth-request ]
+        - [ uuid, sixth-request ]
+        - [ X-Request, sixth-request ]
+
+    proxy-request:
+      headers:
+        fields:
+        - [ X-Request, {value: 'sixth-request', as: equal } ]
+
+    server-response:
+      status: 200
+      reason: OK
+      headers:
+        fields:
+        - [ X-Response, sixth-response ]
+        - [ Cache-Control, max-age=3600 ]
+        - [ Transfer-Encoding, chunked ]
+      content:
+        size: 120000
+
+    proxy-response:
+      headers:
+        fields:
+        - [ X-Response, {value: 'sixth-response', as: equal } ]
+
+
+  # Retrieve an item from the cache. /sixth-request should have been cached in
+  # the previous transaction.
+  - client-request:
+
+      # Give the above transaction enough time to finish.
+      await: sixth-request
+
+      # Add some time to ensure that the sixth-request response is cached.
+      delay: 100ms
+      headers:
+        fields:
+        - [ :method, GET ]
+        - [ :scheme, https ]
+        - [ :authority, www.example.com ]
+        - [ :path, /sixth-request ]
+        - [ uuid, sixth-request-cached ]
+        - [ X-Request, sixth-request-cached ]
+      content:
+        size: 0
+
+    # Configure an error response which we don't expect to receive from the
+    # server because this should be served out of the cache.
+    server-response:
+      status: 500
+      reason: Bad Request
+
+    proxy-response:
+      status: 200
+      headers:
+        fields:
+        - [ X-Response, {value: 'sixth-response', as: equal } ]
diff --git a/tests/gold_tests/h2/http2_rst_stream.test.py b/tests/gold_tests/h2/http2_rst_stream.test.py
new file mode 100644
index 00000000000..e168705b3d9
--- /dev/null
+++ b/tests/gold_tests/h2/http2_rst_stream.test.py
@@ -0,0 +1,199 @@
+'''
+Abort HTTP/2 connection using RST_STREAM frame.
+'''
+
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+Test.Summary = '''
+Abort HTTP/2 connection using RST_STREAM frame.
+'''
+
+Test.SkipUnless(
+    Condition.HasOpenSSLVersion('1.1.1'),
+    Condition.HasProxyVerifierVersion('2.5.2')
+)
+
+#
+# Client sends RST_STREAM after DATA frame
+#
+ts = Test.MakeATSProcess("ts0", enable_tls=True)
+replay_file = "replay_rst_stream/http2_rst_stream_client_after_data.yaml"
+server = Test.MakeVerifierServerProcess("server0", replay_file)
+ts.addDefaultSSLFiles()
+ts.Disk.records_config.update({
+    'proxy.config.ssl.server.cert.path': f'{ts.Variables.SSLDir}',
+    'proxy.config.ssl.server.private_key.path': f'{ts.Variables.SSLDir}',
+    'proxy.config.ssl.client.verify.server.policy': 'PERMISSIVE',
+    'proxy.config.diags.debug.enabled': 3,
+    'proxy.config.diags.debug.tags': 'http',
+    'proxy.config.exec_thread.autoconfig': 0,
+    'proxy.config.exec_thread.limit': 4,
+    'proxy.config.ssl.client.alpn_protocols': 'h2,http/1.1',
+    'proxy.config.http.server_session_sharing.pool': 'thread',
+    'proxy.config.http.server_session_sharing.match': 'ip,sni,cert',
+})
+ts.Disk.remap_config.AddLine(
+    f'map / https://127.0.0.1:{server.Variables.https_port}'
+)
+ts.Disk.ssl_multicert_config.AddLine(
+    'dest_ip=* ssl_cert_name=server.pem ssl_key_name=server.key'
+)
+
+tr = Test.AddTestRun('Client sends RST_STREAM after DATA frame')
+tr.Processes.Default.StartBefore(server)
+tr.Processes.Default.StartBefore(ts)
+tr.AddVerifierClientProcess("client0", replay_file, http_ports=[ts.Variables.port], https_ports=[ts.Variables.ssl_port])
+
+tr.Processes.Default.Streams.All += Testers.ContainsExpression(
+    'Submitting RST_STREAM frame for key 1 after DATA frame with error code INTERNAL_ERROR.',
+    'Detect client abort flag.')
+
+tr.Processes.Default.Streams.All += Testers.ContainsExpression(
+    'Sent frame for key 1: RST_STREAM',
+    'Send RST_STREAM frame.')
+
+server.Streams.All += Testers.ExcludesExpression(
+    'RST_STREAM',
+    'Server is not affected.')
+
+ts.Streams.All += Testers.ContainsExpression(
+    'Received HEADERS frame',
+    'Received HEADERS frame.')
+
+ts.Streams.All += Testers.ContainsExpression(
+    'Received DATA frame',
+    'Received DATA frame.')
+
+ts.Streams.All += Testers.ContainsExpression(
+    'Received RST_STREAM frame',
+    'Received RST_STREAM frame.')
+
+ts.Streams.All += Testers.ContainsExpression(
+    'RST_STREAM: Error Code: 2',
+    'Error Code: ')
+
+#
+# Client sends RST_STREAM after HEADERS frame
+#
+ts = Test.MakeATSProcess("ts1", enable_tls=True)
+replay_file = "replay_rst_stream/http2_rst_stream_client_after_headers.yaml"
+server = Test.MakeVerifierServerProcess("server1", replay_file)
+ts.addDefaultSSLFiles()
+ts.Disk.records_config.update({
+    'proxy.config.ssl.server.cert.path': f'{ts.Variables.SSLDir}',
+    'proxy.config.ssl.server.private_key.path': f'{ts.Variables.SSLDir}',
+    'proxy.config.ssl.client.verify.server.policy': 'PERMISSIVE',
+    'proxy.config.diags.debug.enabled': 3,
+    'proxy.config.diags.debug.tags': 'http',
+    'proxy.config.exec_thread.autoconfig': 0,
+    'proxy.config.exec_thread.limit': 4,
+    'proxy.config.ssl.client.alpn_protocols': 'h2,http/1.1',
+    'proxy.config.http.server_session_sharing.pool': 'thread',
+    'proxy.config.http.server_session_sharing.match': 'ip,sni,cert',
+})
+ts.Disk.remap_config.AddLine(
+    f'map / https://127.0.0.1:{server.Variables.https_port}'
+)
+ts.Disk.ssl_multicert_config.AddLine(
+    'dest_ip=* ssl_cert_name=server.pem ssl_key_name=server.key'
+)
+
+tr = Test.AddTestRun('Client sends RST_STREAM after HEADERS frame')
+tr.Processes.Default.StartBefore(server)
+tr.Processes.Default.StartBefore(ts)
+tr.AddVerifierClientProcess("client1", replay_file, http_ports=[ts.Variables.port], https_ports=[ts.Variables.ssl_port])
+
+tr.Processes.Default.Streams.All += Testers.ContainsExpression(
+    'Submitting RST_STREAM frame for key 1 after HEADERS frame with error code STREAM_CLOSED.',
+    'Detect client abort flag.')
+
+tr.Processes.Default.Streams.All += Testers.ContainsExpression(
+    'Sent frame for key 1: RST_STREAM',
+    'Send RST_STREAM frame.')
+
+server.Streams.All += Testers.ExcludesExpression(
+    'RST_STREAM',
+    'Server is not affected.')
+
+ts.Streams.All += Testers.ContainsExpression(
+    'Received HEADERS frame',
+    'Received HEADERS frame.')
+
+ts.Streams.All += Testers.ExcludesExpression(
+    'Received DATA frame',
+    'Received DATA frame.')
+
+ts.Streams.All += Testers.ContainsExpression(
+    'Received RST_STREAM frame',
+    'Received RST_STREAM frame.')
+
+ts.Streams.All += Testers.ContainsExpression(
+    'RST_STREAM: Error Code: 5',
+    'Error Code: ')
+
+#
+# Server sends RST_STREAM after HEADERS frame
+#
+ts = Test.MakeATSProcess("ts2", enable_tls=True)
+replay_file = "replay_rst_stream/http2_rst_stream_server_after_headers.yaml"
+server = Test.MakeVerifierServerProcess("server2", replay_file)
+ts.addDefaultSSLFiles()
+ts.Disk.records_config.update({
+    'proxy.config.ssl.server.cert.path': f'{ts.Variables.SSLDir}',
+    'proxy.config.ssl.server.private_key.path': f'{ts.Variables.SSLDir}',
+    'proxy.config.ssl.client.verify.server.policy': 'PERMISSIVE',
+    'proxy.config.diags.debug.enabled': 3,
+    'proxy.config.diags.debug.tags': 'http',
+    'proxy.config.exec_thread.autoconfig': 0,
+    'proxy.config.exec_thread.limit': 1,
+    'proxy.config.ssl.client.alpn_protocols': 'h2,http/1.1',
+    'proxy.config.http.server_session_sharing.pool': 'thread',
+    'proxy.config.http.server_session_sharing.match': 'ip,sni,cert',
+})
+ts.Disk.remap_config.AddLine(
+    f'map / https://127.0.0.1:{server.Variables.https_port}'
+)
+ts.Disk.ssl_multicert_config.AddLine(
+    'dest_ip=* ssl_cert_name=server.pem ssl_key_name=server.key'
+)
+
+tr = Test.AddTestRun('Server sends RST_STREAM after HEADERS frame')
+tr.Processes.Default.StartBefore(server)
+tr.Processes.Default.StartBefore(ts)
+tr.AddVerifierClientProcess("client2", replay_file, http_ports=[ts.Variables.port], https_ports=[ts.Variables.ssl_port])
+
+tr.Processes.Default.Streams.All += Testers.ContainsExpression(
+    'HTTP/2 stream is closed with id: 1',
+    'Client is not affected.')
+
+server.Streams.All += "gold/server_after_headers.gold"
+
+ts.Streams.All += Testers.ContainsExpression(
+    'Received RST_STREAM frame',
+    'Received RST_STREAM frame.')
+
+ts.Streams.All += Testers.ContainsExpression(
+    'Send RST_STREAM frame',
+    'Send RST_STREAM frame.')
+
+ts.Streams.All += Testers.ContainsExpression(
+    'Parsed RST_STREAM: Error Code: 11',
+    'Error Code: ')
+
+ts.Streams.All += Testers.ContainsExpression(
+    'Sending RST_STREAM: Error Code: 0',
+    'Error Code: ')
diff --git a/tests/gold_tests/h2/httpbin.test.py b/tests/gold_tests/h2/httpbin.test.py
index 7af2673d475..258d7d91ae0 100644
--- a/tests/gold_tests/h2/httpbin.test.py
+++ b/tests/gold_tests/h2/httpbin.test.py
@@ -30,7 +30,7 @@
     Condition.HasCurlFeature('http2'),
     Condition.HasProgram("shasum", "shasum need to be installed on system for this test to work"),
 )
-Test.ContinueOnFail = True
+#Test.ContinueOnFail = True
 
 # ----
 # Setup httpbin Origin Server
@@ -57,7 +57,7 @@
     'proxy.config.ssl.server.cert.path': '{0}'.format(ts.Variables.SSLDir),
     'proxy.config.ssl.server.private_key.path': '{0}'.format(ts.Variables.SSLDir),
     'proxy.config.diags.debug.enabled': 1,
-    'proxy.config.diags.debug.tags': 'http2',
+    'proxy.config.diags.debug.tags': 'http',
 
