Cloud CDN is not separating PC and SP caches prope...

yatsuda_retbit · 02-24-2025 09:29 AM

Cloud CDN is not separating PC and SP caches properly

Current Configuration
We are using Cloud CDN and trying to separate the cache for PC and SP (smartphone) users with the following configurations:

1. Adding the `X-Device-Type` header via Cloud Armor
- `User-Agent` is checked, and `X-Device-Type: pc` is added for PC users, while `X-Device-Type: mobile` is added for SP users.
- Verified that this is applied correctly using:

gcloud compute security-policies describe pc-sp-separation-policy --format=json

- CakePHP 2 also retrieves the `X-Device-Type` header and includes it in the response with `Vary: X-Device-Type`.

2. Adding `X-Device-Type` to the Cloud CDN cache key

gcloud compute backend-services update exsample \
--global \
--cache-key-include-http-header="X-Device-Type"

- Confirmed that `X-Device-Type` is included in the cache key via:

gcloud compute backend-services describe exsample --global --format=json | jq '.cdnPolicy.cacheKeyPolicy'

3. Confirming response headers
We verified that Cloud Armor successfully adds the `X-Device-Type` header by checking CakePHP 2 logs and response headers:

curl -I -H "User-Agent: Mozilla/5.0 (iPhone)" https://exsample.com/

Response:

HTTP/2 200
cache-control: public, max-age=30
vary: X-Device-Type
content-type: text/html; charset=UTF-8
x-device-type: mobile

---

Issue
Even after implementing the above settings, the cache is not being separated properly.

- When accessing from a PC, the response is cached.
- When accessing from an SP device afterward, the PC-cached response is returned (instead of a separate cache for SP).
- The Cloud CDN log (`cacheDecision`) does not show `INCLUDE_HTTP_HEADER`, which might indicate that `X-Device-Type` is not included in the cache key.

---

Question
Is there anything missing in the configuration to ensure Cloud CDN properly separates caches for PC and SP?

---

diannemcm

Hi @yatsuda_retbit,

Welcome to Google Cloud Community!

It is essential to configure the cache key to include the X-Device-Type header to ensure that Google Cloud CDN properly differentiates cache entries.

Here are steps you may check during troubleshooting:

Verify that X-Device-Type is included in the cache key - If the header isn't in the cache key, Cloud CDN will simply use the URL to determine if the content is cached, leading to the shared cache you're observing.
Check the cache decision logs to verify if X-Device-Type is included. Look for the cacheDecision field, and ensure X-Device-Type is being considered in the caching process.
Ensure the X-Device-Type header is injected before Cloud CDN caches the response. - If Cloud CDN caches the response before the X-Device-Type header is added by Cloud Armor, it may not use this header in the cache key. Make sure that Cloud Armor injects the header at the appropriate stage.
Verify if Cloud CDN receives the header before caching.
Invalidate cached content to clear any previous incorrect caching(If Necessary) - If incorrect cache entries exist due to previous configurations, purge the existing cache to start fresh.

For more detailed information, you may check on customizing cache keys and caching behavior.

It is recommended to reach out directly to the Google Cloud Support team so they can provide in-depth assistance needed for this issue.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.