Pantheon Global CDN

Improve Site Performance and Security with Pantheon's Global CDN.

Discuss in our Forum Discuss in Slack

Pantheon's Global CDN is a core platform offering, with improved performance and security for customer sites. Content is served from 70+ global POPs (Points Of Presence) where site pages and assets are cached, and HTTPS certificates are fully managed using Let's Encrypt.

Agency WebOps Training

Get the most out of Global CDN with help from the experts at Pantheon. We deliver on-demand training to help development teams master the platform and improve internal WebOps.

How Does It Work?

Global CDN takes Pantheon's high-performance page and asset caching system (Varnish) and pushes it out globally. Rather than requests coming all the way to our primary datacenter, we terminate HTTPS and serve pages from a location much closer to the end-user. This speeds up the time to render a web-page significantly.

  • The Global CDN cache strategy eliminates "cache sharding," in which the same content needs to be cached in separate edge cache instances. This results in higher cache hit rates.

  • Global CDN includes interfaces to dynamically expire selected content from the cache, rather than doing a full cache flush. There are basic implementations available as Drupal modules and WordPress plugins, as well as a developer API for implementing custom cache tagging/clearing behavior.

When we first turned on the Global CDN, we saw multi-second speedups in Visual Progress even within the continental US. International users will benefit even more:

Example before and after page load time

Cache Clearing

We recommend installing the Pantheon Advanced Page Cache plugin or module to take advantage of the granular cache clearing capabilities of the Global CDN. Additionally, you can remove all pages from cache at once from the Site Dashboard, within the Site Admin, and even from the command line.

For more details, see Clearing Caches for Drupal and WordPress.

Persistent Cache

Serve your Drupal or WordPress site even in the unlikely event that it goes down.

The goal of Persistent Cache is to provide a seamless, uninterrupted experience for the user. If the server is not responding and can't serve a new copy of a page, a the CDN will choose to serve a cached version instead of displaying an error, even if the cached version has expired (this is called stale cache).

How long does content stay fresh? Adjust TTL

Adjust the length of time before the site's cached content is considered stale by adjusting the time-to-live (TTL).

Your site’s CMS page-level caching must be correctly configured in order to take advantage of Persistent Cache.

On Drupal and WordPress, you can adjust your CDN edge configuration to serve stale content for a specific amount of time.

For best results, set the cache TTL to a value equal to or over 3700 seconds.

Users with session-style cookies set, or a NO_CACHE cookie set will bypass the cache, and will not see cached content. For best results, set the NO_CACHE cookie to persist longer than the site’s page cache (this includes logged in users and authenticated traffic). Learn more about the exceptions to page caching rules in Caching: Advanced Topics.

Confirm That Persistent Cache Works

To test how stale cache is served, compare the header results of a page refresh when the site's Dev environment is live to the header results when Dev is in Maintenance Mode:

  1. Examine the headers through the command line:

    curl --head https://pantheon.io/docs
    HTTP/2 301
    content-type: text/html
    location: https://pantheon.io/docs/
    server: nginx
    strict-transport-security: max-age=31622400
    x-pantheon-styx-hostname: styx-fe2-a-5d96768699-vcdvh
    x-styx-req-id: b7b8d4d2-04d9-11ec-a467-9a05fab906d1
    cache-control: public, max-age=86400
    date: Tue, 24 Aug 2021 15:30:21 GMT
    x-served-by: cache-mdw17379-MDW, cache-ewr18124-EWR
    x-cache: HIT, HIT
    x-cache-hits: 1, 1
    x-timer: S1629819022.932985,VS0,VE1
    pantheon-trace-id: be58e6a03a904fbfa64515ee136ffd34
    vary: Cookie, Cookie
    age: 9654
    accept-ranges: bytes
    via: 1.1 varnish, 1.1 varnish
    content-length: 162

    Note the result for age or max-age.

  2. Navigate to the site's Dev environment and set the site to Maintenance Mode.

  3. Clear the cache from either the Advanced Page Cache module or from the Dashboard.

  4. In a terminal, cURL the site headers filtered for stale cache:

    curl --head https://pantheon.io/docs | grep PContext-Resp-Is-Stale

    If the response headers include PContext-Resp-Is-Stale, the page has been successfully served from stale cache.

  1. Navigate to the page using Firefox or Chrome, and in the browser's developer tools open the Network tab.

    Find the response headers for the page or asset.

  2. Go to the site's Dev environment and set the site to Maintenance Mode.

  3. Clear the cache from either the Advanced Page Cache module or from the Dashboard.

  4. Go back to the page and Developer Tools, then refresh the page for the newest header responses.

    If the result includes PContext-Resp-Is-Stale, the page has been successfully served from stale cache.

Frequently Asked Questions

I already have a CDN. Can I use it with the Pantheon Global CDN?

Yes, but because it adds additional complexity, we suggest you only do so if you identify a need that the Pantheon Global CDN doesn't address.

To retain your existing CDN, set up a "stacked CDN" configuration. Ensure that you are enforcing HTTPS only at the outer CDN and are assuming HTTPS in the application. Check your CDN for how to redirect all traffic to HTTPS.

While we have some limited documentation for this setup with Cloudflare, this is a largely self-serve practice.

If you need additional features or customization for your CDN, consider our Advanced Global CDN service.

Is the www-redirector service still available?

No, the www-redirector service is part of the legacy infrastructure. You can choose your primary domain and redirect all traffic to HTTPS by adding 301 redirects to your site's configuration file (wp-config.php or settings.php).

Are vanity domains supported?

You can upgrade a site to Global CDN that is using vanity domains, but HTTPS will not be provisioned for the vanity domains. Only custom domains will have HTTPS provisioned.

What about Cloudflare?

See Cloudflare Domain Configuration.

Is the CDN configurable?

No, we pre-configured the CDN so you don’t have to hassle with configuration, and we can guarantee performance and uptime. The Global CDN's behavior is the same as our legacy cache which is heavily optimized for Drupal and WordPress sites, and serves billions of pages monthly, except it's globally distributed.

Do I get access to hit rates or other statistics?

Hit rates are not currently available, but you can measure traffic for the Live environment. For details, see Metrics in the Site Dashboard.

Can I use my own Fastly account with the Pantheon Global CDN?

You can, but as mentioned above you should identify a need for adding additional complexity first. If you're using Fastly TLS services with WordPress, you'll want to check for the HTTP_FASTLY_SSL header so that WordPress can build URLs to your CSS and JS assets correctly. Do this by adding the following to wp-config.php:

wp-config.php
if (!empty( $_SERVER['HTTP_FASTLY_SSL'])) {
  $_SERVER['HTTPS'] = 'on';
}

Can I expose the Surrogate-Key-Raw header?

Yes! Expose Surrogate-Key-Raw by including Pantheon-Debug:1 in a curl request, then use grep to filter the output. Replace https://www.example.com/ in the following example:

curl -IsH "Pantheon-Debug:1" https://www.example.com/ | grep surrogate-key-raw

curl -IsH "Pantheon-Debug:1" https://www.scalewp.io/ | grep surrogate-key-raw

To prevent issues with Twitter card validation and to reduce the overall time to load, the Surrogate-Key-Raw header is not returned by default. Exposing this header provides context for entities included on a given page.

Advanced Global CDN

For custom solutions addressing the unique challenges your site build presents, see our Advanced Global CDN service.