CDN Configuration Generator
Generate CDN cache config for Cloudflare, CloudFront, Fastly, or plain headers.
Written by Golam Rabbani, Founder & Lead Engineer
How to use this cdn configuration generator
- Pick a provider — Cloudflare, AWS CloudFront, Fastly, or "Plain HTTP headers" for a portable set.
- Enter your origin domain (the server the CDN pulls from) and the cache lengths for static assets and HTML.
- List bypass-cache paths (e.g. /api/*, /wp-admin/*) — one per line.
- Tick the options you want: Force HTTPS, Brotli, HTTP/3, strip cookies on static assets, security headers, HSTS.
- Click Generate and Copy config, then paste it into the relevant dashboard, distribution JSON, or VCL file.
About this cdn configuration generator
The CDN configuration generator produces a cache and edge configuration for the provider you actually use. Cloudflare output is a set of Page Rules plus zone toggle recommendations. CloudFront output is a partial distribution config JSON with origins, default cache behaviour, path-specific behaviours, and a response-headers policy. Fastly output is a full VCL file with `vcl_recv`, `vcl_fetch`, and `vcl_deliver` subroutines. The "Plain HTTP headers" target gives portable `Cache-Control`, `Vary`, and security header snippets you can apply at any layer.
Defaults are tuned for typical web apps: 30-day immutable cache for fingerprinted static assets (css/js/woff2/images), 5-minute edge cache for HTML with stale-while-revalidate, HSTS pre-load eligibility (`max-age=63072000; includeSubDomains; preload`), `X-Content-Type-Options: nosniff`, `X-Frame-Options: SAMEORIGIN`, and `Referrer-Policy: strict-origin-when-cross-origin`.
As a worked example, target Cloudflare for origin `origin.example.com` with 30 days static, 5 minutes HTML, bypass paths `/api/*` and `/wp-admin/*`, and all toggles on produces a numbered list of Page Rules — first a Bypass cache rule on `/api/*` and `/wp-admin/*`, then a Cache Everything rule for static asset extensions with Edge/Browser TTL `2592000s`, then a standard cache rule for HTML at `300s` — followed by suggested zone toggles (Always Use HTTPS ON, HSTS ON, Brotli ON, HTTP/3 ON). Generation runs entirely in the browser; nothing is sent anywhere.
FAQ
- Why does the static-asset cache use immutable?
- When asset filenames are content-hashed (e.g. `main.4f2b8a.js`), the file at that URL never changes — a new build emits a new hash. Adding `immutable` tells browsers not to revalidate on reload, which removes a round trip per asset. Drop it if your filenames are not hashed.
- Why strip cookies on static assets at the CDN?
- Most CDNs key the cache on the cookie header by default. A logged-in user with a unique session cookie effectively gets their own cache entry, killing hit-rate for shared assets. Stripping cookies on `*.css`, `*.js`, `*.woff2`, etc. lets every visitor share the same cached copy.
- Is HTTP/3 safe to enable?
- Yes — modern browsers (Chrome, Edge, Firefox, Safari) all support HTTP/3 with QUIC. The CDN negotiates the protocol on a per-connection basis; clients that do not support it fall back to HTTP/2 or HTTP/1.1 automatically. The toggle here recommends enabling it at the zone or distribution level.
- What does the CloudFront output need before I can deploy it?
- It is a starting point — fill in the missing identifiers (e.g. `CallerReference`, real `PriceClass`, origin access settings if private). Use it as a base for `aws cloudfront create-distribution --distribution-config file://config.json`, or paste the values into Terraform `aws_cloudfront_distribution`.
- Does the generator send my origin or settings anywhere?
- No. The configuration is built locally in your browser. The origin domain, cache lengths, and bypass paths are never uploaded.
- Is this CDN configuration generator free to use?
- Yes, it is completely free with no account, no signup, and no usage limits.