 })
 ts.Disk.logging_yaml.AddLines(
diff --git a/tests/gold_tests/h2/replay_h2origin/h1-client-h2-origin.yaml b/tests/gold_tests/h2/replay_h2origin/h1-client-h2-origin.yaml
new file mode 100644
index 00000000000..93fa1cff5df
--- /dev/null
+++ b/tests/gold_tests/h2/replay_h2origin/h1-client-h2-origin.yaml
@@ -0,0 +1,596 @@
+meta:
+  version: '1.0'
+
+sessions:
+  - protocol:
+      - name: http
+        version: '1.1'
+      - name: tls
+        version: TLSv1.3
+        sni: data.brian.example.com
+        proxy-verify-mode: 0
+        proxy-provided-cert: true
+      - name: tcp
+      - name: ip
+        version: '4'
+
+    transactions:
+      #
+      # Test 1: Zero length response.
+      #
+      - all: { headers: { fields: [[ uuid, 1 ]]}}
+
+        client-request:
+          protocol:
+            - name: http
+              version: '1.1'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '1.1'
+          scheme: https
+          method: GET
+          url: /some/path
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 0 ]
+          content:
+            encoding: plain
+            size: 0
+
+        proxy-request:
+          protocol:
+            - name: http
+              version: '2'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '2'
+          scheme: https
+          method: GET
+          url: /some/path
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 0 ]
+          content:
+            encoding: plain
+            size: 0
+
+        server-response:
+          version: '2'
+          status: 200
+          reason: OK
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 0 ]
+          content:
+            encoding: plain
+            size: 0
+
+        proxy-response:
+          version: '2'
+          status: 200
+          reason: OK
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 0 ]
+          content:
+            encoding: plain
+            size: 0
+
+
+      #
+      # Test 2: Non-zero length response.
+      #
+      - all: { headers: { fields: [[ uuid, 2 ]]}}
+
+        client-request:
+          protocol:
+            - name: http
+              version: '1.1'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '1.1'
+          scheme: https
+          method: GET
+          url: /some/path2
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 0 ]
+          content:
+            encoding: plain
+            size: 0
+
+        proxy-request:
+          protocol:
+            - name: http
+              version: '2'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '2'
+          scheme: https
+          method: GET
+          url: /some/path2
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 0 ]
+          content:
+            encoding: plain
+            size: 0
+
+        server-response:
+          version: '2'
+          status: 200
+          reason: OK
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 16 ]
+          content:
+            encoding: plain
+            size: 16
+
+        proxy-response:
+          version: '1.1'
+          status: 200
+          reason: OK
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 16 ]
+          content:
+            encoding: plain
+            size: 16
+
+  - protocol:
+      - name: http
+        version: '1.1'
+      - name: tls
+        version: TLSv1.3
+        sni: data.brian.example.com
+        proxy-verify-mode: 0
+        proxy-provided-cert: true
+      - name: tcp
+      - name: ip
+        version: '4'
+
+    transactions:
+      #
+      # Test 3: 8 byte post with a 404 response.
+      #
+      - all: { headers: { fields: [[ uuid, 3 ]]}}
+
+        client-request:
+          protocol:
+            - name: http
+              version: '1.1'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '1.1'
+          scheme: https
+          method: POST
+          url: /some/path3
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 8 ]
+          content:
+            encoding: plain
+            size: 8
+
+        proxy-request:
+          protocol:
+            - name: http
+              version: '2'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '2'
+          scheme: https
+          method: POST
+          url: /some/path3
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 8 ]
+          content:
+            encoding: plain
+            size: 8
+
+        server-response:
+          version: '2'
+          status: 404
+          reason: "Not Found"
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 0 ]
+          content:
+            encoding: plain
+            size: 0
+
+        proxy-response:
+          version: '2'
+          status: 404
+          reason: "Not Found"
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 0 ]
+          content:
+            encoding: plain
+            size: 0
+      #
+      # Test 4: 32 byte POST with a 200 response.
+      #
+      - all: { headers: { fields: [[ uuid, 4 ]]}}
+
+        client-request:
+          protocol:
+            - name: http
+              version: '1.1'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '1.1'
+          scheme: https
+          method: POST
+          url: /some/path4
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 32 ]
+          content:
+            encoding: plain
+            size: 32
+
+        proxy-request:
+          protocol:
+            - name: http
+              version: '2'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '2'
+          scheme: https
+          method: POST
+          url: /some/path4
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 32 ]
+          content:
+            encoding: plain
+            size: 32
+
+        server-response:
+          version: '2'
+          status: 200
+          reason: OK
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 32 ]
+          content:
+            encoding: plain
+            size: 32
+
+        proxy-response:
+          version: '2'
+          status: 200
+          reason: OK
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 32 ]
+          content:
+            encoding: plain
+            size: 32
+
+      #
+      # Test 5: 3200 byte POST with a 200 response.
+      #
+      - all: { headers: { fields: [[ uuid, 12 ]]}}
+
+        client-request:
+          protocol:
+            - name: http
+              version: '1.1'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '1.1'
+          scheme: https
+          method: POST
+          url: /some/path4
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 3200 ]
+          content:
+            encoding: plain
+            size: 3200
+
+        proxy-request:
+          protocol:
+            - name: http
+              version: '1.1'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '2'
+          scheme: https
+          method: POST
+          url: /some/path4
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 3200 ]
+          content:
+            encoding: plain
+            size: 3200
+
+        server-response:
+          version: '2'
+          status: 200
+          reason: OK
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 1600 ]
+          content:
+            encoding: plain
+            size: 1600
+
+        proxy-response:
+          version: '2'
+          status: 200
+          reason: OK
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 1600 ]
+          content:
+            encoding: plain
+            size: 1600
+
+      #
+      # Test 6: large post body small response
+      #
+      - all: { headers: { fields: [[ uuid, 13 ]]}}
+
+        client-request:
+          protocol:
+            - name: http
+              version: '1.1'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '1.1'
+          scheme: https
+          method: POST
+          url: /some/path4
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 3200 ]
+          content:
+            encoding: plain
+            size: 3200
+
+        proxy-request:
+          protocol:
+            - name: http
+              version: '1.1'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '1.1'
+          scheme: https
+          method: POST
+          url: /some/path4
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 3200 ]
+          content:
+            encoding: plain
+            size: 3200
+
+        server-response:
+          version: '2'
+          status: 200
+          reason: OK
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 16 ]
+          content:
+            encoding: plain
+            size: 16
+
+        proxy-response:
+          version: '1.1'
+          status: 200
+          reason: OK
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 16 ]
+          content:
+            encoding: plain
+            size: 16
+
+      #
+      # Test 7: small post body large response
+      #
+      - all: { headers: { fields: [[ uuid, 14 ]]}}
+
+        client-request:
+          protocol:
+            - name: http
+              version: '1.1'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '1.1'
+          scheme: https
+          method: POST
+          url: /some/path4
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 32 ]
+          content:
+            encoding: plain
+            size: 32
+
+        proxy-request:
+          protocol:
+            - name: http
+              version: '2'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '2'
+          scheme: https
+          method: POST
+          url: /some/path4
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 32 ]
+          content:
+            encoding: plain
+            size: 32
+
+        server-response:
+          version: '2'
+          status: 200
+          reason: OK
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 3200 ]
+          content:
+            encoding: plain
+            size: 3200
+
+        proxy-response:
+          version: '1.1'
+          status: 200
+          reason: OK
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 3200 ]
+          content:
+            encoding: plain
+            size: 3200
diff --git a/tests/gold_tests/h2/replay_h2origin/h2-origin.yaml b/tests/gold_tests/h2/replay_h2origin/h2-origin.yaml
new file mode 100644
index 00000000000..65b133375a4
--- /dev/null
+++ b/tests/gold_tests/h2/replay_h2origin/h2-origin.yaml
@@ -0,0 +1,624 @@
+meta:
+  version: '1.0'
+
+sessions:
+  - protocol:
+      - name: http
+        version: '2'
+      - name: tls
+        version: TLSv1.3
+        sni: data.brian.example.com
+        proxy-verify-mode: 0
+        proxy-provided-cert: true
+      - name: tcp
+      - name: ip
+        version: '4'
+
+    transactions:
+      #
+      # Test 1: Zero length response.
+      #
+      - all: { headers: { fields: [[ uuid, 5 ]]}}
+
+        client-request:
+          protocol:
+            - name: http
+              version: '2'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '2'
+          scheme: https
+          method: GET
+          url: /some/path;arg=1;arg=2?foo
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+          content:
+            encoding: plain
+            size: 0
+
+        proxy-request:
+          protocol:
+            - name: http
+              version: '2'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '2'
+          scheme: https
+          method: GET
+          url:
+            - [ path, { value: /some/path;arg=1;arg=2, as: equal } ]
+            - [ query, { value: foo, as: equal } ]
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 0 ]
+          content:
+            encoding: plain
+            size: 0
+
+        server-response:
+          version: '2'
+          status: 200
+          reason: OK
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 0 ]
+          content:
+            encoding: plain
+            size: 0
+
+        proxy-response:
+          version: '2'
+          status: 200
+          reason: OK
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 0 ]
+          content:
+            encoding: plain
+            size: 0
+
+
+      #
+      # Test 2: Non-zero length response.
+      #
+      - all: { headers: { fields: [[ uuid, 6 ]]}}
+
+        client-request:
+          protocol:
+            - name: http
+              version: '2'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '2'
+          scheme: https
+          method: GET
+          url: /some/path2
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 0 ]
+          content:
+            encoding: plain
+            size: 0
+
+        proxy-request:
+          protocol:
+            - name: http
+              version: '2'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '2'
+          scheme: https
+          method: GET
+          url:
+            - [ path, { value: /some/path2, as: equal } ]
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 0 ]
+          content:
+            encoding: plain
+            size: 0
+
+        server-response:
+          version: '2'
+          status: 200
+          reason: OK
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 16 ]
+          content:
+            encoding: plain
+            size: 16
+
+        proxy-response:
+          version: '2'
+          status: 200
+          reason: OK
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 16 ]
+          content:
+            encoding: plain
+            size: 16
+
+  - protocol:
+      - name: http
+        version: '2'
+      - name: tls
+        version: TLSv1.3
+        sni: data.brian.example.com
+        proxy-verify-mode: 0
+        proxy-provided-cert: true
+      - name: tcp
+      - name: ip
+        version: '4'
+
+    transactions:
+      #
+      # Test 3: 8 byte post with a 404 response.
+      #
+      - all: { headers: { fields: [[ uuid, 7 ]]}}
+
+        client-request:
+          protocol:
+            - name: http
+              version: '2'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '2'
+          scheme: https
+          method: POST
+          url: /some/path3?foo=bar
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 8 ]
+          content:
+            encoding: plain
+            size: 8
+
+        proxy-request:
+          protocol:
+            - name: http
+              version: '2'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '2'
+          scheme: https
+          method: POST
+          url:
+            - [ path, { value: /some/path3, as: equal }]
+            - [ query, { value: foo=bar, as: equal }]
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 8 ]
+          content:
+            encoding: plain
+            size: 8
+
+        server-response:
+          version: '2'
+          status: 404
+          reason: "Not Found"
+          headers:
+            encoding: esc_json
+            fields:
+              - [ bob, 0 ]
+          content:
+            encoding: plain
+            size: 0
+
+        proxy-response:
+          version: '2'
+          status: 404
+          reason: "Not Found"
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 0 ]
+          content:
+            encoding: plain
+            size: 0
+
+        proxy-response:
+          version: '2'
+          status: 404
+          reason: "Not Found"
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 0 ]
+          content:
+            encoding: plain
+            size: 0
+
+      #
+      # Test 4: 32 byte POST with a 200 response.
+      #
+      - all: { headers: { fields: [[ uuid, 8 ]]}}
+
+        client-request:
+          protocol:
+            - name: http
+              version: '2'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '2'
+          scheme: https
+          method: POST
+          url: /some/path4
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 32 ]
+          content:
+            encoding: plain
+            size: 32
+
+        proxy-request:
+          protocol:
+            - name: http
+              version: '2'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '2'
+          scheme: https
+          method: POST
+          url: /some/path4
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 32 ]
+          content:
+            encoding: plain
+            size: 32
+
+        server-response:
+          version: '2'
+          status: 200
+          reason: OK
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 32 ]
+          content:
+            encoding: plain
+            size: 32
+
+        proxy-response:
+          version: '2'
+          status: 200
+          reason: OK
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 32 ]
+          content:
+            encoding: plain
+            size: 32
+
+      #
+      # Test 5: 3200 byte POST with a 200 response.
+      #
+      - all: { headers: { fields: [[ uuid, 9 ]]}}
+
+        client-request:
+          protocol:
+            - name: http
+              version: '2'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '2'
+          scheme: https
+          method: POST
+          url: /some/path4
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 3200 ]
+          content:
+            encoding: plain
+            size: 3200
+
+        proxy-request:
+          protocol:
+            - name: http
+              version: '2'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '2'
+          scheme: https
+          method: POST
+          url: /some/path4
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 3200 ]
+          content:
+            encoding: plain
+            size: 3200
+
+        server-response:
+          version: '2'
+          status: 200
+          reason: OK
+          headers:
+            encoding: esc_json
+            fields:
+              - [ bob, 1600 ]
+          content:
+            encoding: plain
+            size: 1600
+
+        proxy-response:
+          version: '2'
+          status: 200
+          reason: OK
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 1600 ]
+          content:
+            encoding: plain
+            size: 1600
+
+        proxy-response:
+          version: '2'
+          status: 200
+          reason: OK
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 1600 ]
+          content:
+            encoding: plain
+            size: 1600
+
+      #
+      # Test 6: large post body small response
+      #
+      - all: { headers: { fields: [[ uuid, 10 ]]}}
+
+        client-request:
+          protocol:
+            - name: http
+              version: '2'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '2'
+          scheme: https
+          method: POST
+          url: /some/path4
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+          content:
+            encoding: plain
+            size: 3200
+
+        proxy-request:
+          protocol:
+            - name: http
+              version: '2'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '2'
+          scheme: https
+          method: POST
+          url: /some/path4
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 3200 ]
+          content:
+            encoding: plain
+            size: 3200
+
+        server-response:
+          version: '2'
+          status: 200
+          reason: OK
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 16 ]
+          content:
+            encoding: plain
+            size: 16
+
+        proxy-response:
+          version: '2'
+          status: 200
+          reason: OK
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 16 ]
+          content:
+            encoding: plain
+            size: 16
+
+      #
+      # Test 7: small post body large response
+      #
+      - all: { headers: { fields: [[ uuid, 11 ]]}}
+
+        client-request:
+          protocol:
+            - name: http
+              version: '2'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '2'
+          scheme: https
+          method: POST
+          url: /some/path4
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 32 ]
+          content:
+            encoding: plain
+            size: 32
+
+        proxy-request:
+          protocol:
+            - name: http
+              version: '2'
+            - name: tls
+              version: TLSv1.2
+              sni: data.brian.example.com
+              proxy-verify-mode: 1
+              proxy-provided-cert: false
+            - name: tcp
+            - name: ip
+              version: '4'
+
+          version: '2'
+          scheme: https
+          method: POST
+          url: /some/path4
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Host, data.brian.example.com ]
+              - [ Content-Length, 32 ]
+          content:
+            encoding: plain
+            size: 32
+
+        server-response:
+          version: '2'
+          status: 200
+          reason: OK
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 3200 ]
+          content:
+            encoding: plain
+            size: 3200
+
+        proxy-response:
+          version: '2'
+          status: 200
+          reason: OK
+          headers:
+            encoding: esc_json
+            fields:
+              - [ Content-Length, 3200 ]
+          content:
+            encoding: plain
+            size: 3200
diff --git a/tests/gold_tests/h2/replay_rst_stream/http2_rst_stream_client_after_data.yaml b/tests/gold_tests/h2/replay_rst_stream/http2_rst_stream_client_after_data.yaml
new file mode 100644
index 00000000000..d505778f5ea
--- /dev/null
+++ b/tests/gold_tests/h2/replay_rst_stream/http2_rst_stream_client_after_data.yaml
@@ -0,0 +1,54 @@
+meta:
+  version: '1.0'
+sessions:
+- protocol:
+  - name: http
+    version: 2
+  - name: tls
+    sni: test_sni
+  - name: tcp
+  - name: ip
+    version: 4
+  transactions:
+  - client-request:
+      frames:
+      - HEADERS:
+          headers:
+            fields:
+            - [:method, POST]
+            - [:scheme, https]
+            - [:authority, example.data.com]
+            - [:path, /a/path]
+            - [Content-Type, text/html]
+            - [Content-Length, '11']
+            - [uuid, 1]
+      - DATA:
+          content:
+            encoding: plain
+            data: client_test
+            size: 11
+      - RST_STREAM:
+          error-code: INTERNAL_ERROR
+
+    proxy-request:
+      content:
+        encoding: plain
+        data: client_test
+        verify: {as: equal}
+
+    server-response:
+      headers:
+        fields:
+        - [:status, 200]
+        - [Content-Type, text/html]
+        - [Content-Length, '11']
+      content:
+        encoding: plain
+        data: server_test
+        size: 11
+
+    proxy-response:
+      content:
+        encoding: plain
+        data: server_test
+        verify: {as: equal}
diff --git a/tests/gold_tests/h2/replay_rst_stream/http2_rst_stream_client_after_headers.yaml b/tests/gold_tests/h2/replay_rst_stream/http2_rst_stream_client_after_headers.yaml
new file mode 100644
index 00000000000..58415705a00
--- /dev/null
+++ b/tests/gold_tests/h2/replay_rst_stream/http2_rst_stream_client_after_headers.yaml
@@ -0,0 +1,54 @@
+meta:
+  version: '1.0'
+sessions:
+- protocol:
+  - name: http
+    version: 2
+  - name: tls
+    sni: test_sni
+  - name: tcp
+  - name: ip
+    version: 4
+  transactions:
+  - client-request:
+      frames:
+      - HEADERS:
+          headers:
+            fields:
+            - [:method, POST]
+            - [:scheme, https]
+            - [:authority, example.data.com]
+            - [:path, /a/path]
+            - [Content-Type, text/html]
+            - [Content-Length, '11']
+            - [uuid, 1]
+      - RST_STREAM:
+          error-code: STREAM_CLOSED
+      - DATA:
+          content:
+            encoding: plain
+            data: client_test
+            size: 11
+
+    proxy-request:
+      content:
+        encoding: plain
+        data: client_test
+        verify: {as: equal}
+
+    server-response:
+      headers:
+        fields:
+        - [:status, 200]
+        - [Content-Type, text/html]
+        - [Content-Length, '11']
+      content:
+        encoding: plain
+        data: server_test
+        size: 11
+
+    proxy-response:
+      content:
+        encoding: plain
+        data: server_test
+        verify: {as: equal}
diff --git a/tests/gold_tests/h2/replay_rst_stream/http2_rst_stream_server_after_headers.yaml b/tests/gold_tests/h2/replay_rst_stream/http2_rst_stream_server_after_headers.yaml
new file mode 100644
index 00000000000..1ce5c320382
--- /dev/null
+++ b/tests/gold_tests/h2/replay_rst_stream/http2_rst_stream_server_after_headers.yaml
@@ -0,0 +1,48 @@
+meta:
+  version: '1.0'
+sessions:
+- protocol:
+  - name: http
+    version: 2
+  - name: tls
+    sni: test_sni
+  - name: tcp
+  - name: ip
+    version: 4
+  transactions:
+  - client-request:
+      headers:
+        fields:
+        - [:method, POST]
+        - [:scheme, https]
+        - [:authority, example.data.com]
+        - [:path, /a/path]
+        - [Content-Type, text/html]
+        - [Content-Length, '11']
+        - [uuid, 1]
+      content:
+        encoding: plain
+        data: client_test
+        size: 11
+
+    proxy-request:
+      content:
+        encoding: plain
+        data: client_test
+        verify: {as: equal}
+
+    server-response:
+      frames:
+      - HEADERS:
+          headers:
+            fields:
+            - [:status, 200]
+            - [Content-Type, text/html]
+            - [Content-Length, '11']
+      - RST_STREAM:
+          error-code: ENHANCE_YOUR_CALM
+      - DATA:
+          content:
+            encoding: plain
+            data: server_test
+            size: 11
diff --git a/tests/gold_tests/post_slow_server/gold/post_slow_server_max_requests_in_0_stderr.gold b/tests/gold_tests/post_slow_server/gold/post_slow_server_max_requests_in_0_stderr.gold
index 0d5e92cc8ed..3c0d989168e 100644
--- a/tests/gold_tests/post_slow_server/gold/post_slow_server_max_requests_in_0_stderr.gold
+++ b/tests/gold_tests/post_slow_server/gold/post_slow_server_max_requests_in_0_stderr.gold
@@ -1,5 +1,5 @@
 ``
 > POST / HTTP/1.1
 ``
-< HTTP/1.1 502 Broken pipe
+< HTTP/1.1 502 Connection refused
 ``
diff --git a/tests/gold_tests/redirect/redirect_post.test.py b/tests/gold_tests/redirect/redirect_post.test.py
index 21182feed14..852590e3e4e 100644
--- a/tests/gold_tests/redirect/redirect_post.test.py
+++ b/tests/gold_tests/redirect/redirect_post.test.py
@@ -38,7 +38,8 @@
     'proxy.config.http.number_of_redirections': MAX_REDIRECT,
     'proxy.config.http.post_copy_size': 919430601,
     'proxy.config.http.redirect.actions': 'self:follow',  # redirects to self are not followed by default
-    # 'proxy.config.diags.debug.enabled': 1,
+    'proxy.config.diags.debug.enabled': 1,
+    'proxy.config.diags.debug.tags': 'http',
 })
 
