How does CDN cache invalidation work?
A CDN caches origin responses at geographically distributed edge nodes so that subsequent requests are served locally without hitting the origin. Cache invalidation is the mechanism by which stale copies at those edge nodes are replaced or discarded.
**TTL-based expiration** is the default mechanism. The origin sets `Cache-Control: max-age=<seconds>` (or the legacy `Expires` header). Each edge node honours this value independently; once a cached object's age exceeds max-age, the next request triggers a conditional revalidation (`If-None-Match` / `If-Modified-Since`) or a full re-fetch. Because edge nodes are globally distributed and may have cached the object at different times, expiration is not simultaneous—different users may see stale content for different durations within the TTL window.
**API-based purge** (also called instant purge or cache bust) lets operators send an explicit invalidation request—typically a DELETE or POST to the CDN's management API—that propagates a purge signal to all edge nodes. Most major CDNs (Cloudflare, Fastly, Akamai) guarantee propagation within seconds. Purge can target individual URLs, URL patterns (surrogate keys / cache tags), or entire zones. Cache tags are particularly powerful: a single tag like `product:42` can be attached to all pages that embed product 42, and one tag purge clears all of them atomically.
**URL versioning (cache-busting)** sidesteps invalidation entirely by embedding a content hash or build ID in the asset URL (e.g., `app.a3f9c1.js`). The old URL is simply abandoned; it expires naturally. This is the preferred approach for static assets in CI/CD pipelines because it eliminates the race condition between deploy and purge propagation.
**Stale-while-revalidate** is a middle-ground directive: the CDN serves the stale object immediately while fetching a fresh copy in the background. This trades brief staleness for zero-latency updates and is ideal for content that is frequently updated but where millisecond accuracy is not required (news feeds, dashboards).
The hard problem is the window between a deploy and full purge propagation—requests hitting un-purged edges can return stale HTML referencing already-deleted asset URLs. The canonical mitigation is to deploy assets before HTML (atomic immutable asset deploy, then HTML purge), ensuring that any HTML version—old or new—references valid assets.
Explains TTL/Cache-Control, API purge, and URL versioning with at least one trade-off per mechanism.
Covers all mechanisms, explains cache tags, discusses the deploy/purge race condition, and mentions stale-while-revalidate as a consistency knob.
Reading the answer is step one. Explaining it unprompted — under interview pressure — is what actually matters. Get AI-graded feedback on your answer with follow-up probes on your weak points.
Get Graded — Free Assessment