GH GambleHub

CDN and latency reduction optimization

1) Targets and delay map

Latency = DNS + TCP/TLS + TTFB (server/origin/cache) + content delivery (RTT × volumes) + client render.
Optimization = reduce the number of RTTs, reduce bytes, and move computation/cache closer to the user.

2) CDN architecture

Anycast POPs is a near-end BGP routing node.
Tiered caching/Origin Shield - an "umbrella" intermediate layer that reduces the miss storm on the origin.
Geo-/Regional routing - binding of tenant/jurisdiction (data sovereignty, licenses).
Failover - backup origin/region, health samples and fast switch.

3) Cache: keys, headers, strategies

3. 1 Cache keys

The default is' scheme + host + path +? query '.
Add only the parameters you want ('? v =', '? lang =', '? tenant ='). The rest are in ignore-params.
'Vary '- minimal:' Accept-Encoding ',' Accept-Language '(if necessary),' Authorization'usually breaks the cache.

3. 2 Policies

Public statics: 'Cache-Control: public, max-age = 31536000, immutable' + rev (hash in name).
Half-dynamics (directories, rules, FAQ): 's-maxage = 300, stale-while-revalidate = 600, stale-if-error = 86400'.
API-GET: use ETag/Last-Modified, 'SWR/SIE', enable coalescing (one request for a hot key).
Private: personal responses - on the perimeter via edge-compute (ESI/kv) or per-tenant cache.

3. 3 Anti-storm

Request coalescing - collapse simultaneous miss requests.
Serve-stale - give an outdated object when the origin fails.
Background revalidation - update in the background.

4) HTTP/2-3, TCP/TLS and early return

HTTP/2: multiplex, header compression; limit'max concurrent streams', large headers.
HTTP/3 (QUIC): major decrease in mobile/high loss TTFB; keep an eye on Initial-rapids and Retry.
TLS 1. 3: 1-RTT handshake; OCSP stapling; HSTS.
0-RTT: only for idempotent'GET 'and if replay risks are considered.
103 Early Hints: Early 'Link: rel = preload' for critical resources.
Preconnect / DNS-prefetch: `<link rel="preconnect" href="https://cdn. example">`.

5) Edge-compute and "fine personalization"

On the edge: title census, geo/tenant fixation, A/B marking, easy personalization without asking for an origin.
Rule: do not store PII on POP nodes; cache aggregates/public data only.

6) Optimizing media and formats

Images: automatic conversion to WebP/AVIF, resize-on-edge, 'srcset/sizes', 'lazyload'.
Compression: Brotli for texts (HTML/CSS/JS/JSON), gzip fallback.
Video: HLS/DASH, CDN-segment caching, 'preload = metadata', poster.
Fonts: subset + 'font-display: swap'; host with long cache.
Critical CSS: inline first screen; the rest is async.

7) API patterns and caching

Idempotent GET - we cache by request keys (including data version).
ETag: Strong payload hash + 'If-None-Match'.
Surrogate-Control (CDN-specific) to distinguish from the'Cache-Control' client.
Signed URLs - for private static/media.
GraphQL: normalize the key cache by operation/variables; use partial caching/resolver cache.
WebSockets: for real-time - shorten messages, compress (permessage-deflate), position WS-shards closer to the user.

8) Configuration examples

8. 1 NGINX (origin: we cache API-GET)

nginx
We give SWR and ETag location/api/v1/catalog/{
proxy_cache api_cache;
proxy_cache_key "$scheme$request_method$host$uri$is_args$args";
proxy_cache_valid 200 5m;
proxy_cache_use_stale updating error timeout http_500 http_502 http_503 http_504;
add_header Cache-Control "public, s-maxage=300, stale-while-revalidate=600, stale-if-error=86400";
add_header ETag $upstream_http_etag;
proxy_ignore_headers Set-Cookie; # do not break the Set-Cookie proxy_hide_header cache;
proxy_pass http://catalog;
}