 redirect_request_header = {
diff --git a/tests/gold_tests/slow_post/server_abort.test.py b/tests/gold_tests/slow_post/server_abort.test.py
new file mode 100644
index 00000000000..1b80ac031a3
--- /dev/null
+++ b/tests/gold_tests/slow_post/server_abort.test.py
@@ -0,0 +1,51 @@
+'''
+'''
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+import re
+
+Test.Summary = '''
+AuTest with bad configuration of microserver to simulate server aborting the connection unexpectedly
+'''
+ts = Test.MakeATSProcess("ts", enable_tls=True)
+# note the microserver by default is not configured to use ssl
+server = Test.MakeOriginServer("server")
+ts.Disk.remap_config.AddLine(
+    # The following config tells ATS to do tls with the origin server on a
+    # non-tls port. This is misconfigured intentionally to trigger an exception
+    # on the origin server so that it aborts the connection upon receiving a
+    # request
+    'map / https://127.0.0.1:{0}'.format(server.Variables.Port))
+ts.Disk.ssl_multicert_config.AddLine(
+    'dest_ip=* ssl_cert_name=aaa-signed.pem ssl_key_name=aaa-signed.key'
+)
+ts.Disk.records_config.update({
+    'proxy.config.diags.debug.tags': 'http|dns',
+    'proxy.config.diags.debug.enabled': 1,
+    'proxy.config.ssl.server.cert.path': f'{Test.TestDirectory}/test_secrets',
+    'proxy.config.ssl.server.private_key.path': f'{Test.TestDirectory}/test_secrets',
+})
+
+tr = Test.AddTestRun()
+tr.Processes.Default.StartBefore(server)
+tr.Processes.Default.StartBefore(ts)
+tr.Processes.Default.Command = "curl -v -k -H \"host: foo.com\" https://127.0.0.1:{0}".format(ts.Variables.ssl_port)
+tr.ReturnCode = 0
+tr.StillRunningAfter = server
+tr.StillRunningAfter = ts
+server.Streams.stderr += Testers.ContainsExpression(
+    "UnicodeDecodeError",
+    "Verify that the server raises an exception when processing the request.")
diff --git a/tests/gold_tests/slow_post/test_secrets/aaa-signed.key b/tests/gold_tests/slow_post/test_secrets/aaa-signed.key
new file mode 100644
index 00000000000..64090deaafb
--- /dev/null
+++ b/tests/gold_tests/slow_post/test_secrets/aaa-signed.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA4Uim3ZOB1IfLWxpSjQ60dq2j7oVi5fW8idDg3zZOxBv2NlTm
+Ca4uFtwW+Jhv4CSed/7ggoPvtuxHvTy4w2rwxFpM29sInRjQdJJ/gftIIkaEqZ5c
+qleGBsaG5CLDFSPejJ2+rSY0FWg2/F9GxljV6BNgO0ukv3AjeIGpRdZF3mJIozb3
+fU3/XOrgDfCt6IH9ZBPHhRA1DzkuBtBkStDgXVYr3bzfhmVb9tMKZRJjLUPjKfa2
+4ninFKXl/2S6/RHSRcLWde3U4IizmfepXiIFi2j49UGiDzCq3sKCvMsAahwwx8fR
+FEMMwV6oWJM0rgzoz8YEPBC2oRO1FCIkHOYHEQIDAQABAoIBAAqIUwTY+KDvGFrS
+CDoADf/ebmOgaNdHfeETmu/UoioZBJHVtkuNkSoQcCJ/PfvEuoPxrp1rfbGXqmL2
+i8zXGxqS/jTpMKXnmxdYIg35qY2wrlMfzEVKgkGe1n+kAGrkmmsIlPmTZ6v4i1mR
+OsXbMWUAQueCydkJbR8dMMTLF8klyLge9G8M3Bm2lqtQnridsRULMbNs22JOQnah
+C/4oOrD7tZLLhMnSzvWP92POZ6a/2vO6ou6rvg6zu9mMw6yNRYSqwyLzztbyhG6Y
+M9ER7v8YJBPfSy+nAQ8VCA9cZb96Ybxwc7BecJAWgg1+tSlak0BNj1qUg4oroSpK
+bRAciIECgYEA99as1TNaPsveRv9nTpIVl4gXpfixQMx0gpnivYNZW2XpCx5COuML
+t98Lu7Hg6bknukGwWzNGRGFX+3Bx+zsK6+VuFlBxANH9kUzkY9KFonvb3xWbDivG
+2bf+9a3oORNsl2GVkCwhoD/1y0aPR2xZvpEZDAf0apQ1cQ+rikNc31UCgYEA6LPV
+86rDXRfXwwHlcUgEpyJ6kJ6J1OpmsbN8eLm+99TNf8lp974ewXjJkTm6NYOGS11y
+lboAh0IxoUKy0Fuuf0eTmOa+2dee52Np9pElZ6daCX8eTSAOL46GzDCaKfBopYdv
+EWGaU+W/k+Eod5ygEJrZHPRJ5+YrhbHy+o6KcM0CgYEA0zG9sCSFh7Oko62rM/oq
+qilPtaBaM9TGiDBoVoRilg8e6tmLKLEn4DUSw4xOE/0zDHZDuUPVYhntppdomeTz
+ZpfpGtzLnx5SzQnQKfxQ4mhXsh+wNQA7AHbZrjPXCyQxSkLe96+TrAI1C1cCa6O6
+SjlNNcJllpjbfZAT5suGjc0CgYBVr4KkyshNSy5DvDsET4SHFocTIY2XPQi7fl/j
+BGJxV4aj+0Jt2y/wBc4TD7KladzVe39p6qevJoyn2KuHVXsXmv+aWb0E8gStJ0op
+ZKDlXhYlUQ2TUK5ojI7OOUdLEh82dHxNZicxpXO5vDrucFnwQ1SW+M0N+w8jl7bk
+0//eMQKBgQD14laufpbwz6KEj/nihyGHfMCNIV4IgBtSkQIJ4+xM8fjTd4YoLLWn
+wwkFDOvMC5TE8WMVf17Eyo9N6D9OfOwHqoRkC93bcRA/5GCvhO4cnOmzLITAr4m5
+wESxUCaACyXrBZVzRKupZEzsRrVskUC1WbQA2SHAJ7Kx5iAW3d7KuA==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/gold_tests/slow_post/test_secrets/aaa-signed.pem b/tests/gold_tests/slow_post/test_secrets/aaa-signed.pem
new file mode 100644
index 00000000000..2202efae57d
--- /dev/null
+++ b/tests/gold_tests/slow_post/test_secrets/aaa-signed.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICnDCCAYQCAQEwDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAwwGYWFhLWNhMCAX
+DTIwMDgyNTAxNDAzNloYDzIxMjAwODAxMDE0MDM2WjAVMRMwEQYDVQQDDAphYWEt
+c2lnbmVkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Uim3ZOB1IfL
+WxpSjQ60dq2j7oVi5fW8idDg3zZOxBv2NlTmCa4uFtwW+Jhv4CSed/7ggoPvtuxH
+vTy4w2rwxFpM29sInRjQdJJ/gftIIkaEqZ5cqleGBsaG5CLDFSPejJ2+rSY0FWg2
+/F9GxljV6BNgO0ukv3AjeIGpRdZF3mJIozb3fU3/XOrgDfCt6IH9ZBPHhRA1Dzku
+BtBkStDgXVYr3bzfhmVb9tMKZRJjLUPjKfa24ninFKXl/2S6/RHSRcLWde3U4Iiz
+mfepXiIFi2j49UGiDzCq3sKCvMsAahwwx8fRFEMMwV6oWJM0rgzoz8YEPBC2oRO1
+FCIkHOYHEQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAYTvaL8Ii4UW5Z6mQEFxlf
+4yEJlsXlVsjNDcMCU57gN1Hgkswsg5ePvNUkqcj7DyqoSwq9uhKP5ApzVdzhJlVH
+WXsMIp95Tl0pC7L2JisMivOMn2y20wVGge1jXGexq4GOl08Ow/7rCM3xVok/TrIX
+L2f6u+wjJG0YanlDO6l4+aU9+kqpVI7awnOWEshLOHUO4cQdnlF7jkYaEdCp2Ke7
+peycIow1oSTOcIKsqzcHRT/gYOqk3IkCTw0fIpCb5FhcCz7ZYppl5eeJSw0JHNyA
+AOqNfFWJypTWhX8cGI6BKmWQMdR0z6j2pegG/2JOSl4ozFsU2JchzTizI2WxRSzm
+-----END CERTIFICATE-----
diff --git a/tests/gold_tests/timeout/tls_conn_timeout.test.py b/tests/gold_tests/timeout/tls_conn_timeout.test.py
index 86da7ecc4ee..8187220c6cf 100644
--- a/tests/gold_tests/timeout/tls_conn_timeout.test.py
+++ b/tests/gold_tests/timeout/tls_conn_timeout.test.py
@@ -69,7 +69,7 @@
 tr.Processes.Default.Command = 'curl -H"Connection:close" -d "bob" -i http://127.0.0.1:{0}/connect_blocked --tlsv1.2'.format(
     ts.Variables.port)
 tr.Processes.Default.Streams.All = Testers.ContainsExpression(
-    "HTTP/1.1 502 connect failed", "Connect failed")
+    "HTTP/1.1 502 Connection timed out", "Connect failed")
 tr.Processes.Default.ReturnCode = 0
 tr.StillRunningAfter = delay_post_connect
 tr.StillRunningAfter = Test.Processes.ts
@@ -93,7 +93,7 @@
 tr.Processes.Default.Command = 'curl -H"Connection:close" -i http://127.0.0.1:{0}/get_connect_blocked --tlsv1.2'.format(
     ts.Variables.port)
 tr.Processes.Default.Streams.All = Testers.ContainsExpression(
-    "HTTP/1.1 502 connect failed", "Connect failed")
+    "HTTP/1.1 502 Connection timed out", "Connect failed")
 tr.Processes.Default.ReturnCode = 0
 tr.StillRunningAfter = delay_get_connect
 
