TechPlained
Cloud

What Is a CDN and Why You Need One

A practical guide to Content Delivery Networks covering how CDNs work, edge servers, caching strategies, cache invalidation, provider pricing, and step-by-step setup instructions.

A
Abhishek Patel12 min read

Infrastructure engineer with 10+ years building production systems on AWS, GCP,…

TweetLinkedIn Email
What Is a CDN and Why You Need One
What Is a CDN and Why You Need One

Your Users Are Waiting -- And It's Your Server's Fault

Every millisecond of latency costs you money. Amazon famously found that 100ms of added latency reduced sales by 1%. Google discovered an extra 500ms in search page load dropped traffic by 20%. If your app serves users across multiple countries from a single origin server, you're shipping packets across oceans and back -- adding 200-400ms of pure network latency before your server even starts processing the request.

A Content Delivery Network (CDN) fixes this by putting copies of your content on servers distributed around the world. Instead of every request traveling to your origin in us-east-1, users get served from a nearby edge location. I've watched CDN deployments cut Time to First Byte (TTFB) from 800ms to under 50ms for international users. That's not a minor optimization -- it's a fundamentally different user experience.

What Exactly Is a CDN?

Definition: A Content Delivery Network (CDN) is a geographically distributed network of proxy servers and data centers that caches and delivers content from locations physically closer to end users. CDNs reduce latency, offload traffic from origin servers, and improve availability by distributing requests across multiple edge nodes called Points of Presence (PoPs).

Think of it like this: without a CDN, your website is a single restaurant in one city. Every customer worldwide has to travel to that one location. A CDN is like opening franchise locations everywhere -- same menu, but customers go to the nearest one. The original restaurant (your origin server) still creates the recipes, but the franchises handle most of the serving.

The global CDN market hit $22.1 billion in 2025 and is projected to reach $45 billion by 2030. That growth reflects a simple reality: serving content from a single origin doesn't scale. Modern CDNs handle over 50% of all internet traffic. Cloudflare alone processes more than 57 million HTTP requests per second as of early 2026.

How CDNs Work: The Core Concepts

Edge Servers and Points of Presence (PoPs)

A PoP is a physical data center location where a CDN has servers. Cloudflare operates 310+ PoPs in over 120 countries. AWS CloudFront has 600+ PoPs across 90+ cities. Fastly runs 91 PoPs but strategically places them at major internet exchange points for faster peering. When a user in Mumbai requests your CSS file, the CDN serves it from its Mumbai PoP instead of your origin server in Virginia. The difference? ~20ms vs ~250ms round-trip.

Caching and Cache Keys

CDNs cache content based on cache keys -- typically the URL plus specific headers. When the first user in a region requests a resource, the CDN fetches it from your origin (a "cache miss"), stores a copy, and serves subsequent requests from that cache (a "cache hit"). Cache hit ratios above 95% are typical for static assets. A good CDN configuration achieves 85-95% overall hit rates including dynamic pages.

You control caching behavior through HTTP headers:

  • Cache-Control: max-age=31536000 -- cache for one year (use for fingerprinted assets like app.a1b2c3.js)
  • Cache-Control: s-maxage=3600, stale-while-revalidate=86400 -- CDN caches for 1 hour, serves stale content for up to 24 hours while revalidating in the background
  • Cache-Control: no-store -- never cache (for personalized or sensitive responses)
  • Surrogate-Control -- CDN-specific header that overrides Cache-Control for edge caching without affecting browser caching

Static vs. Dynamic Content

Static content -- images, CSS, JavaScript, fonts, videos -- is the CDN's bread and butter. These files don't change between users and cache perfectly. A single 2 MB hero image served to 100,000 users from cache saves 200 GB of origin bandwidth.

Dynamic content is harder. API responses, personalized pages, and real-time data can't simply be cached forever. But modern CDNs handle this too:

  • Edge compute -- Cloudflare Workers, CloudFront Functions, and Fastly Compute run code at the edge to generate or modify responses without hitting your origin
  • Micro-caching -- caching dynamic responses for just 1-5 seconds eliminates thundering herd problems during traffic spikes
  • Stale-while-revalidate -- serves cached content immediately while fetching a fresh copy in the background
  • Edge Side Includes (ESI) -- assembles pages from cached fragments, caching the static shell separately from dynamic components

Cache Invalidation

Cache invalidation is famously one of the two hard problems in computer science. When you update content on your origin, cached copies at edge nodes become stale. CDNs offer several invalidation strategies:

  • Purge by URL -- invalidate a specific resource across all PoPs. Cloudflare propagates purges globally in under 150ms. CloudFront takes 60-300 seconds.
  • Purge by tag/surrogate key -- tag related resources (e.g., all product images) and purge them as a group. Fastly pioneered this with instant purge in ~150ms globally.
  • Purge everything -- nuclear option. Clears the entire cache. Use sparingly -- it causes a thundering herd of cache misses hitting your origin simultaneously.
  • Versioned URLs -- the best strategy. Append a hash to filenames (style.a8f3b2.css). New deploys use new URLs, so old cached versions are simply never requested again. No purging needed.

