Cache invalidation overview

This page provides an overview of Cloud CDN cache invalidation.

What is cache invalidation?

After an object is cached, it normally remains in the cache until it expires or is evicted to make room for new content. You control the expiration time through standard HTTP headers.

You might want to remove an object from the cache prior to its normal expiration time. You can force an object or set of objects to be ignored by the cache by requesting a cache invalidation.

It is important to ensure that the origin server is returning the correct content before you request the cache invalidation. Otherwise, when Cloud CDN requests the content again, it might cache the incorrect content.

Path patterns

Each invalidation request specifies a path pattern that identifies the object or set of objects that should be invalidated. The path pattern can be either a specific path, such as /cat.jpg, or an entire directory structure, such as /pictures/*. The following rules apply to path patterns:

  • The path pattern must start with /.
  • It cannot include ? or #.
  • It must not include an * except as the final character following a /.
  • If it ends with /*, the preceding string is a prefix, and all objects whose paths begin with that prefix are invalidated.

The path pattern is compared with the path component of the URL, which is everything between the hostname and any ? or # that might be present.

If you have URLs that contain a query string, for example /images.php?image=fred.png, you cannot selectively invalidate objects that differ only by query string. For example, if you have two images, /images.php?image=fred.png and /images.php?image=barney.png, you cannot invalidate only fred.png. To invalidate all images served by images.php, use /images.php as the path pattern.

Invalidating the cache for a single host

Normally, cache invalidation invalidates the path for all your hostnames. For example, if you have and pointed to the same load balancer, and you invalidate /images/cat.jpg, both and are invalidated.

You can restrict the invalidation to only one of the hosts by adding the --host flag to the command.


Invalidation is intended for use in exceptional circumstances, not as part of your normal workflow. Invalidations don't affect cached copies in web browser caches or caches operated by third-party internet service providers.

As an alternative to routine invalidations, you can proactively set appropriate expiration times on responses or use different URLs for different versions of your content. For more information about expiration times, see Expiration times and validation requests.

Invalidations are rate-limited. You can submit at most one invalidation per minute. However, an invalidation can be of any size. Invalidating /images/fred.png counts as one invalidation. Invalidating /images/* also counts as one invalidation.

Invalidate only what you must because invalidating too much might cause a spike in requests that the caches were serving to suddenly hit your instances or buckets.

Because Cloud CDN is a distributed system, it might report that an invalidation has completed even though a small number of caches have not yet processed the invalidation request. This situation is rare and corrects itself automatically.

Requesting cache invalidation with Shared VPC cross-project service referencing

When you're using a global external Application Load Balancer with Shared VPC cross-project service referencing, by default, service project administrators won't have the required permissions to request cache invalidations. This is because cache invalidation is configured in the frontend project (that is, the project that has the forwarding rule, target proxy, and URL map of the load balancer). Thus, cache invalidations can only be issued by principals who have the IAM roles for configuring load balancer related resources in the frontend projects (for example, the Compute Network Admin role).

Service administrators, who control provisioning of the backend services in a separate project, will have to work with the load balancer administrator of the frontend project to issue cache invalidation for their cross-project services.

What's next