Pantheon Global CDN

Improve Site Performance and Security


Pantheon's new Global CDN is a core platform offering, with improved performance and security for customer sites. Content is served from 60+ global POPs (points of presence) where site pages and assets are cached, plus free managed HTTPS using Let's Encrypt.

Agency WebOps Training

Get the most out of Global CDN with help from the experts at Pantheon. We deliver custom workshops to help development teams master the platform and improve internal WebOps.

How Does It Work?

This new service takes Pantheon's traditional high-performance page and asset caching system (Varnish) and pushes it out globally. Rather than requests coming all the way to our primary datacenter, we can now terminate HTTPS and serve pages from a location much closer to the end-user. This speeds up the time to render a web-page significantly.

Additionally, the Global CDN has an improved cache strategy that eliminates Pantheon's legacy "cache sharding" which meant that the same content needed to be cached in separate edge cache instances. This means higher cache hit rates.

Finally, the Global CDN includes interfaces to dynamically expire selected content from the cache, rather than doing a full cache flush. There are basic implementations available as Drupal modules and WordPress plugins, as well as a developer API for implementing custom cache tagging/clearing behavior.

In early testing we saw multi-second speedups in Visual Progress even within the continental US. International users will benefit even more:

Example before and after page load time


All sites are eligible. Upgrade to the Global CDN to reduce HTTPS costs and take advantage of its superior features and performance.

Feature Comparison

Global CDNDeprecated Edge
PriceIncluded$60/mo surcharge for HTTPS
DeliveryGlobal DistributionUS Datacenter
Cache LookupsRouted to the Pool Most Likely to HitRandomly Routed to One of Three Pools
Cache ClearingNon-blocking, takes up to 150ms to take effectBlocks, takes up to 2000ms
HTTPS Service[Free and Managed](/https)BYO Cert

Cache Clearing

We recommend installing the Pantheon Advanced Page Cache plugin or module to take advantage of the granular cache clearing capabilities of the Global CDN. Additionally, you can remove all pages from cache at once from the Site Dashboard, within the Site Admin, and even from the command line.

For more details, see Clearing Caches for Drupal and WordPress.

Enabling the Global CDN

If you don't see action required in your Domains / HTTPS tool, please contact support to enable the upgrade.

Upgrade Your Site

  1. From the Site Dashboard, click the Start Upgrade button in the Domains / HTTPS section of the Live tab.

  2. It can take up to an hour for the new certificate to deploy across the entire CDN. If you want to avoid any possible hiccoughs you can wait 60 minutes before updating DNS.

    If you want to proceed without waiting, we strongly recommend testing locally before making the final DNS change:

    1. Click the "Details" button next to your site's bare domain.

    2. Copy the "A" record's IP address provided for the site's bare domain.

    3. Add a line to your local hosts file with the IP address from the previous step followed by the domain name, for example:

  3. Test HTTPS locally by entering your domain in the browser. If the site is accessible over HTTPS with a Secure status, the test was successful. Remove the edits made to your hosts file once you have finished testing.

  1. Click Details next to each custom domain to identify DNS values needed to point the domain to your site. Domains that are not yet configured will indicate action is required. You will need to configure your DNS host to use the provided values.

    Terminology: Terms you will see beside your domains and what they mean:

    • Upgrade to CDN: This means the domain is routing to our legacy infrastructure. Click Upgrade to CDN or Details to check and update the DNS recommendations

    • Setup Required: This can mean several things; click Setup Required or Details to get more details

    • Launched: Your domain successfully routes to the Pantheon Platform, and you got your free Let's Encrypt SSL cert. You're good to go!

       Pro Tip

      Look up your DNS host with this free web tool:

    DNS records are cached across the internet and can take up to 72 hours to propagate, depending on the time to live (TTL) configured for the domain's DNS records. Most records update more quickly, and you can track the progress of DNS propagation.

     Pro Tip

    Check the current state of DNS propagation from different parts of the world using this free web tool

  2. If your site relied on the www-redirector provided on our Legacy service, you will need to redirect incoming requests within wp-config.php or settings.php.

For more details, see HTTPS on Pantheon's Global CDN.

Frequently Asked Questions

Is there a deadline to upgrade?

Ultimately the Global CDN will be the default for every site on Pantheon. We encourage customers to upgrade as soon as they have time to do the changes.

I already have a CDN - should I switch?

Pantheon's Global CDN has some advantages over solutions some customers may already have in place:

  1. It includes free and automatic HTTPS service
  2. It is heavily optimized for website performance
  3. It is configured, maintained, and supported by Pantheon
  4. It is available at no additional cost

Even if you want to retain your existing CDN because of specific features they provide, the upgrade will improve your end-user experience, as your custom CDN will be able to pull pages and assets from a nearby Pantheon Global CDN location, rather than the origin datacenter.

Is the www-redirector service still available?

No, the www-redirector service is part of the legacy infrastructure. You can choose your primary domain and redirect all traffic to HTTPS by adding 301 redirects to your site's configuration file (wp-config.php or settings.php).

Are vanity domains supported?

You can upgrade a site to Global CDN that is using vanity domains, but HTTPS will not be provisioned for the vanity domains. Only custom domains will have HTTPS provisioned.

What about Cloudflare?

See Cloudflare Domain Configuration.

Is the CDN configurable?

No, we pre-configured the CDN so you don’t have to hassle with configuration, and we can guarantee performance and uptime. The Global CDN's behavior is the same as our legacy cache which is heavily optimized for Drupal and WordPress sites, and serves billions of pages monthly, except it's globally distributed.

Do I get access to hit rates or other statistics?

Hit rates are not currently available, but you can measure traffic for the Live environment. For details, see Metrics in the Site Dashboard.

Can I use other CDNs with the Pantheon Global CDN?

Yes, but because it adds additional complexity, we suggest you only do so if you identify a need that the Pantheon Global CDN doesn't address. We recommend that you ensure you are enforcing HTTPS only at the outer CDN and are assuming HTTPS in the application. Check your CDN for how to redirect all traffic to HTTPS.

Can I use my own Fastly account with the Pantheon Global CDN?

You can, but as mentioned above you should identify a need for adding additional complexity first. If you're using Fastly TLS services with WordPress, you'll want to check for the HTTP_FASTLY_SSL header so that WordPress can build URLs to your CSS and JS assets correctly. Do this by adding the following to wp-config.php:

if (!empty( $_SERVER['HTTP_FASTLY_SSL'])) {
  $_SERVER['HTTPS'] = 'on';

Can I expose the Surrogate-Key-Raw header?

Yes! Expose Surrogate-Key-Raw by including Pantheon-Debug:1 in a curl request, then use grep to filter the output. Replace in the following example:

curl -IsH "Pantheon-Debug:1" | grep surrogate-key-raw

curl -IsH "Pantheon-Debug:1" | grep surrogate-key-raw

To prevent issues with Twitter card validation and to reduce the overall time to load, the Surrogate-Key-Raw header is not returned by default. Exposing this header provides context for entities included on a given page.