CDN

Explanation

A CDN has hundreds of Point of Presence (PoP) locations worldwide — edge servers in data centers globally. When a user requests a resource, the CDN routes them to the nearest edge server. If that server has the resource cached (cache hit), it serves immediately without contacting the origin. If not (cache miss), it fetches from origin, caches it, and serves it. CDN benefits: lower latency (users download from a server 50ms away instead of 200ms), reduced origin server load (most requests never reach your origin), better availability (CDN absorbs traffic spikes and DDoS attacks), and automatic HTTP/2 and TLS termination at the edge. Cache control: CDNs respect Cache-Control headers. Cache-Control: public, max-age=31536000, immutable tells the CDN to cache for 1 year (appropriate for content-hashed static assets). Cache-Control: no-store prevents caching for sensitive data. Cache invalidation is typically done through the CDN's API or by using content-hashed filenames (bundle.abc123.js) so new deployments use new URLs. Modern CDNs (Cloudflare, Fastly, AWS CloudFront) also support: caching API responses, running JavaScript at the edge (Cloudflare Workers, Vercel Edge Functions), and acting as a WAF blocking malicious traffic before it reaches your origin.

Code Example

// Express.js — cache headers for CDN strategy

// Static assets with content hash: cache forever
app.use('/static', express.static('public', {
  maxAge: '1y',
  immutable: true,
  // Sends: Cache-Control: public, max-age=31536000, immutable
}));

// Shared API responses: short cache
app.get('/api/products', (req, res) => {
  res.set('Cache-Control', 'public, max-age=60, stale-while-revalidate=30');
  res.json(products);
});

// User-specific: never cache via CDN
app.get('/api/profile', authenticate, (req, res) => {
  res.set('Cache-Control', 'private, no-store');
  res.json(req.user);
});

// CloudFront cache invalidation (Node.js AWS SDK)
const { CloudFrontClient, CreateInvalidationCommand } = require('@aws-sdk/client-cloudfront');
const cf = new CloudFrontClient({});
await cf.send(new CreateInvalidationCommand({
  DistributionId: process.env.CF_DIST_ID,
  InvalidationBatch: {
    CallerReference: Date.now().toString(),
    Paths: { Quantity: 1, Items: ['/api/products'] },
  },
}));

Why It Matters for Engineers

CDNs are standard in any production web architecture. Serving static assets without a CDN means every user downloads from your origin server, adding latency proportional to geographic distance and burning server bandwidth. A properly configured CDN is one of the highest ROI performance improvements available. Understanding cache headers also matters for security: serving user-specific data without Cache-Control: private can expose one user's data to another user if CDN caches a personalized response. Cache poisoning is a real vulnerability that requires knowing what's cacheable.