The Problem CDNs Solve
Physics limits how fast data can travel. Light through fibre covers roughly 200km per millisecond. A user in London requesting an image from a server in Mumbai adds ~70ms of latency just for the round trip — before any processing. With a CDN edge node in London, that same image is served in ~5ms.
Multiply this by every asset on a page (dozens of images, CSS, JS files) and the difference between a CDN-served and non-CDN-served site is often 2–5 seconds of load time.
How a CDN Request Works
- First request (cache miss): User in London requests
example.com/logo.png. DNS resolves to the nearest CDN edge node (also London). Edge node does not have the file — it fetches from origin server (Mumbai), caches it locally, returns it to the user. - Subsequent requests (cache hit): Next user in London requests the same file. Edge node serves it directly from its cache — origin server never contacted. Response time: ~5ms vs ~70ms.
- Cache expiry: After the TTL expires (e.g. 24 hours), the next request triggers a fresh fetch from origin.
CDN Benefits
- Speed: Assets served from nearest edge node — lower latency for all global users
- Origin offload: 80–95% of static asset requests never reach your origin server
- Scalability: CDN absorbs traffic spikes — if your site goes viral, CDN serves the load
- DDoS protection: Distributed edge absorbs attack traffic; hides origin IP
- Availability: If origin is down, cached content may still be served
- HTTPS termination: CDN handles TLS at the edge — reduces TLS overhead on origin
Cache Control Headers
You control what CDNs cache and for how long via HTTP response headers from your origin:
| Header | Example | Effect |
|---|---|---|
| Cache-Control | public, max-age=31536000 | CDN and browsers cache for 1 year |
| Cache-Control | no-store | Never cache — always fetch from origin |
| Cache-Control | private, max-age=3600 | Browser caches, CDN does not |
| ETag | "abc123" | Fingerprint for conditional requests |
| Surrogate-Control | max-age=86400 | CDN-specific TTL (overrides Cache-Control for CDN) |
Cache Invalidation Strategies
- URL versioning (best): Append content hash to filename —
app.a3f4b2.js. New deploy = new filename = cache miss automatically. Old URL cached indefinitely. - Query string:
logo.png?v=2— simple but some CDNs ignore query strings by default - Manual purge: Use CDN API/dashboard to purge specific URLs or entire cache on deploy
- Short TTL: Set
max-age=300— changes propagate within 5 minutes. Trade-off: more origin hits.
⚠️ Don't Cache Personalised or Private Content
Only cache content that is the same for all users. Never put Cache-Control: public on responses containing user-specific data (user profiles, cart contents, authenticated pages). Set Cache-Control: private or no-store for these.
Popular CDN Providers
| CDN | PoPs | Free Tier | Best For |
|---|---|---|---|
| Cloudflare | 300+ | Yes (unlimited bandwidth) | Most sites — easiest setup |
| AWS CloudFront | 450+ | 1TB/mo first year | AWS-native apps (S3, EC2) |
| Fastly | 80+ | No | Sub-second purge, edge compute |
| BunnyCDN | 120+ | No (cheap — $0.01/GB) | Budget-friendly, easy pricing |
| Vercel Edge | Cloudflare-backed | Yes | Next.js / frontend frameworks |
💡 Start with Cloudflare Free
Cloudflare's free tier provides CDN, DDoS protection, and automatic HTTPS for any domain — just change your DNS nameservers. It is the fastest path from zero CDN to production-grade delivery, with no bandwidth limits and no credit card required.
How We Research and Update This Guide
We test the underlying formula or workflow, compare outputs with reliable references, and revise examples whenever the page content changes.
- The workflow or formula is tested directly in the tool and compared against independent reference examples.
- Examples are kept practical so readers can verify the result without hidden assumptions.
- Pages are revised whenever the interface, calculation flow, or surrounding guidance materially changes.
Frequently Asked Questions — CDN
A CDN (Content Delivery Network) is a globally distributed network of servers that cache and serve your static content (images, CSS, JS, videos) from locations physically close to your users. Instead of every visitor fetching files from your origin server in one location (e.g. Mumbai), they fetch from the nearest CDN edge node (e.g. London for UK users). Less distance = less latency = faster page loads.
The origin server is your actual web server — where your application runs and where files originally live. CDN edge nodes (also called Points of Presence or PoPs) are caches distributed globally. When a user requests a file: if it is cached at the nearest edge node, it is served directly from there (cache hit). If not cached, the edge node fetches it from the origin, caches it, and serves it (cache miss). Subsequent requests from the same region hit the cache.
CDNs excel at static assets that change infrequently: images (PNG, WebP, JPEG), CSS stylesheets, JavaScript bundles, web fonts, video files, PDF downloads, and software installers. Dynamic content (personalised HTML, API responses with user-specific data) is harder to cache effectively and often served from origin, though some CDNs (Cloudflare Workers, AWS Lambda@Edge) can handle dynamic logic at the edge too.
When you update a file, the CDN still serves the old cached version until the TTL expires or you explicitly invalidate it. CDN cache invalidation is the process of purging old cached content and forcing a fresh fetch from origin. Methods: (1) URL versioning — append ?v=2 or use hashed filenames (app.a3f4b.js) — the new URL bypasses cache automatically. (2) Manual purge via CDN dashboard/API. (3) Set short TTL for files that change frequently.
Yes — CDNs provide significant DDoS mitigation. The CDN absorbs traffic across hundreds of edge nodes, distributing the load so no single point is overwhelmed. CDNs also hide your origin server's IP address — attackers cannot target it directly if they only know your CDN domain. Services like Cloudflare include built-in DDoS protection that automatically detects and drops malicious traffic at the edge.
Cloudflare is the most widely used — free tier available, very easy setup (change DNS, done), 300+ PoPs, includes DDoS protection and WAF. AWS CloudFront is tightly integrated with AWS services (S3, EC2, Lambda) — best if you are already on AWS. Fastly is favoured for advanced edge computing and instant cache purge (sub-second global purge, unlike CloudFront's 5-15 min). All three are enterprise-grade; choice depends on your existing stack and requirements.