How is Negative Caching used in practice?

See real-world examples and code snippets on the Negative Caching glossary page at CDN Certified.

What concepts are related to Negative Caching?

Related terms include: max-age.

Negative Caching

Caching

Caching error responses (404, 500, 502, etc.) for a short TTL to prevent repeated requests for broken or missing resources from hammering the origin. Trades freshness for origin protection.

Updated Mar 9, 2026

Full Explanation

When a resource returns a 404 or 500, most CDNs pass that error through without caching it. That means every subsequent request for the same broken URL hits the origin again. If a popular page goes down or a bot crawls thousands of nonexistent URLs, your origin gets hammered with requests that all return errors.

Negative caching stores those error responses for a short time (typically 1–60 seconds). The next request for the same broken URL gets the cached error instead of hitting origin. This protects your origin during incidents and reduces load from broken link crawlers.

The tradeoff is that if you fix the error, the fix won't be visible until the negative cache TTL expires. Keep negative cache TTLs short (5–30 seconds is common) to balance protection with recovery speed. Some CDNs let you configure different TTLs per status code.

Examples

CloudFront negative caching (Terraform):

resource "aws_cloudfront_distribution" "cdn" {
  custom_error_response {
    error_code            = 404
    error_caching_min_ttl = 10  # seconds
  }
  custom_error_response {
    error_code            = 500
    error_caching_min_ttl = 5
  }
  custom_error_response {
    error_code            = 502
    error_caching_min_ttl = 5
  }
}

Nginx negative caching:

# Cache 404s for 10 seconds, 500s for 5 seconds
proxy_cache_valid 404 10s;
proxy_cache_valid 500 502 503 5s;

# Or in Varnish
sub vcl_backend_response {
    if (beresp.status == 404) {
        set beresp.ttl = 10s;
    } else if (beresp.status >= 500) {
        set beresp.ttl = 5s;
    }
}

Frequently Asked Questions

Caching error responses (404, 500, 502, etc.) for a short TTL to prevent repeated requests for broken or missing resources from hammering the origin. Trades freshness for origin protection.

CloudFront negative caching (Terraform):

resource "aws_cloudfront_distribution" "cdn" {
  custom_error_response {
    error_code            = 404
    error_caching_min_ttl = 10  # seconds
  }
  custom_error_response {
    error_code            = 500
    error_caching_min_ttl = 5
  }
  custom_error_response {
    error_code            = 502
    error_caching_min_ttl = 5
  }
}

Nginx negative caching:

# Cache 404s for 10 seconds, 500s for 5 seconds
proxy_cache_valid 404 10s;
proxy_cache_valid 500 502 503 5s;

# Or in Varnish
sub vcl_backend_response {
    if (beresp.status == 404) {
        set beresp.ttl = 10s;
    } else if (beresp.status >= 500) {
        set beresp.ttl = 5s;
    }
}

Related CDN concepts include:

max-age — Specifies the maximum time in seconds that a response is considered fresh. Applies to all …

Previous Term must-revalidate

Next Term OCSP Stapling

Back to Glossary