Technologies and Infrastructure → CDNs and Content Caching

CDNs and content caching

1) Why CDN and cache

• Fast first byte for catalog, assets, promo, media.
• Peak stability (tournaments/events) without explosive growth in origin capacities.
• Egress savings and predictable cost.
• Geo-control (regulation, content licensing).

2) Basic caching strategies

2. 1 Answers that can be cached

Static: JS/CSS/fonts/icons - long TTL (30-365 days) + file-hash in the name.
Semi-static: game catalogs, banners, configs - TTL from minutes to hours + 'stale-while-revalidate'.
API GET/HEAD: directories, pricing, leadboards - short TTL (5-120 sec) with the correct key.

2. 2 Titles

`Cache-Control: public, max-age=600, stale-while-revalidate=300, stale-if-error=600`

'ETag '/' Last-Modified'for revalidation.
'Surrogate-Control '/' CDN-Cache-Control '(if provider supports).
For private data: 'Cache-Control: no-store' (not just 'no-cache').

2. 3 Cache key

Base: method + URL path + query parameters that affect the response.
Additions: 'Accept-Encoding' (gzip/br), 'Accept' (json/webp/avif), locale ('Accept-Language'), region/currency if content is affected.
Avoid accidental headers (cookies, trace ids) in the key.

3) Vary management and cookies

'Vary: Accept-Encoding, Accept, Accept-Language'is the minimum required set.
CDN cookie stripping for cached paths: remove everything except whitelisted (e.g. AB flags).
Transferring session identifiers to subdomains/paths outside of cached content.

4) TTL and freshness patterns

Immutable static: 'Cache-Control: public, max-age = 31536000, immutable' + versions in filename.
SWRO/SIE: 'stale-while-revalidate' and 'stale-if-error' - UX-resistance in origin problems.
Partitioned TTL: root list of games - 30-60 seconds; game card - 5-10 minutes; banners - 30 min.
API mix: basic reference books - 5-30 min; currencies/limits - 1-5 min; leadboard ― 2-15 sec.

5) Tiered caching и origin shield

Tiered/Regional caches: Requests that pass the edge are fought in the regional "shield" instead of origin.
Advantages: less MISS on origin, smoothing out "storms," cheaper egress.
Group the boards by geo with the highest traffic density (EU, TR, BR, LATAM).

6) Disability and warming up

Purge by path/prefix/tag: tags are convenient for batch cleaning (catalog release, promotional campaign).
Soft purge (grace): mark the content obsolete, but give it away before the new one arrives.
Warm up (prewarm): scenarios during release/before the tournament: polling popular paths, generating sprites and variations of pictures.
Canary disability: partially clean, validate metrics/errors, then expand.

7) Edge rules and functions (Workers/Functions)

Overwriting responses: adding cache headers, normalizing'Vary ', stripping cookies.
Geo/ASN routing: redirects, locale/currency by country.
Signed URLs/Headers for protected media/objects.
Edge-AB tests: light, no increase in load on origin (only for static/semi-static).
Edge-compute: light widget/personalization render, but not hot payment path.

8) Images and videos

8. 1 Pictures

Autoconversion: WebP/AVIF when'Accept 'client; 'Vary: Accept'.
Resizing on edge: parameters' w/h/fit/quality '; prepare presets (card, banner, preview).
Sprites and SVG optimization, lazy-loading at the front.

8. 2 Video/Stream

HLS/DASH with short segments (2-4 sec), overlapping playlists.
Preload nearest segments and 'stale-if-error'.
For live bets - keep segments in regional shield for TTFB cut.

9) API via CDN

Cacheable GET: Add'Cache-Control 'and the correct key (locale/currency/region).
Conditional GET: 'ETag '/' If-None-Match' reduces bytes and TTFB.
POST/PUT: not cached; it is possible to cache POST responses only under explicit rules and idempotent semantics (rarely justified).
Rate limiting/WAF at the edge: Reduces tails by cutting off bots/anomalies.

10) Security, access and compliance

WAF/bot management: signatures, behavioral heuristics, protection against bonus scanners.
Signed URLs/Headers for media and private downloads.
mTLS к origin и IP allow-list.
GDPR/PII/PCI: do not cache sensitive data; API with personal responses - 'no-store'.
Geo-filters/interlocks at the edge according to market regulatory requirements.

