Cloud CDN features

Cloud CDN helps you cache regularly accessed content closer to users, improving performance, lessening the load on your origin infrastructure, and reducing cost-of-delivery.

Our content delivery network is built on top of our global external HTTP(S) load balancer infrastructure and benefits from the routing, intelligent backend selection, and health checking capabilities that it brings. Cloud CDN can be enabled on a per-origin basis, allowing you to serve cacheable and dynamic content (for example, API traffic) from the same underlying load balancer.

This document summarizes the features available in Cloud CDN.

Origin and backend support

Your content can be pulled from any HTTP-capable origin, including Compute Engine and Cloud Storage backends within Google Cloud and origins outside of Google Cloud, such as storage buckets in other clouds.

Feature Supported
Cloud Storage buckets (including redundant multi-region storage)
Custom (external) origins (on-premises, multi-cloud)
Compute Engine virtual machine (VM) instances
Google Kubernetes Engine (GKE) container instances
App Engine, Cloud Functions, or Cloud Run (fully managed) services


Caching behavior can be configured per origin, allowing you fine-grained control over cache keys, TTLs, and other caching features based on the content type being served.

Feature Supported
Custom cache keys (protocol, host, query string parameters)
Include or exclude specific query string parameters
Support for standard Cache-Control directives
Automatically cache common static content types
Set and override client and CDN TTLs (cache expirations) at the edge
Programmatic cache invalidation
Negative caching
Serve content while stale

Route matching and origin selection

Requests landing on Cloud CDN use the Google Cloud load balancing infrastructure to provide comprehensive routing and configuration capabilities at each edge location.

  • Requests for can be routed to a group of Compute Engine backends, while can be mapped to a Cloud Storage bucket.

  • Incoming HTTP requests can be redirected to HTTPS automatically at the edge.

  • Matching can be performed on host, path, query parameter, and header prior to backend (origin) selection.

  • CDN policies, including cache key customization, can be customized per origin.

Feature Supported
Host-based and path-based backend selection
URL redirects
URL rewrites
Header and query parameter matching
Per-origin cache policies

Modern protocols

Modern protocols, including TLS version 1.3 and Google's own QUIC protocol, reduce the time it takes for clients to initiate connections, and increase reliability in adverse or congested network conditions. Anycast allows Google Cloud to route users to the nearest edge cache automatically and avoid relying on DNS propagation delays that can impact availability.

These factors directly benefit the user experience by delivering render-blocking web content more quickly and reducing playback start time and rebuffering when serving video.

Feature Supported
HTTP/2 to clients and origins
TLS version 1.3
Global Anycast (IPv4 and IPv6)

Observability (logging and metrics)

Observability tools provide monitoring, debugging, and performance information to understand how traffic is being served by Cloud CDN. Near real-time metrics and logging are provided by Cloud Logging and Cloud Monitoring.

Feature Supported
Detailed request logs
Cache-hit rate reporting
Request and response metrics:
  • Cache hit rates
  • Request counts and bytes sent/received
  • Per-status code filters
  • Country-level breakdowns
Export to Cloud Storage, BigQuery, or external tools
Alerting (including email, PagerDuty, Slack, and Pub/Sub)

Programmatic, API-driven configuration

All configuration is exposed through our REST API and Google Cloud Console out-of-the-box, allowing you to automate changes across large teams and manage changes programmatically.

Feature Supported
Google Cloud Console
gcloud command-line interface
Terraform support


Applications can use the following request protocols when they use the Cloud CDN-configured data plane to communicate.

Feature Supported
Managed SSL (TLS) certificates (no additional cost)
Bring-your-own SSL (TLS) certificates (no additional cost)
Customizable SSL policies (versions, ciphers)
Encryption at rest
Audit logging

Content authentication

Signed requests let you serve responses from Google Cloud's globally distributed caches, even when you need requests to be authorized.

Feature Supported
Signed URLs (absolute, prefix)
Signed cookies

What's next