diff --git a/tests/gold_tests/tls/tls_client_alpn_configuration.replay.yaml b/tests/gold_tests/tls/tls_client_alpn_configuration.replay.yaml
index 9ebb7adf294..ba9fbef1a73 100644
--- a/tests/gold_tests/tls/tls_client_alpn_configuration.replay.yaml
+++ b/tests/gold_tests/tls/tls_client_alpn_configuration.replay.yaml
@@ -44,13 +44,13 @@ sessions:
         fields:
         - [ Host, www.example.com ]
         - [ Content-Length, 0 ]
-        - [ X-Request, alpn_request ]
+        - [ X-Request, alpn_http1_request ]
         - [ uuid, first-request ]
 
     proxy-request:
       headers:
         fields:
-        - [ X-Request, {value: 'alpn_request', as: equal } ]
+        - [ X-Request, {value: 'alpn_http1_request', as: equal } ]
 
     server-response:
         status: 200
@@ -59,13 +59,12 @@ sessions:
           fields:
           - [ Date, "Sat, 16 Mar 2019 03:11:36 GMT" ]
           - [ Content-Length, 36 ]
-          - [ Connection, keep-alive ]
-          - [ X-Response, alpn_response ]
+          - [ X-Response, alpn_http1_response ]
 
     proxy-response:
       headers:
         fields:
-        - [ X-Response, {value: 'alpn_response', as: equal } ]
+        - [ X-Response, {value: 'alpn_http1_response', as: equal } ]
 
 # HTTP/2 over TLS.
 - protocol:
@@ -81,32 +80,36 @@ sessions:
   # This test has more to do with ALPN configuration than the transactions. The
   # following generates a simple request and response.
   - client-request:
-      method: GET
-      url: /some/path/2
-      version: '1.1'
       headers:
         fields:
-        - [ Host, www.example.com ]
+        - [ :method, GET ]
+        - [ :scheme, https ]
+        - [ :authority, www.example.com ]
+        - [ :path, /some/path/2 ]
         - [ Content-Length, 0 ]
-        - [ X-Request, alpn_request ]
-        - [ uuid, first-request ]
+        - [ X-Request, alpn_http2_request ]
+        - [ uuid, second-request ]
+      content:
+        encoding: plain
+        size: 0
 
     proxy-request:
       headers:
         fields:
-        - [ X-Request, {value: 'alpn_request', as: equal } ]
+        - [ X-Request, {value: 'alpn_http2_request', as: equal } ]
 
     server-response:
-        status: 200
-        reason: OK
-        headers:
-          fields:
-          - [ Date, "Sat, 16 Mar 2019 03:11:36 GMT" ]
-          - [ Content-Length, 36 ]
-          - [ Connection, keep-alive ]
-          - [ X-Response, alpn_response ]
+      headers:
+        fields:
+        - [ :status, 200 ]
+        - [ Date, "Sat, 16 Mar 2019 03:11:36 GMT" ]
+        - [ Content-Length, 0 ]
+        - [ X-Response, alpn_http2_response ]
+      content:
+        encoding: plain
+        size: 0
 
     proxy-response:
       headers:
         fields:
-        - [ X-Response, {value: 'alpn_response', as equal } ]
+        - [ X-Response, {value: 'alpn_http2_response', as equal } ]
diff --git a/tests/gold_tests/tls/tls_client_alpn_configuration.test.py b/tests/gold_tests/tls/tls_client_alpn_configuration.test.py
index 1e4fac50817..61cd30847bd 100644
--- a/tests/gold_tests/tls/tls_client_alpn_configuration.test.py
+++ b/tests/gold_tests/tls/tls_client_alpn_configuration.test.py
@@ -111,7 +111,7 @@ def _configure_trafficserver(
             "proxy.config.ssl.client.verify.server.policy": 'PERMISSIVE',
 
             'proxy.config.diags.debug.enabled': 3,
-            'proxy.config.diags.debug.tags': 'ssl',
+            'proxy.config.diags.debug.tags': 'ssl|http',
         })
 
         if records_config_alpn is not None:
@@ -158,7 +158,14 @@ def run(self):
         TestAlpnFunctionality._client_counter += 1
 
 
+#
+# Test default configuration.
+#
 TestAlpnFunctionality().run()
+
+#
+# Test various valid ALPN configurations.
+#
 TestAlpnFunctionality(
     records_config_alpn='http/1.1').run()
 TestAlpnFunctionality(
@@ -166,18 +173,18 @@ def run(self):
 TestAlpnFunctionality(
     records_config_alpn='http/1.1',
     conf_remap_alpn='http/1.1,http/1.0').run()
+TestAlpnFunctionality(
+    records_config_alpn='h2,http/1.1').run()
+TestAlpnFunctionality(
+    records_config_alpn='h2').run()
 
-# TODO: HTTP/2 to origin comes later.
-# TestAlpnFunctionality(
-#   records_config_alpn='h2,http1.1').run()
-
+#
+# Test malformed ALPN configurations.
+#
 TestAlpnFunctionality(
     records_config_alpn='not_a_protocol',
     alpn_is_malformed=True).run()
-
-# Since we do not currently support ALPN with HTTP/2, this will be considered a
-# malformed ALPN protocol.
-# TODO: remove this when we support HTTP/2 to origin.
+# Note that HTTP/3 to origin is not currently supported.
 TestAlpnFunctionality(
-    records_config_alpn='h2',
+    records_config_alpn='h3',
     alpn_is_malformed=True).run()
diff --git a/tools/clang-format.sh b/tools/clang-format.sh
index 255ea30ab5e..10716b6cd6b 100755
--- a/tools/clang-format.sh
+++ b/tools/clang-format.sh
@@ -19,7 +19,7 @@
 #  limitations under the License.
 