11) Network and protocols

Enable HTTP/2/3 on CDN, TLS resumption and OCSP stapling.
Brotli (br) for text formats, gzip - fallback.
TCP/QUIC tuning (at the provider) → less impact of losses, especially on the mobile network.

12) Observability and SLO for CDN

• Hit Ratio (overall and by prefix), Origin Offload.
• TTFB P50/P95/P99 by region/ASN.
• Throughput/Errors by status codes (edge/origin).
• Purge latency.
• Image transform latency (if you are using Edge Resizing).

• Game catalog: TTFB P95 ≤ 150 ms, Offload ≥ 85%.
• Media (images): Hit Ratio ≥ 90%, transformation errors <0. 1%.
• API GET "directories": TTFB P95 ≤ 200 ms, Revalization Hit ≥ 60%.

13) FinOps: cache value

Offload = less than egress with origin → direct $ benefits.
Tiered + shield cut "storms" and MISS load.
Image optimization (AVIF/WebP/resize) provides the greatest traffic savings.
Control P95 response weights and "expensive MISSs" (bytes × number × region).

14) Configs and rules (fragments)

14. 1 Origin Titles (Nginx)

nginx статика с версионированием location ~ \.(css    js    woff2)$ {
add_header Cache-Control "public, max-age=31536000, immutable";
}

полустатика каталога location /catalog/ {
add_header Cache-Control "public, max-age=300, stale-while-revalidate=600, stale-if-error=600";
add_header Vary "Accept, Accept-Language";
}

14. 2 Key normalization on edge (pseudo)

js addRule((req) => {
// очищаем шум req.cookies.clearExcept(['ab', 'locale']);
// ключ = method+path+критичные query key = `${req.method}:${req.path}?lang=${q.lang}&currency=${q.cur}`;
req.setCacheKey(key);
req.setVary(['Accept', 'Accept-Encoding', 'Accept-Language']);
});

14. 3 Signed URL (idea)

/media/{path}?exp=1735707600&sig=HMAC_SHA256(secret, path    exp    ip)
На edge: проверка exp и подписи, опционально привязка к IP/ASN.

15) Release and operation processes

Release hooks: automatic purge by tags/prefixes after deploy.
Prewarm-list: top paths in traffic/conversion - warm up in advance.
Catalog TTL-matrix: agreed with product/marketing.
Incidents: with the growth of MISS/TTFB - turn on stale-if-error, "shoot" expensive transformations on the edge until origin stabilizes.

16) Implementation checklist

1. Content map (static/semi-static/API) and TTL matrix.
2. Correct 'Cache-Control', 'ETag/Last-Modified', 'Vary'.
3. Cache key without "noise," cookie stripping, whitelists.
4. Tiered caching + origin shield by region.
5. Purge by tags/prefixes, soft purge, prewarm procedures.
6. Edge functions: normalization, geo-logic, Signed URLs.
7. Image optimization (WebP/AVIF/resize), HLS segments for video.
8. WAF/bot filters, geo-constraints, mTLS to origin.
9. SLO boards: TTFB, Hit Ratio, Offload, transformation errors.
10. FinOps reports: $/GB, dear MISS, egress leading regions.

17) Anti-patterns

'no-cache'is everywhere "just in case."

The cache key includes all query/headers → zero Hit Ratio.
Cookie-dependent responses for static (breaks the entire cache).
Clear the entire CDN on each release.
Long synchronous transformations on the edge during peaks.
Absence of 'stale-while-revalidate '/' stale-if-error' - sharp degradation of UX.
Caching of personal data/responses without 'no-store'.

18) iGaming context/fintech: practical notes

Tournaments/events: short TTL on leaderboards (2-10 sec) + SWR; prewarm game cards and banners.
Geo-licensing: edge-locks/redirects by country, currency/locale in cache key.
Promo and coupons: we cache banners/conditions, but not personal limits.
Responsible games: policy/limits pages - semi-static with SWR; personal data - only 'no-store'.
PSP/KYC webhooks: not via CDN, or edge-pass-through without cache and with hard timeouts.

Result

A strong CDN strategy is correct headers and cache key, tiered/shield for MISS reduction, edge features for normalization and protection, disability/warming for quick releases, and observability with SLO and FinOps. By adhering to these principles, you will have a fast and economical perimeter that will withstand peaks and make TTFB predictable for users and partners.