Pro tip: Use versioned/fingerprinted URLs for static assets and set Cache-Control: max-age=31536000, immutable. This gives you perfect caching with zero invalidation headaches. Reserve purge-based invalidation for content that can't be fingerprinted, like HTML pages and API responses.

CDN Provider Pricing Comparison (2026)

CDN pricing varies wildly depending on bandwidth, request count, and which regions your traffic comes from. Here's what you'll actually pay for a site serving 10 TB/month with 100 million requests, primarily to North America and Europe:

ProviderBase PriceBandwidth (10 TB)Requests (100M)Estimated Total/Month
Cloudflare Free$0$0 (unlimited)$0$0
Cloudflare Pro$20/mo$0 (unlimited)$0$20
AWS CloudFront$0$850 ($0.085/GB)$75$925
Fastly$0$800 ($0.08/GB)$22$822
Bunny CDN$0$100 ($0.01/GB)$0$100
KeyCDN$0$40 ($0.004/GB)$0$40
Google Cloud CDN$0$850 ($0.08-0.12/GB)$75$925

The difference is dramatic. Cloudflare's free tier includes unlimited bandwidth -- it's genuinely free for most sites. That's not a loss leader; their business model monetizes enterprise features like WAF rules, bot management, and Workers. For bootstrapped startups and personal projects, Cloudflare Free is the obvious choice in 2026.

CloudFront and Fastly are premium-priced but offer capabilities that matter at scale: real-time log streaming, custom TLS certificates with dedicated IPs, programmable edge compute, and fine-grained cache control with surrogate keys. If you're on AWS already, CloudFront's free egress from S3 and tight Lambda@Edge integration can offset the bandwidth premium.

Watch out: CDN pricing for Asia-Pacific and South America regions is 2-4x more expensive than North America/Europe on most providers. CloudFront charges $0.14/GB for India vs. $0.085/GB for the US. If you have significant traffic from these regions, factor that into your estimates. Cloudflare and Bunny CDN don't charge regional premiums, making them significantly cheaper for globally distributed audiences.

How to Set Up a CDN: Step by Step

  1. Audit your current performance -- Run WebPageTest or Lighthouse from multiple global locations. Record your baseline TTFB, LCP, and total page weight. You need these numbers to measure improvement. Focus on regions where your users actually are, not just your local network.
  2. Choose a CDN provider -- For most projects, start with Cloudflare (free, easy setup, DNS-level integration). If you need AWS-native integration, use CloudFront. If you need programmable edge with sub-millisecond purging, consider Fastly. Match the provider to your actual requirements, not marketing pages.
  3. Configure DNS -- Point your domain to the CDN. With Cloudflare, you change your nameservers. With CloudFront, you create a CNAME record pointing to your distribution's .cloudfront.net domain. DNS propagation typically takes 5-30 minutes but can take up to 48 hours.
  4. Set up your origin -- Configure the CDN to fetch content from your origin server. Ensure your origin is healthy, has TLS configured, and returns proper Cache-Control headers. The CDN respects these headers by default -- garbage in, garbage out.
  5. Configure caching rules -- Set long TTLs (1 year) for fingerprinted static assets. Set shorter TTLs (1 hour to 1 day) for HTML pages. Set no-store for authenticated or personalized responses. Use stale-while-revalidate to prevent cache stampedes.
  6. Enable HTTPS -- Every CDN offers free TLS certificates via Let's Encrypt or their own CA. Enable HTTPS redirect, HSTS, and TLS 1.3. Cloudflare and Fastly support HTTP/3 (QUIC) out of the box -- enable it for lower connection latency.
  7. Test and validate -- Check response headers to verify caching works: look for cf-cache-status: HIT (Cloudflare), x-cache: Hit from cloudfront (CloudFront), or equivalent. Run WebPageTest again from the same locations and compare TTFB. You should see 50-80% improvement for users far from your origin.
  8. Monitor cache hit ratios -- Your CDN dashboard shows hit/miss ratios. Aim for 90%+ on static assets and 70%+ overall. If hit rates are low, check that your origin isn't sending Cache-Control: no-cache or Set-Cookie headers on cacheable resources -- these are the two most common CDN-defeating mistakes.

When You Don't Need a CDN

CDNs aren't universally necessary. Skip one if:

  • Your users are all in one geographic region and your server is there too -- a CDN adds a hop without reducing latency
  • Your content is 100% dynamic and personalized with no cacheable components
  • You're building an internal tool accessed only from your office network
  • Your total traffic is under 1,000 visitors/day and performance is acceptable

But honestly? Cloudflare's free tier costs nothing and takes 10 minutes to set up. Even if the caching benefit is marginal, you get DDoS protection, a WAF, and HTTP/3 support for free. There's almost no reason not to use it.

Frequently Asked Questions

What is the difference between a CDN and a web host?