 # Update the PKGDATE with the new version date when making a new clang-format binary package.
-PKGDATE="20200514"
+PKGDATE="20230201"
 
 function main() {
   set -e # exit on error
@@ -38,28 +38,24 @@ function main() {
   fi
   DIR=${@:-.}
   PACKAGE="clang-format-${PKGDATE}.tar.bz2"
-  VERSION="clang-format version 10.0.0 (https://github.com/llvm/llvm-project.git d32170dbd5b0d54436537b6b75beaf44324e0c28)"
+  VERSION="clang-format version 15.0.7 (https://github.com/llvm/llvm-project.git 8dfdcc7b7bf66834a761bd8de445840ef68e4d1a)"
 
   URL=${URL:-https://ci.trafficserver.apache.org/bintray/${PACKAGE}}
 
   TAR=${TAR:-tar}
   CURL=${CURL:-curl}
 
-  # default to using native sha1sum command when available
-  if [ $(which sha1sum) ] ; then
-    SHASUM=${SHASUM:-sha1sum}
-  else
-    SHASUM=${SHASUM:-shasum}
-  fi
+  # Default to sha256sum, but honor the env variable just in case
+  SHASUM=${SHASUM:-sha256sum}
 
   ARCHIVE=$ROOT/$(basename ${URL})
 
   case $(uname -s) in
   Darwin)
-    FORMAT=${FORMAT:-${ROOT}/clang-format/clang-format.osx}
+    FORMAT=${FORMAT:-${ROOT}/clang-format/clang-format.macos.$(uname -m)}
     ;;
   Linux)
-    FORMAT=${FORMAT:-${ROOT}/clang-format/clang-format.linux}
+    FORMAT=${FORMAT:-${ROOT}/clang-format/clang-format.linux.$(uname -m)}
     ;;
   *)
     echo "Leif needs to build a clang-format for $(uname -s)"
@@ -72,10 +68,10 @@ function main() {
   if [ ! -e ${FORMAT} -o ! -e ${ROOT}/${PACKAGE} ] ; then
     ${CURL} -L --progress-bar -o ${ARCHIVE} ${URL}
     ${TAR} -x -C ${ROOT} -f ${ARCHIVE}
-    cat > ${ROOT}/sha1 << EOF
-5eec43e5c7f3010d6e6f37639491cabe51de0ab2  ${ARCHIVE}
+    cat > ${ROOT}/sha256 << EOF
+d488b4a4d8b5e824812c80d0188d4814022d903749bf8471b8c54b61aef02990  ${ARCHIVE}
 EOF
-    ${SHASUM} -c ${ROOT}/sha1
+    ${SHASUM} -c ${ROOT}/sha256
     chmod +x ${FORMAT}
   fi
 
@@ -84,8 +80,7 @@ EOF
   ver=$(${FORMAT} --version)
   if [ "$ver" != "$VERSION" ]; then
       echo "Wrong version of clang-format!"
-      echo "See https://bintray.com/apache/trafficserver/clang-format-tools/view for a newer version,"
-      echo "or alternatively, undefine the FORMAT environment variable"
+      echo "Contact the ATS community for help and details about clang-format versions."
       exit 1
   fi
   touch ${INSTALLED_SENTINEL}
diff --git a/tools/git/pre-commit b/tools/git/pre-commit
index 813197766b2..701cecbee62 100755
--- a/tools/git/pre-commit
+++ b/tools/git/pre-commit
@@ -23,14 +23,15 @@ source "$GIT_TOP/tools/clang-format.sh"
 
 case $(uname -s) in
 Darwin)
-    FORMAT=${FORMAT:-${ROOT}/clang-format/clang-format.osx}
+    FORMAT=${FORMAT:-${ROOT}/clang-format/clang-format.macos.$(uname -m)}
     ;;
 Linux)
-    FORMAT=${FORMAT:-${ROOT}/clang-format/clang-format.linux}
+    FORMAT=${FORMAT:-${ROOT}/clang-format/clang-format.linux.$(uname -m)}
     ;;
 *)
     echo "Leif needs to build a clang-format for $(uname -s)"
     exit 2
+    ;;
 esac
 
 # If there is no clang-format in our git repo, then try from git config
@@ -43,14 +44,12 @@ if [ ! -x "$FORMAT" ]; then
 fi
 
 source "$GIT_TOP/tools/autopep8.sh"
-if [ ! -d ${AUTOPEP8_VENV} ]
-then
+if [ ! -d ${AUTOPEP8_VENV} ]; then
     echo "Run \"make autopep8\""
     exit 1
 fi
 source ${AUTOPEP8_VENV}/bin/activate
 
-
 # Where to store the patch
 clang_patch_file=$(mktemp -t clang-format.XXXXXXXXXX)
 autopep8_patch_file=$(mktemp -t autopep8.XXXXXXXXXX)
@@ -59,24 +58,25 @@ trap "rm -f $clang_patch_file $autopep8_patch_file" 0 1 2 3 5 15
 # Loop over all files that are changed, and produce a diff file
 git diff-index --cached --diff-filter=ACMR --name-only HEAD | grep -vE "lib/(?:yamlcpp|swoc)" | while read file; do
     case "$file" in
-	*.cc | *.c | *.h | *.h.in)
-	    ${FORMAT} "$file" | diff -u "$file" - >> "$clang_patch_file"
-	    ;;
-        # Keep this list of Python extensions the same with the list of
-        # extensions searched for in the toosl/autopep8.sh script.
-        *.py | *.cli.ext | *.test.ext)
-            autopep8 \
-                --ignore-local-config \
-                --exclude ${GIT_TOP}/lib/yamlcpp \
-                --max-line-length 132 \
-                --aggressive \
-                --aggressive \
-                --diff \
-                "$file" >> "$autopep8_patch_file"
+    *.cc | *.c | *.h | *.h.in)
+        ${FORMAT} "$file" | diff -u "$file" - >>"$clang_patch_file"
+        ;;
+    # Keep this list of Python extensions the same with the list of
+    # extensions searched for in the toosl/autopep8.sh script.
+    *.py | *.cli.ext | *.test.ext)
+        autopep8 \
+            --ignore-local-config \
+            --exclude ${GIT_TOP}/lib/yamlcpp \
+            --max-line-length 132 \
+            --aggressive \
+            --aggressive \
+            --diff \
+            "$file" >>"$autopep8_patch_file"
+        ;;
     esac
 done
 
-if [ -s "$clang_patch_file" ] ; then
+if [ -s "$clang_patch_file" ]; then
     echo "The commit is not accepted, because clang-format does not match current"
     echo "requirements. Easiest to fix this is to run:"
     echo
@@ -87,8 +87,7 @@ else
     echo
 fi
 
-
-if [ -s "$autopep8_patch_file" ] ; then
+if [ -s "$autopep8_patch_file" ]; then
     echo "The commit is not accepted because autopep8 reports issues with it."
     echo "The easiest way to fix this is to run:"
     echo
diff --git a/tools/http_load/http_load.c b/tools/http_load/http_load.c
index 095672c9b64..e4e81304e87 100644
--- a/tools/http_load/http_load.c
+++ b/tools/http_load/http_load.c
@@ -107,7 +107,7 @@ static sip *sips;
 static int num_sips, max_sips;
 
 /* Protocol symbols. */
-#define PROTO_HTTP 0
+#define PROTO_HTTP  0
 #define PROTO_HTTPS 1
 
 /* Connection states */
@@ -298,12 +298,12 @@ main(int argc, char **argv)
 {
   int argn;
   int start;
-#define START_NONE 0
+#define START_NONE     0
 #define START_PARALLEL 1
-#define START_RATE 2
+#define START_RATE     2
   int start_parallel = -1, start_rate = -1;
   int end;
-#define END_NONE 0
+#define END_NONE    0
 #define END_FETCHES 1
 #define END_SECONDS 2
   int end_fetches = -1, end_seconds = -1;
@@ -649,7 +649,7 @@ read_url_file(char *url_file)
 
   char hdr_buf[2048];
   int hdr_bytes = 0;
-  hdr_bytes += snprintf(&hdr_buf[hdr_bytes], sizeof(hdr_buf) - hdr_bytes, "User-Agent: %s\r\n", user_agent);
+  hdr_bytes     += snprintf(&hdr_buf[hdr_bytes], sizeof(hdr_buf) - hdr_bytes, "User-Agent: %s\r\n", user_agent);
   if (cookie)
     hdr_bytes += snprintf(&hdr_buf[hdr_bytes], sizeof(hdr_buf) - hdr_bytes, "Cookie: %s\r\n", cookie);
   if (do_accept_gzip)
@@ -673,7 +673,7 @@ read_url_file(char *url_file)
     /* Check for room in urls. */
     if (num_urls >= max_urls) {
       max_urls *= 2;
-      urls = (url *)realloc_check((void *)urls, max_urls * sizeof(url));
+      urls     = (url *)realloc_check((void *)urls, max_urls * sizeof(url));
     }
 
     /* Add to table. */
@@ -732,9 +732,9 @@ read_url_file(char *url_file)
         req_bytes += snprintf(&req_buf[req_bytes], sizeof(req_buf) - req_bytes, "Host: %s\r\n", urls[num_urls].hostname);
     }
     if (unique_id == 1) {
-      req_bytes += snprintf(&req_buf[req_bytes], sizeof(req_buf) - req_bytes, "X-ID: ");
+      req_bytes                       += snprintf(&req_buf[req_bytes], sizeof(req_buf) - req_bytes, "X-ID: ");
       urls[num_urls].unique_id_offset = req_bytes;
-      req_bytes += snprintf(&req_buf[req_bytes], sizeof(req_buf) - req_bytes, "%09u\r\n", 0);
+      req_bytes                       += snprintf(&req_buf[req_bytes], sizeof(req_buf) - req_bytes, "%09u\r\n", 0);
     }
 
     // add the common hdr here
@@ -899,7 +899,7 @@ read_sip_file(char *sip_file)
     /* Check for room in sips. */
     if (num_sips >= max_sips) {
       max_sips *= 2;
-      sips = (sip *)realloc_check((void *)sips, max_sips * sizeof(sip));
+      sips     = (sip *)realloc_check((void *)sips, max_sips * sizeof(sip));
     }
 
     /* Add to table. */
@@ -2835,8 +2835,8 @@ close_connection(int cnum)
                 connect_usecs = max_connect_usecs;
     */
     total_connect_usecs += connect_usecs;
-    max_connect_usecs = max(max_connect_usecs, connect_usecs);
-    min_connect_usecs = min(min_connect_usecs, connect_usecs);
+    max_connect_usecs   = max(max_connect_usecs, connect_usecs);
+    min_connect_usecs   = min(min_connect_usecs, connect_usecs);
     ++connects_completed;
   }
   if (connections[cnum].did_response) {
@@ -2846,8 +2846,8 @@ close_connection(int cnum)
                 response_usecs = max_response_usecs;
     */
     total_response_usecs += response_usecs;
-    max_response_usecs = max(max_response_usecs, response_usecs);
-    min_response_usecs = min(min_response_usecs, response_usecs);
+    max_response_usecs   = max(max_response_usecs, response_usecs);
+    min_response_usecs   = min(min_response_usecs, response_usecs);
     ++responses_completed;
   }
   if (connections[cnum].http_status >= 0 && connections[cnum].http_status <= 999) {
diff --git a/tools/http_load/timers.c b/tools/http_load/timers.c
index a6caa826d17..772d5e4182a 100644
--- a/tools/http_load/timers.c
+++ b/tools/http_load/timers.c
@@ -146,10 +146,10 @@ tmr_create(struct timeval *nowP, TimerProc *timer_proc, ClientData client_data,
     t->time = *nowP;
   else
     (void)gettimeofday(&t->time, (struct timezone *)0);
-  t->time.tv_sec += msecs / 1000L;
+  t->time.tv_sec  += msecs / 1000L;
   t->time.tv_usec += (msecs % 1000L) * 1000L;
   if (t->time.tv_usec >= 1000000L) {
-    t->time.tv_sec += t->time.tv_usec / 1000000L;
+    t->time.tv_sec  += t->time.tv_usec / 1000000L;
     t->time.tv_usec %= 1000000L;
   }
   t->hash = hash(t);
@@ -232,10 +232,10 @@ tmr_run(struct timeval *nowP)
       (t->timer_proc)(t->client_data, nowP);
       if (t->periodic) {
         /* Reschedule. */
-        t->time.tv_sec += t->msecs / 1000L;
+        t->time.tv_sec  += t->msecs / 1000L;
         t->time.tv_usec += (t->msecs % 1000L) * 1000L;
         if (t->time.tv_usec >= 1000000L) {
-          t->time.tv_sec += t->time.tv_usec / 1000000L;
+          t->time.tv_sec  += t->time.tv_usec / 1000000L;
           t->time.tv_usec %= 1000000L;
         }
         l_resort(t);
@@ -249,10 +249,10 @@ tmr_reset(struct timeval *nowP, Timer *t)
 {
   mstimeout_cache = -1;
   t->time         = *nowP;
-  t->time.tv_sec += t->msecs / 1000L;
+  t->time.tv_sec  += t->msecs / 1000L;
   t->time.tv_usec += (t->msecs % 1000L) * 1000L;
   if (t->time.tv_usec >= 1000000L) {
-    t->time.tv_sec += t->time.tv_usec / 1000000L;
+    t->time.tv_sec  += t->time.tv_usec / 1000000L;
     t->time.tv_usec %= 1000000L;
   }
   l_resort(t);
diff --git a/tools/jtest/jtest.cc b/tools/jtest/jtest.cc
index 46f5f4c3967..7fd8433e4ee 100644
--- a/tools/jtest/jtest.cc
+++ b/tools/jtest/jtest.cc
@@ -90,20 +90,20 @@
 