8. 2 Fastly VCL (SWR, coalescing, ignore cookies)

vcl sub vcl_recv {
set req. hash_ignore_busy = true;   # coalescing if (req. url. qs ~ "^(?!.(lang    v)=)") { remove req. url. qs; }
if (req. http. Cookie) { remove req. http. Cookie; }
}

sub vcl_backend_response {
set beresp. ttl = 300s;
set beresp. stale_if_error = 86400s;
set beresp. stale_while_revalidate = 600s;
if (beresp. http. Set-Cookie) { unset beresp. http. Set-Cookie; }
}

8. 3 Cloudflare (Transform Rules, Cache Rules, Early Hints — псевдо)

json
{
"cache_rule": {
"if": "http. request. uri. path matches \"/assets/.\"",
"action": {"cache": {"eligibility":"eligible", "ttl": 31536000}}
},
"transform_rule": {
"set_headers": [{"name":"Cache-Control","value":"public, s-maxage=300, stale-while-revalidate=600"}]
},
"early_hints": {"enable": true}
}

9) Mobile networks and "unstable" Internet

Use HTTP/3 aggressively; reduce the size of the critical path (HTML + critical CSS <14 KB).
Priority H2/H3: Prioritize (HTML→CSS→JS→media later).
Retray policy with jitter, idempotency for API.
Size-budgets and bundling: code-splitting, deferred JS, removing unused CSS/JS.

10) Observability and SLO

RUM: TTFB, LCP, INP, CLS by region/ASN/tenants; p95/p99 distributions.
Synthetics: control route "/health/cdn "by POP-s.
Cache metrics: hit-ratio overall and per-key; origin fetch rate; coalescing savings.
Alerts: hit-ratio drop, origin-egress increase, H3-fraction degradation, 5xx per shield.

11) Specifics of iGaming/Finance

Game catalogs/odds: short 's-maxage' + SWR; region-aware ключ (`tenant|region|lang`).
Event peaks (matches, draws): cache warming (pre-warm), "freezing" of heavy personalizations, mirror sources.
Payment/cabinet: do not cache private, but accelerate through H3 + edge-TLS and close region.
Jurisdictions: split domains/paths per-region; 'Vary: X-Region'control.

12) Antipatterns

'Vary: 'on everything; the cache key depends on unnecessary cookies/headers.
Lack of SWR/SIE → black screens for short origin failures.
Clear cache "all over" instead of point disability by tags/keys.
Resources without name revision and with 'max-age = 0'.
Global deny-cache for'Authorization 'even where public is given.
Lack of coalescing → storm on the origin.
Premature "heavy" personalization on POP.

13) Prod Readiness Checklist

  • Anycast POP + tiered/shield; health checks and origin failover.
  • Cache keys are minimal; ignore unnecessary queries/cookies; 'Surrogate-Control'.
  • SWR/SIE enabled, coalescing active; serve-stale on errors.
  • HTTP/3 enabled; TLS 1. 3; 103 Early Hints is configured for critical resources.
  • Images: AVIF/WebP, resize-on-edge; Brotli for lyrics.
  • API-GET с ETag/Last-Modified; idempotency/retreats; do not cache private profiles.
  • Preconnect to static domains; critical CSS inline.
  • Metrics: hit-ratio, origin-egress, TTFB/LCP p95, H3-share, by region/tenant.
  • Cache warm-up plan before events; point disability (tags).
  • Vary/keys/TTL documentation; playbook of incidents (hit-ratio drop).

14) TL; DR

Keep hiking to an origin to a minimum: tiered/shield + proper cache-keys + SWR/SIE + coalescing. Turn on HTTP/3/TLS 1. 3, use 103 Early Hints and preconnect. Compress and convert media at the edge, inline critical CSS. For API - ETag, neat 'Vary', idempotency and reasonable caching 'GET'. Measure hit-ratio, TTFB/LCP p95, origin egress and warm up the cache in advance at peaks.

Contact

Get in Touch

Reach out with any questions or support needs.We are always ready to help!

Start Integration

Email is required. Telegram or WhatsApp — optional.

Your Name optional
Email optional
Subject optional
Message optional
Telegram optional
@
If you include Telegram — we will reply there as well, in addition to Email.
WhatsApp optional
Format: +country code and number (e.g., +380XXXXXXXXX).

By clicking this button, you agree to data processing.