A web host runs your application and generates responses. A CDN caches and distributes those responses from edge locations closer to users. They serve different purposes and work together. Your web host is the origin server -- it processes logic, queries databases, and builds pages. The CDN sits in front of it, intercepting requests that can be served from cache and only forwarding cache misses to the origin. You need both for a production application.

Does a CDN help with SEO?

Yes, indirectly. Google uses Core Web Vitals (LCP, INP, CLS) as ranking signals, and CDNs directly improve LCP by reducing TTFB. Sites with sub-200ms TTFB consistently rank higher than those above 800ms in competitive niches. Google has confirmed that page speed is a ranking factor since 2018 and doubled down with the Page Experience update in 2021. A CDN won't fix bad content, but it prevents slow loading from hurting otherwise good content.

Can a CDN protect against DDoS attacks?

Absolutely. Major CDNs absorb DDoS attacks as a core feature. Cloudflare has mitigated attacks exceeding 71 million requests per second (February 2023). CloudFront integrates with AWS Shield. Because CDN networks have massive aggregate bandwidth -- Cloudflare's network capacity exceeds 280 Tbps -- they can absorb volumetric attacks that would overwhelm any single origin server. Most CDN providers include basic DDoS protection at no extra cost.

How does a CDN handle HTTPS and SSL certificates?

Modern CDNs manage TLS certificates automatically. Cloudflare issues Universal SSL certificates for all domains on its network at no charge. CloudFront integrates with AWS Certificate Manager for free public certificates. The CDN terminates TLS at the edge, so the encryption/decryption happens close to the user. The connection from CDN to your origin can use a separate certificate. This edge termination also improves performance -- TLS handshakes are latency-sensitive, and doing them at a nearby PoP saves 1-2 round trips.

What is cache hit ratio and what's a good target?

Cache hit ratio is the percentage of requests served from CDN cache versus forwarded to your origin. A 90% hit ratio means 9 out of 10 requests never touch your origin. For static-heavy sites (blogs, marketing pages, documentation), target 95%+. For dynamic applications with some static assets, 70-85% is realistic. Below 50% means your caching configuration has problems -- usually incorrect Cache-Control headers, cookies on static assets, or query string variations creating unique cache keys for identical content.

Do CDNs work with APIs and dynamic content?

Yes, but differently than static content. API responses can be cached if they're not user-specific -- product catalogs, public feeds, and configuration endpoints are great candidates. Use short TTLs (10-60 seconds) with stale-while-revalidate for frequently updated data. For personalized API responses, CDNs still help: they reduce TLS handshake latency, enable connection reuse to origins via persistent connections, and edge compute platforms like Cloudflare Workers can process requests without a round trip to your origin at all.

How long does it take to set up a CDN?

With Cloudflare, you can go from zero to fully cached in under 30 minutes. Change your nameservers, wait for DNS propagation (usually 5-15 minutes), and Cloudflare automatically caches static assets with sensible defaults. CloudFront takes longer -- creating a distribution, configuring behaviors, and setting up DNS typically takes 1-2 hours for a first-time setup. The real time investment is tuning cache rules for your specific application, which is an ongoing process as you optimize hit ratios and handle edge cases.

Start With What Matters: Put a CDN in Front of Your Origin

A CDN is one of the highest-impact, lowest-effort performance improvements you can make. For most applications, signing up for Cloudflare's free tier and changing your nameservers delivers measurable improvements within an hour. You'll see lower TTFB, reduced origin load, free DDoS protection, and automatic HTTPS. Don't overthink the provider choice -- start with Cloudflare Free, measure the results, and only move to a paid solution when you hit specific limitations. The best CDN configuration is the one that's actually deployed, not the one you're still evaluating.

A

Written by

Abhishek Patel

Infrastructure engineer with 10+ years building production systems on AWS, GCP, and bare metal. Writes practical guides on cloud architecture, containers, networking, and Linux for developers who want to understand how things actually work under the hood.

Related Articles

Cloud

Render vs Railway vs Fly.io: PaaS Comparison (2026)

A detailed comparison of Render, Railway, and Fly.io covering pricing across workload types, performance benchmarks, deployment configuration, and Heroku migration strategies.

12 min read

Cloud

Best CDN Providers for India (2026)

India-specific CDN benchmarks from 8 cities across Jio, Airtel, BSNL, and Vi comparing Cloudflare, CloudFront, Google CDN, Fastly, Bunny CDN, and KeyCDN with TTFB data and INR pricing including GST.

13 min read

Cloud

Best CDN Providers Compared (2026)

Performance benchmarks from 20 locations, pricing at 1 TB, 10 TB, and 50 TB tiers, and feature comparison of Cloudflare, CloudFront, Fastly, Bunny CDN, KeyCDN, Google Cloud CDN, Azure CDN, and StackPath.

11 min read

Enjoyed this article?

Get more like this in your inbox. No spam, unsubscribe anytime.

Comments

Loading comments...

Leave a comment

Stay in the loop

New articles delivered to your inbox. No spam.