---
title: "Configuring Platform CDN with Drupal 7 and Cache Control Headers"
date: "2022-06-30T14:35:05+00:00"
summary:
image:
type: "article"
url: "/acquia-cloud-platform/help/94061-configuring-platform-cdn-drupal-7-and-cache-control-headers"
id: "cd479853-634b-4f40-bf8b-414fb653f6dc"
---

Better control over cached objects in Drupal 7 can be achieved by installing the following modules:

*   [Acquia Purge](https://www.drupal.org/project/acquia_purge)
*   [Cache Expiration (expire)](https://www.drupal.org/project/expire)
*   [Chaos Tools Suite (ctools)](https://www.drupal.org/project/ctools)
*   [HTTP Response Headers](https://www.drupal.org/project/http_response_headers)

The Acquia Purge and Cache Expiration modules combine to create a cache invalidation approach for objects cached in Acquia Varnish. 

Note: Static assets such as CSS fonts, images and Javascript files are given Cache-Control headers by the Apache web server, and are cached for 2 weeks by default.

If you are a Platform CDN user, you may want broader control over objects cached in the CDN. Install the Chaos Tools Suite and HTTP Response Headers modules.

If you are manually installing these modules copy them into the contrib folder like so:

    ~/dev/d7cdnsandbox/docroot/sites/all/modules/contrib>tree -d -L 1
                      .
                      ├── acquia_purge
                      ├── ctools
                      ├── expire
                      └── http_response_headers

Once you have installed the modules, open your site and visit admin/modules. Complete the installation and configuration of the _Acquia Purge_ and _Cache Expiration_ modules by following these instructions: [Installing Acquia Purge and Expires modules on D7](/node/94206), [Configuring Acquia Purge on D7](/node/92161), and the corresponding [FAQ Page](/node/94111).

To configure _HTTP Response Headers_, visit the _Chaos Tools Suite_ section, and enable '_Chaos Tools_'.  In the _Other_ section, enable '_HTTP Response Headers_' and '_HTTP Response Headers UI_'.

Next, navigate to _admin/config/system/http-response-headers:_

*   Click on the _Settings_ tab. 
*   Select 'Cache-Control' as an allowed header.  Save configuration.
*   In the 'List' tab, click 'add' and set:
    *   Description: Cache-Control
    *   HTTP Header: Cache-Control (this is the header that you \*allowed\* in the previous step)
    *   HTTP Header Value: 
    *   **max-age**\=60, **s-maxage**\=1209600 
    *   Visibility settings: (leave default)

![Screenshot of a Drupal admin page for editing HTTP response header rules, showing warning about a security update and configuration options.](https://acquia.widen.net/content/e78d0c50-bb5f-4584-9be3-fec82558f53f/web/ka06g000001tx6F00N6g00000VCdgi0EM6g000003Bu6n.png)

The _Cache-Control_ header sets the following directives in Acquia Varnish:

*   **s-maxage=1209600**: Cache objects in Varnish for two weeks (1209600 seconds)
*   **max-age=60:** Cache objects in the browser for 60 seconds. 

The long _Time-To-Live_ (TTL) at Acquia Varnish (1209600 seconds) is desirable because _most_ cached paths at Acquia Varnish are expired by the Acquia Purge and Cache Expiration modules whenever content changes. The shorter TTL at the browser (60) is desirable because your application has no way to purge the browser cache.

Now repeat the steps above to set the Surrogate Control header:

*   Click on the _Settings_ tab. 
*   Select 'Surrogate-Control' as an allowed header.  Save configuration.
*   In the 'List' tab, click 'add' and set:
    *   Description: Surrogate-Control
    *   HTTP Header: Surrogate-Control (this is the header that you \*allowed\* in the previous step)
    *   HTTP Header Value: 
    *   **max-age**\=180
    *   Visibility settings: (leave default)

![Screenshot of a Drupal admin page showing HTTP response headers settings, with a warning about an unavailable security update.](https://acquia.widen.net/content/c7fa87b6-cdc7-4ef5-a102-622b2037e809/web/ka06g000001tx6F00N6g00000VCdgi0EM6g000002WnMR.png)

![Screenshot of a Drupal admin interface showing a configuration page for editing HTTP response header rules, with fields for description and visibility settings.](https://acquia.widen.net/content/73bafb70-092b-4746-b904-3fc192e74b85/web/ka06g000001tx6F00N6g00000VCdgi0EM6g000003Bu6s.png)

This will set the _Surrogate-Control_ header for dynamic content to: \`_Surrogate-Control: max-age=180_\`.  This header instructs Platform CDN to cache objects for three minutes (180 seconds). This short cache lifetime is desirable because D7 has no way to purge individual paths from Platform CDN, so setting a low TTL at the edge ensures that the oldest age of any cached object will be, at most, three minutes.

_Note:_ When testing, you may want to set the Surrogate-Control header to a very low value (1-5 seconds). The CDN strips the Surrogate-Control header on arrival, so you will never see the header in a _curl_ response. Instead, set a low TTL, then test by changing content on a page, clearing your browser cache and visiting the page in an anonymous seion (i.e., a Chrome incognito browser session). After your tests are complete, change the _Surrogate-Control: max-age_ directive to as high a TTL as tolerable.  
  
You may need to purge all caches if you want these changes to take effect immediately rather than waiting for the current cached pages to expire.

For information about how the Drupal application sets cache headers see these articles:

[https://www.drupal.org/docs/8/api/responses/cacheableresponseinterface#debugging](https://www.drupal.org/docs/8/api/responses/cacheableresponseinterface#debugging)

[https://www.drupal.org/project/renderviz](https://www.drupal.org/project/renderviz)