By default, Cloud CDN will cache static content – including web assets and video files – that are not explicitly marked as private for the configured default time to live (TTL), without requiring any changes at your origin.

If you decide to use the Cache-Control headers, Cloud CDN will only cache responses with valid cache directives contained in the HTTP response header.

Invalidating a pattern before the TTL expiration:

Use the gsutil setmeta command to apply Cache-Control headers to a specific object.

gsutil setmeta -h "Cache-Control: private, no-cache" gs://your-bucket-name/your-object-name

➜  stuff curl -I http://34.117.35.80/cdn.png

HTTP/1.1 200 OK
date: Sat, 23 Nov 2024 01:42:59 GMT
cache-control: private, no-cache
expires: Sun, 23 Nov 2025 01:42:59 GMT
last-modified: Sat, 23 Nov 2024 00:51:38 GMT
etag: "f798c12ac77d1be173e6d13ffb4fa3a8"
x-goog-generation: 1732323098687904
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 307676
content-type: image/png
x-goog-hash: crc32c=eit3hQ==
x-goog-hash: md5=95jBKsd9G+Fz5tE/+0+jqA==
x-goog-storage-class: STANDARD
accept-ranges: bytes
Content-Length: 307676
x-guploader-uploadid: AFiumC75bXg036ErLq2O7hbdm-Rx_QHKo9byXxOlVuAasD4p7bvNtSueZULTF2Mvawj1kcFQKWgB0n8VyQ
server: UploadServer
via: 1.1 google

gsutil defstorageclass set <storage-class> -h "Cache-Control: private, no-cache" gs://your-bucket-name

For authenticated resources (that should not be cached):

Cache-Control: private, no-cache, no-store
Vary: Authorization