 #define SERVER_BUFSIZE 4096
 #define CLIENT_BUFSIZE 2048
-#define MAX_BUFSIZE (65536 + 4096)
+#define MAX_BUFSIZE    (65536 + 4096)
 
 //
 // Constants
 //
-#define MAXFDS 65536
-#define HEADER_DONE -1
-#define POLL_GROUP_SIZE 800
-#define MAX_RESPONSE_LENGTH 1000000
-#define HEADER_SIZE 10000
-#define POLL_TIMEOUT 10
+#define MAXFDS               65536
+#define HEADER_DONE          -1
+#define POLL_GROUP_SIZE      800
+#define MAX_RESPONSE_LENGTH  1000000
+#define HEADER_SIZE          10000
+#define POLL_TIMEOUT         10
 #define STATE_FTP_DATA_READY 0xFAD
-#define MAX_DEFERED_URLS 10000
-#define DEFERED_URLS_BLOCK 2000
+#define MAX_DEFERED_URLS     10000
+#define DEFERED_URLS_BLOCK   2000
 
 #define MAX_REQUEST_BODY_LENGTH MAX_RESPONSE_LENGTH
 
@@ -245,77 +245,78 @@ static int post_support        = 0;
 static int post_size           = 0;
 
 static const ArgumentDescription argument_descriptions[] = {
-  {"proxy_port", 'p', "Proxy Port", "I", &proxy_port, "JTEST_PROXY_PORT", nullptr},
-  {"proxy_host", 'P', "Proxy Host", "S80", &proxy_host, "JTEST_PROXY_HOST", nullptr},
-  {"server_port", 's', "Server Port (0:auto select)", "I", &server_port, "JTEST_SERVER_PORT", nullptr},
-  {"server_host", 'S', "Server Host (null:localhost)", "S80", &local_host, "JTEST_SERVER_HOST", nullptr},
-  {"server_speed", 'r', "Server Bytes Per Second (0:unlimit)", "I", &server_speed, "JTEST_SERVER_SPEED", nullptr},
-  {"server_delay", 'w', "Server Initial Delay (msec)", "I", &server_delay, "JTEST_SERVER_INITIAL_DELAY", nullptr},
-  {"clients", 'c', "Clients", "I", &nclients, "JTEST_CLIENTS", nullptr},
-  {"client_speed", 'R', "Client Bytes Per Second (0:unlimit)", "I", &client_speed, "JTEST_CLIENT_SPEED", nullptr},
-  {"sbuffersize", 'b', "Server Buffer Size", "I", &sbuffersize, "JTEST_SERVER_BUFSIZE", nullptr},
-  {"cbuffersize", 'B', "Client Buffer Size", "I", &cbuffersize, "JTEST_CLIENT_BUFSIZE", nullptr},
-  {"average_over", 'a', "Seconds to Average Over", "I", &average_over, "JTEST_AVERAGE_OVER", nullptr},
-  {"hitrate", 'z', "Hit Rate", "D", &hitrate, "JTEST_HITRATE", nullptr},
-  {"hotset", 'Z', "Hotset Size", "I", &hotset, "JTEST_HOTSET", nullptr},
-  {"interval", 'i', "Reporting Interval (seconds)", "I", &interval, "JTEST_INTERVAL", nullptr},
-  {"keepalive", 'k', "Keep-Alive Length", "I", &keepalive, "JTEST_KEEPALIVE", nullptr},
-  {"keepalive_cons", 'K', "# Keep-Alive Connections (0:unlimit)", "I", &keepalive_cons, "JTEST_KEEPALIVE_CONNECTIONS", nullptr},
-  {"docsize", 'L', "Document Size (-1:varied)", "I", &docsize, "JTEST_DOCSIZE", nullptr},
-  {"skeepalive", 'j', "Server Keep-Alive (0:unlimit)", "I", &server_keepalive, "JTEST_SERVER_KEEPALIVE", nullptr},
-  {"show_urls", 'x', "Show URLs before they are accessed", "F", &show_before, "JTEST_SHOW_URLS", nullptr},
-  {"show_headers", 'X', "Show Headers", "F", &show_headers, "JTEST_SHOW_HEADERS", nullptr},
-  {"ftp", 'f', "FTP Requests", "F", &ftp, "JTEST_FTP", nullptr},
-  {"ftp_mdtm_err_rate", ' ', "FTP MDTM 550 Error Rate", "D", &ftp_mdtm_err_rate, "JTEST_FTP_MDTM_ERR_RATE", nullptr},
-  {"ftp_mdtm_rate", ' ', "FTP MDTM Update Rate (sec, 0:never)", "I", &ftp_mdtm_rate, "JTEST_FTP_MDTM_RATE", nullptr},
-  {"fullpage", 'l', "Full Page (Images)", "F", &fullpage, "JTEST_FULLPAGE", nullptr},
-  {"follow", 'F', "Follow Links", "F", &follow_arg, "JTEST_FOLLOW", nullptr},
-  {"same_host", 'J', "Only follow URLs on same host", "F", &follow_same_arg, "JTEST_FOLLOW_SAME", nullptr},
-  {"test_time", 't', "run for N seconds (0:unlimited)", "I", &test_time, "TEST_TIME", nullptr},
-  {"urls", 'u', "URLs from File", "S256", urls_file, "JTEST_URLS", nullptr},
-  {"urlsdump", 'U', "URLs to File", "S256", urlsdump_file, "JTEST_URLS_DUMP", nullptr},
-  {"hostrequest", 'H', "Host Request(1=yes,2=transparent)", "I", &hostrequest, "JTEST_HOST_REQUEST", nullptr},
-  {"check_content", 'C', "Check returned content", "F", &check_content, "JTEST_CHECK_CONTENT", nullptr},
-  {"nocheck_length", ' ', "Don't check returned length", "F", &nocheck_length, "JTEST_NOCHECK_LENGTH", nullptr},
-  {"obey_redirects", 'm', "Obey Redirects", "f", &obey_redirects, "JTEST_OBEY_REDIRECTS", nullptr},
-  {"embed URL", 'M', "Embed URL in synth docs", "f", &embed_url, "JTEST_EMBED_URL", nullptr},
-  {"url_hash_entries", 'q', "URL Hash Table Size (-1:use file size)", "I", &url_hash_entries, "JTEST_URL_HASH_ENTRIES", nullptr},
-  {"url_hash_filename", 'Q', "URL Hash Table Filename", "S256", url_hash_filename, "JTEST_URL_HASH_FILENAME", nullptr},
-  {"only_clients", 'y', "Only Clients", "F", &only_clients, "JTEST_ONLY_CLIENTS", nullptr},
-  {"only_server", 'Y', "Only Server", "F", &only_server, "JTEST_ONLY_SERVER", nullptr},
-  {"bandwidth_test", 'A', "Bandwidth Test", "I", &bandwidth_test, "JTEST_BANDWIDTH_TEST", nullptr},
-  {"drop_after_CL", 'T', "Drop after Content-Length", "F", &drop_after_CL, "JTEST_DROP", nullptr},
-  {"verbose", 'v', "Verbose Flag", "F", &verbose, "JTEST_VERBOSE", nullptr},
-  {"verbose_errors", 'E', "Verbose Errors Flag", "f", &verbose_errors, "JTEST_VERBOSE_ERRORS", nullptr},
-  {"drand", 'D', "Random Number Seed", "I", &drand_seed, "JTEST_DRAND", nullptr},
-  {"ims_rate", 'I', "IMS Not-Changed Rate", "D", &ims_rate, "JTEST_IMS_RATE", nullptr},
-  {"client_abort_rate", 'g', "Client Abort Rate", "D", &client_abort_rate, "JTEST_CLIENT_ABORT_RATE", nullptr},
-  {"server_abort_rate", 'G', "Server Abort Rate", "D", &server_abort_rate, "JTEST_SERVER_ABORT_RATE", nullptr},
-  {"extra_headers", 'n', "Number of Extra Headers", "I", &extra_headers, "JTEST_EXTRA_HEADERS", nullptr},
-  {"alternates", 'N', "Number of Alternates", "I", &alternates, "JTEST_ALTERNATES", nullptr},
-  {"client_rate", 'e', "Clients Per Sec", "I", &client_rate, "JTEST_CLIENT_RATE", nullptr},
-  {"abort_retry_speed", 'o', "Abort/Retry Speed", "I", &abort_retry_speed, "JTEST_ABORT_RETRY_SPEED", nullptr},
-  {"abort_retry_bytes", ' ', "Abort/Retry Threshold (bytes)", "I", &abort_retry_bytes, "JTEST_ABORT_RETRY_THRESHHOLD_BYTES",
-   nullptr},
-  {"abort_retry_secs", ' ', "Abort/Retry Threshold (secs)", "I", &abort_retry_secs, "JTEST_ABORT_RETRY_THRESHHOLD_SECS", nullptr},
-  {"reload_rate", 'W', "Reload Rate", "D", &reload_rate, "JTEST_RELOAD_RATE", nullptr},
-  {"compd_port", 'O', "Compd port", "I", &compd_port, "JTEST_COMPD_PORT", nullptr},
-  {"compd_suite", '1', "Compd Suite", "F", &compd_suite, "JTEST_COMPD_SUITE", nullptr},
-  {"vary_user_agent", '2', "Vary on User-Agent (use w/ alternates)", "I", &vary_user_agent, "JTEST_VARY_ON_USER_AGENT", nullptr},
-  {"content_type", '3', "Server Content-Type (1 html, 2 jpeg)", "I", &server_content_type, "JTEST_CONTENT_TYPE", nullptr},
-  {"request_extension", '4', "Request Extn (1\".html\" 2\".jpeg\" 3\"/\")", "I", &request_extension, "JTEST_REQUEST_EXTENSION",
-   nullptr},
-  {"no_cache", '5', "Send Server no-cache", "I", &no_cache, "JTEST_NO_CACHE", nullptr},
-  {"zipf_bucket", '7', "Bucket size (of 1M buckets) for Zipf", "I", &zipf_bucket_size, "JTEST_ZIPF_BUCKET_SIZE", nullptr},
-  {"zipf", '8', "Use a Zipf distribution with this alpha (say 1.2)", "D", &zipf, "JTEST_ZIPF", nullptr},
-  {"evo_rate", '9', "Evolving Hotset Rate (evolutions/hour)", "D", &evo_rate, "JTEST_EVOLVING_HOTSET_RATE", nullptr},
-  {"debug", 'd', "Debug Flag", "F", &debug, "JTEST_DEBUG", nullptr},
-  {"range_mode", ' ', "Range Mode", "I", &range_mode, "JTEST_RANGE_MODE", nullptr},
-  {"post_support", ' ', "POST Mode (0 disable(default), 1 random, 2 specified size by post_size)", "I", &post_support,
-   "JTEST_POST_MODE", nullptr},
-  {"post_size", ' ', "POST SIZE", "I", &post_size, "JTEST_POST_SIZE", nullptr},
+  {"proxy_port",        'p', "Proxy Port",                                                              "I",    &proxy_port,          "JTEST_PROXY_PORT",                   nullptr},
+  {"proxy_host",        'P', "Proxy Host",                                                              "S80",  &proxy_host,          "JTEST_PROXY_HOST",                   nullptr},
+  {"server_port",       's', "Server Port (0:auto select)",                                             "I",    &server_port,         "JTEST_SERVER_PORT",                  nullptr},
+  {"server_host",       'S', "Server Host (null:localhost)",                                            "S80",  &local_host,          "JTEST_SERVER_HOST",                  nullptr},
+  {"server_speed",      'r', "Server Bytes Per Second (0:unlimit)",                                     "I",    &server_speed,        "JTEST_SERVER_SPEED",                 nullptr},
+  {"server_delay",      'w', "Server Initial Delay (msec)",                                             "I",    &server_delay,        "JTEST_SERVER_INITIAL_DELAY",         nullptr},
+  {"clients",           'c', "Clients",                                                                 "I",    &nclients,            "JTEST_CLIENTS",                      nullptr},
+  {"client_speed",      'R', "Client Bytes Per Second (0:unlimit)",                                     "I",    &client_speed,        "JTEST_CLIENT_SPEED",                 nullptr},
+  {"sbuffersize",       'b', "Server Buffer Size",                                                      "I",    &sbuffersize,         "JTEST_SERVER_BUFSIZE",               nullptr},
+  {"cbuffersize",       'B', "Client Buffer Size",                                                      "I",    &cbuffersize,         "JTEST_CLIENT_BUFSIZE",               nullptr},
+  {"average_over",      'a', "Seconds to Average Over",                                                 "I",    &average_over,        "JTEST_AVERAGE_OVER",                 nullptr},
+  {"hitrate",           'z', "Hit Rate",                                                                "D",    &hitrate,             "JTEST_HITRATE",                      nullptr},
+  {"hotset",            'Z', "Hotset Size",                                                             "I",    &hotset,              "JTEST_HOTSET",                       nullptr},
+  {"interval",          'i', "Reporting Interval (seconds)",                                            "I",    &interval,            "JTEST_INTERVAL",                     nullptr},
+  {"keepalive",         'k', "Keep-Alive Length",                                                       "I",    &keepalive,           "JTEST_KEEPALIVE",                    nullptr},
+  {"keepalive_cons",    'K', "# Keep-Alive Connections (0:unlimit)",                                    "I",    &keepalive_cons,      "JTEST_KEEPALIVE_CONNECTIONS",        nullptr},
