What is a CDN (Content Delivery Network)? How It Works, Examples

What is a CDN (Content Delivery Network)?

A Content Delivery Network (CDN) is a globally-distributed system of edge servers that cache copies of website content (HTML, images, JavaScript, CSS, video, fonts) close to end users. When a user requests a page, the CDN serves the cached content from the nearest edge server rather than fetching it from the origin server thousands of kilometers away. The result: faster page loads, lower origin server load, better resilience to traffic spikes, and improved reliability when individual servers fail.

Major CDN providers include Cloudflare, Akamai, AWS CloudFront, Fastly, Google Cloud CDN, and Bunny.net. Each operates hundreds of edge locations across continents — the closer the edge server is to the user, the lower the round-trip time.

How a CDN works

The flow when a user requests a page over a CDN:

1. User requests a URL. Browser asks for https://example.com/image.jpg.
2. DNS routes to nearest edge. CDN's DNS responds with the IP of the closest edge server (using anycast routing or geographic DNS).
3. Edge checks its cache. Cache HIT: edge serves the file directly to the user — no origin trip. Cache MISS: edge fetches from origin (or a regional cache), stores it locally, and serves to the user.
4. Subsequent users get the cached copy. Until the cache TTL expires or content is purged.

The cache hit ratio (% of requests served from cache) is the primary CDN performance metric. A well-configured CDN routinely achieves 90%+ cache hit ratios for static content, dramatically reducing origin load.

Why use a CDN?

• Lower latency. A user in Tokyo fetching from a US-east origin sees ~150ms RTT minimum. From a Tokyo edge: ~10ms. Page-load times typically drop 30-60%.
• Reduced origin load. If 95% of requests are served from edge cache, your origin handles 1/20th the traffic. Smaller, cheaper infrastructure.
• Bandwidth cost savings. CDN bandwidth is typically cheaper than serving from a single cloud region.
• DDoS mitigation. CDNs absorb traffic spikes (legitimate or malicious) at the edge before they reach your origin. Most include built-in DDoS protection.
• Geographic resilience. If one edge location fails, traffic routes to the next nearest. Origin outages are partially masked if cached content is still available.
• HTTPS termination. CDN handles TLS at the edge. You can use modern TLS protocols (TLS 1.3, HTTP/3) without upgrading every origin server.
• Image optimization, compression. Many CDNs auto-compress, convert WebP/AVIF, and resize on-the-fly.

What CDNs cache (and don't)

The Cache-Control HTTP header is the primary mechanism for controlling what's cacheable: public, max-age=86400 means "cache for 1 day at any level". no-store means "don't cache anywhere".

CDN architectures: edge, regional, origin

Modern CDNs use a multi-tier architecture:

• Edge tier. Hundreds of small servers in cities worldwide (Cloudflare: 300+; Akamai: 4,000+). Closest to users; serves cache hits.
• Regional/shield tier. Larger consolidation servers in fewer locations. Edge cache misses go here before the origin — increases cache hit ratio at origin level.
• Origin. Your actual application server. Receives only requests that miss both edge and shield caches.

Major CDN providers compared

Common CDN issues

• Stale cache after deploys. Old asset version still served from edge. Solutions: content-hash filenames (app.a3f7e9.js), cache invalidation API calls on deploy.
• Wrong cache policy on dynamic content. Caching personalized pages = users seeing each other's data. Always set private, no-cache on user-specific responses.
• Cookie-vary explosion. Caching responses keyed by cookie value creates millions of cache entries. Strip non-essential cookies before caching.
• HTTPS misconfiguration. CDN's cert mismatches origin's, mixed-content warnings on some pages.
• Overly aggressive caching. Long TTLs on user-facing content = slow update propagation. Balance TTL with refresh frequency.
• Origin overload during cache stampede. When TTL expires, all edges fetch from origin simultaneously. Use stale-while-revalidate or origin shield to absorb the spike.

CDN security features

• DDoS protection. CDNs absorb volumetric attacks (Cloudflare: 248 Gbps mitigated; Akamai handles much larger). Layer 7 DDoS (HTTP flood) requires more sophisticated WAF rules.
• Web Application Firewall (WAF). Block OWASP Top 10 attack patterns at the edge before requests reach origin.
• Bot management. Identify and rate-limit or block scrapers, credential-stuffing, fake account creation.
• Rate limiting. Per-IP or per-token request rate caps to prevent abuse.
• HTTPS enforcement. Auto-redirect HTTP to HTTPS at the edge.

CDN performance metrics to track

• Cache hit ratio. % of requests served from cache. Target: 90%+ for static content.
• Time to First Byte (TTFB) at edge. Should be under 200ms globally.
• Origin offload. % of bandwidth absorbed by CDN vs reaching origin.
• Per-region latency. p50, p95, p99 response times by user geography.
• Bandwidth costs. By region (some regions cost 5x more than others).
• Error rates by status code. 5xx spikes can indicate origin issues; 4xx spikes indicate misconfiguration.

FAQ: CDN

Do I need a CDN if my site is small?

If users are in one geographic region near your origin, maybe not. If users are global or you want resilience, yes. Cloudflare's free tier makes the cost barrier essentially zero.

Can a CDN cache API responses?

Yes, with care. Read-only API responses (GET /products) cache well. Per-user data (GET /me) shouldn't be cached. Use Cache-Control + Vary headers carefully.

How do I invalidate cached content after a deploy?

Two patterns: (1) versioned URLs with content hashes (app.a3f7e9.js) — old version stays cached, new version has new URL; (2) explicit purge via CDN API after deploy. Pattern 1 is more reliable.

What's the difference between a CDN and edge computing?

A CDN serves cached static content from edge locations. Edge computing (Cloudflare Workers, AWS Lambda@Edge, Fastly Compute@Edge) runs code at edge locations — dynamic logic close to users.

How does a CDN reduce DDoS risk?

Volumetric attacks are absorbed at the edge before reaching your origin. CDN providers maintain massive backbone capacity (Tbps); a typical attack of 10-100 Gbps is trivial for them. Layer 7 (HTTP) attacks need additional WAF rules.

Does using a CDN affect SEO?

Positively, if configured correctly. Faster page loads improve Core Web Vitals (a Google ranking signal). Make sure: HTTPS works, redirects don't loop, robots.txt is accessible, and edge caching doesn't serve outdated meta tags.

Test CDN performance with LoadFocus

If you're benchmarking CDN performance — measuring p95 latency from multiple regions, validating cache hit ratios, or testing DDoS protection thresholds — LoadFocus runs page speed monitoring + load testing from 25+ cloud regions. Sign up for a free tier at loadfocus.com/signup — no credit card — and run your first multi-region CDN test in under 5 minutes.