Skip to main content
Warning This document has not been updated for a while now. It may be out of date.
Last updated: 3 Aug 2022

Purge a page from cache

The domain is served through Fastly, which honours the cache control headers sent by GOV.UK’s running instance of Varnish. Most pages are set with cache headers of 5 minutes, so when new changes are published it may take 5 minutes for users to see those changes.

You can check the cache headers of a page with a curl command:

$ curl -sI | grep "cache-control: \|age: \|x-cache"
age: 107
cache-control: max-age=300, public,private
x-cache: MISS, HIT
x-cache-hits: 1


  • age is time since the resource was cached
  • cache-control dictates how long a resource can be cached for
  • x-cache indicates whether the request was served from a cache (the two values are GOV.UK’s internal varnish and Fastly CDN - a result of MISS, HIT indicates that Fastly CDN was a cache hit, and when Fastly CDN originally requested GOV.UK’s varnish this was a cache miss),
  • x-cache-hits is the amount of cache hits on the CDN point of presence.

If an item is seemingly cached longer than expected or needs to be urgently removed from the cache, you can manually remove it by purging our caches.

Purging a page from the cache

There is a Jenkins task to clear an item from the Fastly CDN and GOV.UK internal varnish cache.

If you enter a path (e.g. /vat-rates) it will remove the item from both caches. For resources that are not on, such as assets, you can enter a full URL (e.g. and this will remove them from Fastly - these items are not stored in the GOV.UK internal varnish.

Purging a page from Fastly manually (e.g. if GOV.UK Production is dead)

To purge content on the Fastly cache nodes, use the PURGE method against the URL you wish to purge, passing the correct Fastly API token for the environment.

First, connect to the GDS VPN if you’re out of the office or on GovWiFi. Our Fastly account is configured with an IP allowlist, preventing access to the Fastly website or API from outside the GDS network.

Next, extract the Fastly API token. Check out the govuk-secrets repo, install dependencies with bundle install, cd into the puppet_aws directory, and run the following command, replacing production with a different environment if required:

$ bundle exec rake 'eyaml:decrypt_value[production,govuk_jenkins::jobs::clear_cdn_cache::fastly_api_token]'

You may be prompted to enter the password for your keychain.

You can then issue a PURGE request to Fastly using the following command (replacing FASTLY_API_TOKEN with the token retrieved in the previous step).

Note: this request must be issued over HTTPS to prevent the Fastly API token from being sent as plaintext.

$ curl -H "Fastly-Key: FASTLY_API_TOKEN" -XPURGE

You should receive { "status": "ok" } returned as a response. If not, you may wish to request more verbose output using the -i switch:

$ curl -i -H "Fastly-Key: FASTLY_API_TOKEN" -XPURGE

Full Edge Flush on Fastly

There are two steps involved in flushing everything; our origin (the cache servers) followed by Fastly.

If possible, speak to a member of the senior tech team before doing this, to evaluate the risk.

To flush our origin, ssh onto each cache and draft_cache box in turn and run the following command:

$ sudo varnishadm 'ban req.url ~ .'

This invalidates all current cached objects in varnish. Note that this will not delete existing objects but does present them from being served. We use it instead of purging because it’s more efficient when invalidating a large number of objects, i.e. all objects.


Once this is done move on to Fastly. This can only be done through the Fastly UI - if you don’t have access, speak to a member of the senior tech team.

Within the UI you reach the purge all functionality.

  • Click “Configure”
  • Choose the correct service in the service drop down
  • Click on the “Purge” drop down
  • Click on “Purge All”