+  {"docsize",           'L', "Document Size (-1:varied)",                                               "I",    &docsize,             "JTEST_DOCSIZE",                      nullptr},
+  {"skeepalive",        'j', "Server Keep-Alive (0:unlimit)",                                           "I",    &server_keepalive,    "JTEST_SERVER_KEEPALIVE",             nullptr},
+  {"show_urls",         'x', "Show URLs before they are accessed",                                      "F",    &show_before,         "JTEST_SHOW_URLS",                    nullptr},
+  {"show_headers",      'X', "Show Headers",                                                            "F",    &show_headers,        "JTEST_SHOW_HEADERS",                 nullptr},
+  {"ftp",               'f', "FTP Requests",                                                            "F",    &ftp,                 "JTEST_FTP",                          nullptr},
+  {"ftp_mdtm_err_rate", ' ', "FTP MDTM 550 Error Rate",                                                 "D",    &ftp_mdtm_err_rate,   "JTEST_FTP_MDTM_ERR_RATE",            nullptr},
+  {"ftp_mdtm_rate",     ' ', "FTP MDTM Update Rate (sec, 0:never)",                                     "I",    &ftp_mdtm_rate,       "JTEST_FTP_MDTM_RATE",                nullptr},
+  {"fullpage",          'l', "Full Page (Images)",                                                      "F",    &fullpage,            "JTEST_FULLPAGE",                     nullptr},
+  {"follow",            'F', "Follow Links",                                                            "F",    &follow_arg,          "JTEST_FOLLOW",                       nullptr},
+  {"same_host",         'J', "Only follow URLs on same host",                                           "F",    &follow_same_arg,     "JTEST_FOLLOW_SAME",                  nullptr},
+  {"test_time",         't', "run for N seconds (0:unlimited)",                                         "I",    &test_time,           "TEST_TIME",                          nullptr},
+  {"urls",              'u', "URLs from File",                                                          "S256", urls_file,            "JTEST_URLS",                         nullptr},
+  {"urlsdump",          'U', "URLs to File",                                                            "S256", urlsdump_file,        "JTEST_URLS_DUMP",                    nullptr},
+  {"hostrequest",       'H', "Host Request(1=yes,2=transparent)",                                       "I",    &hostrequest,         "JTEST_HOST_REQUEST",                 nullptr},
+  {"check_content",     'C', "Check returned content",                                                  "F",    &check_content,       "JTEST_CHECK_CONTENT",                nullptr},
+  {"nocheck_length",    ' ', "Don't check returned length",                                             "F",    &nocheck_length,      "JTEST_NOCHECK_LENGTH",               nullptr},
+  {"obey_redirects",    'm', "Obey Redirects",                                                          "f",    &obey_redirects,      "JTEST_OBEY_REDIRECTS",               nullptr},
+  {"embed URL",         'M', "Embed URL in synth docs",                                                 "f",    &embed_url,           "JTEST_EMBED_URL",                    nullptr},
+  {"url_hash_entries",  'q', "URL Hash Table Size (-1:use file size)",                                  "I",    &url_hash_entries,    "JTEST_URL_HASH_ENTRIES",             nullptr},
+  {"url_hash_filename", 'Q', "URL Hash Table Filename",                                                 "S256", url_hash_filename,    "JTEST_URL_HASH_FILENAME",            nullptr},
+  {"only_clients",      'y', "Only Clients",                                                            "F",    &only_clients,        "JTEST_ONLY_CLIENTS",                 nullptr},
+  {"only_server",       'Y', "Only Server",                                                             "F",    &only_server,         "JTEST_ONLY_SERVER",                  nullptr},
+  {"bandwidth_test",    'A', "Bandwidth Test",                                                          "I",    &bandwidth_test,      "JTEST_BANDWIDTH_TEST",               nullptr},
+  {"drop_after_CL",     'T', "Drop after Content-Length",                                               "F",    &drop_after_CL,       "JTEST_DROP",                         nullptr},
+  {"verbose",           'v', "Verbose Flag",                                                            "F",    &verbose,             "JTEST_VERBOSE",                      nullptr},
+  {"verbose_errors",    'E', "Verbose Errors Flag",                                                     "f",    &verbose_errors,      "JTEST_VERBOSE_ERRORS",               nullptr},
+  {"drand",             'D', "Random Number Seed",                                                      "I",    &drand_seed,          "JTEST_DRAND",                        nullptr},
+  {"ims_rate",          'I', "IMS Not-Changed Rate",                                                    "D",    &ims_rate,            "JTEST_IMS_RATE",                     nullptr},
+  {"client_abort_rate", 'g', "Client Abort Rate",                                                       "D",    &client_abort_rate,   "JTEST_CLIENT_ABORT_RATE",            nullptr},
+  {"server_abort_rate", 'G', "Server Abort Rate",                                                       "D",    &server_abort_rate,   "JTEST_SERVER_ABORT_RATE",            nullptr},
+  {"extra_headers",     'n', "Number of Extra Headers",                                                 "I",    &extra_headers,       "JTEST_EXTRA_HEADERS",                nullptr},
+  {"alternates",        'N', "Number of Alternates",                                                    "I",    &alternates,          "JTEST_ALTERNATES",                   nullptr},
+  {"client_rate",       'e', "Clients Per Sec",                                                         "I",    &client_rate,         "JTEST_CLIENT_RATE",                  nullptr},
+  {"abort_retry_speed", 'o', "Abort/Retry Speed",                                                       "I",    &abort_retry_speed,   "JTEST_ABORT_RETRY_SPEED",            nullptr},
+  {"abort_retry_bytes", ' ', "Abort/Retry Threshold (bytes)",                                           "I",    &abort_retry_bytes,   "JTEST_ABORT_RETRY_THRESHHOLD_BYTES",
+   nullptr                                                                                                                                                                         },
+  {"abort_retry_secs",  ' ', "Abort/Retry Threshold (secs)",                                            "I",    &abort_retry_secs,    "JTEST_ABORT_RETRY_THRESHHOLD_SECS",  nullptr},
+  {"reload_rate",       'W', "Reload Rate",                                                             "D",    &reload_rate,         "JTEST_RELOAD_RATE",                  nullptr},
+  {"compd_port",        'O', "Compd port",                                                              "I",    &compd_port,          "JTEST_COMPD_PORT",                   nullptr},
+  {"compd_suite",       '1', "Compd Suite",                                                             "F",    &compd_suite,         "JTEST_COMPD_SUITE",                  nullptr},
+  {"vary_user_agent",   '2', "Vary on User-Agent (use w/ alternates)",                                  "I",    &vary_user_agent,     "JTEST_VARY_ON_USER_AGENT",           nullptr},
+  {"content_type",      '3', "Server Content-Type (1 html, 2 jpeg)",                                    "I",    &server_content_type, "JTEST_CONTENT_TYPE",                 nullptr},
+  {"request_extension", '4', "Request Extn (1\".html\" 2\".jpeg\" 3\"/\")",                             "I",    &request_extension,   "JTEST_REQUEST_EXTENSION",
+   nullptr                                                                                                                                                                         },
+  {"no_cache",          '5', "Send Server no-cache",                                                    "I",    &no_cache,            "JTEST_NO_CACHE",                     nullptr},
+  {"zipf_bucket",       '7', "Bucket size (of 1M buckets) for Zipf",                                    "I",    &zipf_bucket_size,    "JTEST_ZIPF_BUCKET_SIZE",             nullptr},
+  {"zipf",              '8', "Use a Zipf distribution with this alpha (say 1.2)",                       "D",    &zipf,                "JTEST_ZIPF",                         nullptr},
+  {"evo_rate",          '9', "Evolving Hotset Rate (evolutions/hour)",                                  "D",    &evo_rate,            "JTEST_EVOLVING_HOTSET_RATE",         nullptr},
+  {"debug",             'd', "Debug Flag",                                                              "F",    &debug,               "JTEST_DEBUG",                        nullptr},
+  {"range_mode",        ' ', "Range Mode",                                                              "I",    &range_mode,          "JTEST_RANGE_MODE",                   nullptr},
+  {"post_support",      ' ', "POST Mode (0 disable(default), 1 random, 2 specified size by post_size)", "I",    &post_support,
+   "JTEST_POST_MODE",                                                                                                                                                       nullptr},
+  {"post_size",         ' ', "POST SIZE",                                                               "I",    &post_size,           "JTEST_POST_SIZE",                    nullptr},
   HELP_ARGUMENT_DESCRIPTION(),
-  VERSION_ARGUMENT_DESCRIPTION()};
+  VERSION_ARGUMENT_DESCRIPTION()
+};
 int n_argument_descriptions = countof(argument_descriptions);
 
 struct FD {
@@ -344,11 +345,11 @@ struct FD {
   int next;
   int nalternate  = 0;
   unsigned int ip = 0;
-  unsigned int binary : 1;
-  unsigned int ims : 1;
-  unsigned int range : 1;
+  unsigned int binary        : 1;
+  unsigned int ims           : 1;
+  unsigned int range         : 1;
   unsigned int drop_after_CL : 1;
-  unsigned int client_abort : 1;
+  unsigned int client_abort  : 1;
   unsigned int jg_compressed : 1;
   int *count;
   int bytes;
@@ -530,7 +531,7 @@ append_string(char *dest, const char *src, int *offset_ptr, int max_len)
   }
   memcpy(dest + *offset_ptr, src, num);
   dest[*offset_ptr + num] = '\0';
-  (*offset_ptr) += num;
+  (*offset_ptr)           += num;
 }
 
