A Content Delivery Network (CDN) distributes content across a global network of edge PoPs (Points of Presence), serving requests from the geographically closest node to reduce latency and origin load. Cloudflare operates 310+ PoPs; AWS CloudFront has 600+ edge locations; Fastly focuses on real-time purging (<1 s globally). CDNs cache static assets (images, JS, CSS), dynamic API responses (with short TTLs), and increasingly run edge compute (Cloudflare Workers, Lambda@Edge) for personalisation and auth at the edge.

Key Points

  • Cache-Control directives control CDN caching: `public, max-age=31536000, immutable` for fingerprinted static assets; `no-store` for private/dynamic data; `s-maxage=60` overrides `max-age` for shared caches (CDNs) only.
  • Origin shield (CloudFront Origin Shield, Fastly Shielding): a single regional PoP acts as an intermediary between all edge PoPs and the origin — collapses cache misses from 600+ edges to 1 origin request.
  • Cache invalidation: CloudFront invalidation API (first 1,000 paths/month free, then $0.005/path) — prefer content-addressable URLs (file.abc123.js) over invalidation to avoid stale content and costs.
  • CDN cache hit ratio: target >95% for static assets; measure with `X-Cache: Hit from cloudfront` header; low hit ratios caused by query string variation, cookie variation, or overly granular cache keys.
  • Dynamic content caching: CloudFront supports caching API responses with TTL=5 s — cache `GET /products` for 5 seconds to handle 10,000 RPS with only 2,000 origin RPS (5 RPS × 10 edges hitting origin each second).
  • Edge compute use cases: A/B testing (split traffic at edge), JWT validation (reject invalid tokens before hitting origin), image resizing on-the-fly (Cloudflare Images, CloudFront + Lambda@Edge), geo-blocking.
  • Stale-while-revalidate: serves stale content immediately while asynchronously refreshing the cache — reduces p99 latency spikes during cache expiry, at the cost of briefly serving stale data.
  • CDN failover: CloudFront supports multiple origins with origin failover groups — if primary origin returns 5xx for 3 consecutive health checks, CloudFront automatically switches to the secondary origin.

Real-World Example

GitHub serves 99%+ of its static content (git objects, release archives) via Fastly CDN, using real-time cache purging (< 150 ms global propagation) so that release tarballs are available globally within seconds of a push.