 // End Library functions
@@ -675,10 +676,10 @@ get_path_from_req(char *buf, char **purl_start, char **purl_end)
   char *url_end   = nullptr;
   if (!strncasecmp(url_start, "GET ", sizeof("GET ") - 1)) {
     url_start += sizeof("GET ") - 1;
-    url_end = (char *)memchr(url_start, ' ', 70);
+    url_end   = (char *)memchr(url_start, ' ', 70);
   } else if (!strncasecmp(url_start, "POST ", sizeof("POST ") - 1)) {
     url_start += sizeof("POST ") - 1;
-    url_end = (char *)memchr(url_start, ' ', 70);
+    url_end   = (char *)memchr(url_start, ' ', 70);
   } else {
     url_end = (char *)memchr(url_start, 0, 70);
   }
@@ -804,21 +805,21 @@ send_response(int sock)
     if (verbose) {
       printf("wrote %d %d\n", sock, err);
     }
-    new_tbytes += err;
+    new_tbytes       += err;
     fd[sock].req_pos += err;
-    fd[sock].bytes += err;
+    fd[sock].bytes   += err;
     if (fd[sock].req_pos >= len) {
       fd[sock].req_pos = -1;
     } else {
       return 0;
     }
     fd[sock].response += url_len;
-    fd[sock].length -= url_len;
+    fd[sock].length   -= url_len;
     if (fd[sock].range) {
       fd[sock].range_bytes -= url_len;
     }
     total_server_response_header_bytes += print_len - url_len;
-    total_server_response_body_bytes += url_len;
+    total_server_response_body_bytes   += url_len;
   }
 
   /* then the response */
@@ -856,11 +857,11 @@ send_response(int sock)
       ink_assert(err <= (int)(fd[sock].range_end - fd[sock].range_start + 1));
     }
 
-    new_tbytes += err;
+    new_tbytes                       += err;
     total_server_response_body_bytes += err;
-    fd[sock].response += err;
-    fd[sock].length -= err;
-    fd[sock].bytes += err;
+    fd[sock].response                += err;
+    fd[sock].length                  -= err;
+    fd[sock].bytes                   += err;
   }
 
   if (fast(sock, server_speed, fd[sock].bytes)) {
@@ -1095,9 +1096,9 @@ parse_header(int sock, int err)
   if (verbose) {
     printf("read %d got %d\n", sock, err);
   }
-  total_proxy_request_bytes += err;
-  new_tbytes += err;
-  fd[sock].req_pos += err;
+  total_proxy_request_bytes             += err;
+  new_tbytes                            += err;
+  fd[sock].req_pos                      += err;
   fd[sock].req_header[fd[sock].req_pos] = 0;
   char *buffer                          = fd[sock].req_header;
   for (i = fd[sock].req_pos - err; i < fd[sock].req_pos; i++) {
@@ -1257,9 +1258,9 @@ send_compd_response(int sock)
       printf("write %d %d\n", sock, err);
     }
 
-    new_tbytes += err;
-    fd[sock].req_pos += err;
-    fd[sock].bytes += err;
+    new_tbytes        += err;
+    fd[sock].req_pos  += err;
+    fd[sock].bytes    += err;
     fd[sock].response = response_buffer + (((fd[sock].length * 2) / 3) % 256);
   }
 
@@ -1287,10 +1288,10 @@ send_compd_response(int sock)
       printf("wrote %d %d\n", sock, err);
     }
 
-    new_tbytes += err;
+    new_tbytes                       += err;
     total_server_response_body_bytes += err;
-    fd[sock].req_pos += err;
-    fd[sock].bytes += err;
+    fd[sock].req_pos                 += err;
+    fd[sock].bytes                   += err;
   }
 
   if (fd[sock].req_pos >= ((fd[sock].length * 2) / 3) + 4) {
@@ -1333,8 +1334,8 @@ read_compd_request(int sock)
         printf("read %d got %d\n", sock, err);
       }
       total_proxy_request_bytes += err;
-      new_tbytes += err;
-      fd[sock].req_pos += err;
+      new_tbytes                += err;
+      fd[sock].req_pos          += err;
       if (fd[sock].req_pos < 4) {
         return 0;
       }
@@ -1376,8 +1377,8 @@ read_compd_request(int sock)
       return -1;
     }
     total_proxy_request_bytes += err;
-    new_tbytes += err;
-    fd[sock].req_pos += err;
+    new_tbytes                += err;
+    fd[sock].req_pos          += err;
   }
 
   if (fd[sock].req_pos >= fd[sock].length + 4) {
@@ -1423,8 +1424,8 @@ read_ftp_request(int sock)
     if (verbose) {
       printf("read %d got %d\n", sock, err);
     }
-    new_tbytes += err;
-    fd[sock].req_pos += err;
+    new_tbytes                            += err;
+    fd[sock].req_pos                      += err;
     fd[sock].req_header[fd[sock].req_pos] = 0;
     char *buffer                          = fd[sock].req_header, *n;
     int res                               = 0;
@@ -2086,7 +2087,7 @@ Lagain : {
     return nullptr;
   }
   start += taglen;
-  len -= taglen;
+  len   -= taglen;
 } // block
 
   while (ParseRules::is_ws(*start) && (end - start > 1)) {
@@ -2278,9 +2279,9 @@ verify_content(int sock, char *buf, int done)
       // to confound the fingerprinting code
       if (l - left < 64) {
         int skip = 64 - (l - left);
-        left -= skip;
-        done -= skip;
-        buf += skip;
+        left     -= skip;
+        done     -= skip;
+        buf      += skip;
         if (done < 0) {
           done = 0;
         }
@@ -2401,23 +2402,23 @@ read_response(int sock)
 
     strcpy(fd[sock].response_header, fd[sock].req_header);
 
-    b1latency += (int)elapsed_from_start(sock);
-    new_cbytes += err;
-    new_tbytes += err;
+    b1latency        += (int)elapsed_from_start(sock);
+    new_cbytes       += err;
+    new_tbytes       += err;
     fd[sock].req_pos += err;
-    fd[sock].bytes += err;
-    fd[sock].active = ink_get_hrtime_internal();
-    int total_read  = fd[sock].req_pos;
-    char *p         = fd[sock].req_header;
-    char *cl        = nullptr;
-    int cli         = 0;
+    fd[sock].bytes   += err;
+    fd[sock].active  = ink_get_hrtime_internal();
+    int total_read   = fd[sock].req_pos;
+    char *p          = fd[sock].req_header;
+    char *cl         = nullptr;
+    int cli          = 0;
     while ((p = strchr(p, '\n'))) {
       if (verbose) {
         printf("read header end? [%s]\n", p);
       }
       if (p[1] == '\n' || (p[1] == '\r' && p[2] == '\n')) {
         int off = 1 + (p[1] == '\r' ? 2 : 1);
-        p += off;
+        p       += off;
         strncpy(fd[sock].response_header, fd[sock].req_header, p - fd[sock].req_header);
         fd[sock].response_header[p - fd[sock].req_header] = '\0';
         int lbody                                         = fd[sock].req_pos - (p - fd[sock].req_header);
@@ -2444,9 +2445,9 @@ read_response(int sock)
             return read_response_error(sock);
           }
         }
-        total_proxy_response_body_bytes += lbody;
+        total_proxy_response_body_bytes   += lbody;
         total_proxy_response_header_bytes += p - fd[sock].req_header;
-        fd[sock].length -= lbody;
+        fd[sock].length                   -= lbody;
         ink_assert(fd[sock].length >= 0);
         fd[sock].req_pos = -1;
         if (fd[sock].length && ts::Random::drandom() < client_abort_rate) {
@@ -2596,10 +2597,10 @@ read_response(int sock)
       return read_response_error(sock);
     }
     total_proxy_response_body_bytes += err;
-    new_cbytes += err;
-    new_tbytes += err;
-    fd[sock].response_remaining += err;
-    fd[sock].bytes += err;
+    new_cbytes                      += err;
+    new_tbytes                      += err;
+    fd[sock].response_remaining     += err;
+    fd[sock].bytes                  += err;
     follow_links(sock);
     if (fd[sock].length != INT_MAX) {
       fd[sock].length -= err;
@@ -2629,7 +2630,7 @@ read_response(int sock)
   }
   new_ops++;
   double thislatency = elapsed_from_start(sock);
-  latency += (int)thislatency;
+  latency            += (int)thislatency;
   lat_ops++;
   if (fd[sock].keepalive > 0) {
     fd[sock].reset();
@@ -2675,10 +2676,10 @@ write_request(int sock)
       printf("write %d %d\n", sock, err);
     }
 
-    new_tbytes += err;
+    new_tbytes                 += err;
     total_client_request_bytes += err;
-    fd[sock].req_pos += err;
-    fd[sock].active = ink_get_hrtime_internal();
+    fd[sock].req_pos           += err;
+    fd[sock].active            = ink_get_hrtime_internal();
 
     if (fd[sock].req_pos >= fd[sock].length) {
       if (verbose) {
@@ -2718,10 +2719,10 @@ write_request(int sock)
       printf("write %d %d\n", sock, err);
     }
 
-    new_tbytes += err;
+    new_tbytes                 += err;
     total_client_request_bytes += err;
-    fd[sock].req_pos += err;
-    fd[sock].active = ink_get_hrtime_internal();
+    fd[sock].req_pos           += err;
+    fd[sock].active            = ink_get_hrtime_internal();
 
     if (fd[sock].req_pos >= fd[sock].post_size) {
       if (verbose) {
@@ -2775,7 +2776,7 @@ write_ftp_response(int sock)
     printf("write %d %d\n", sock, err);
   }
 
-  new_tbytes += err;
+  new_tbytes       += err;
   fd[sock].req_pos += err;
 
   if (fd[sock].req_pos >= fd[sock].length) {
@@ -2918,10 +2919,10 @@ make_random_url(int sock, double *dr, double *h)
     unsigned long long int doc_len_int = doc * 0x14A4D0FB0E93E3A7LL;
     unsigned long int x                = doc_len_int;
     double y                           = (double)x;
-    y /= 0x100000000LL; // deterministic random number between 0 and 1.0
-    fd[sock].response_length = gen_bfc_dist(y);
-    *dr                      = doc;
-    range_mode               = 0;
+    y                                  /= 0x100000000LL; // deterministic random number between 0 and 1.0
+    fd[sock].response_length           = gen_bfc_dist(y);
+    *dr                                = doc;
+    range_mode                         = 0;
   }
 }
 
@@ -3249,14 +3250,14 @@ interval_report()
   }
 }
 
-#define URL_HASH_ENTRIES url_hash_entries
-#define BYTES_PER_ENTRY 3
+#define URL_HASH_ENTRIES   url_hash_entries
+#define BYTES_PER_ENTRY    3
 #define ENTRIES_PER_BUCKET 16
-#define OVERFLOW_ENTRIES 1024 // many many
+#define OVERFLOW_ENTRIES   1024 // many many
 
-#define BUCKETS (URL_HASH_ENTRIES / ENTRIES_PER_BUCKET)
+#define BUCKETS          (URL_HASH_ENTRIES / ENTRIES_PER_BUCKET)
 #define BYTES_PER_BUCKET (BYTES_PER_ENTRY * ENTRIES_PER_BUCKET)
-#define URL_HASH_BYTES (BYTES_PER_ENTRY * (URL_HASH_ENTRIES + OVERFLOW_ENTRIES))
+#define URL_HASH_BYTES   (BYTES_PER_ENTRY * (URL_HASH_ENTRIES + OVERFLOW_ENTRIES))
 
 // NOTE: change to match BYTES_PER_ENTRY
 #define ENTRY_TAG(_x) (((unsigned int)_x[0] << 16) + ((unsigned int)_x[1] << 8) + (unsigned int)_x[2])
@@ -3912,8 +3913,8 @@ ink_web_decompose_url(const char *src_url, char *sche, char *host, char *port, c
   while ((ptr < end - 1) && !fail) {
     if (*(ptr + 0) == '/') {
       if (*(ptr + 1) == '/') {
-        host1 = ptr + 2;
-        ptr += 2; /* skip "//" */
+        host1       = ptr + 2;
+        ptr         += 2; /* skip "//" */
         host_exists = 1;
         fail        = true;
       } else {
@@ -4481,10 +4482,10 @@ ink_web_decompose_url_into_structure(const char *url, InkWebURLComponents *c)
 
 /* types of path segment */
 #define NORMAL 0
-#define DOT 1
+#define DOT    1
 #define DOTDOT 2
-#define ZAP 3
-#define ERROR 4
+#define ZAP    3
+#define ERROR  4
 
 /* We statically allocate this many - if we need more, we dynamically */
 /* allocate them. */
@@ -4712,8 +4713,8 @@ ink_web_unescapify_string(char *dest_in, char *src_in, int max_dest_len)
               *(dest++) = '%';
               *(dest++) = hexdigits[dig1];
               *(dest++) = hexdigits[dig2];
-              dcount += 3;
-              src += 2;
+              dcount    += 3;
+              src       += 2;
             } else {
               ink_warning("ink_web_unescapify_string had to truncate:%s", src_in);
               quit = 1;