|     client      |
                      | ^
  request             | |                 ^
     |                v |                 |
     |        +-----------------+         |
     V        |       CDN       |      response  | CDN will cache responses
                      | ^
                      | |
                      v |
              |  origin server  |


A content delivery network (CDN) is a system of distributed servers that delivers web content to clients based on their location and load balancing. Instead of having requests go to your server, you have requests go to the CDN, which will then get a cached response from one of its many geographically distributed, load balanced servers, or if there is nothing cached for that specific request, it will retrieve it from the original server (“origin server”), cache it, and then deliver it to the client.


  • reduced latency - Since the response is coming from a CDN server (a cache really) that is geographically close to the client, latency is reduced.
  • reduced load on the original server - Since the CDN is serving cached responses, the original server is not being hit as hard.
  • increased redundancy - If one CDN server goes down, another can take its place.
  • increased DDoS protection - (more on this later)

Stale Content

Sometimes certain cached responses in the CDN network can become stale, i.e. outdated, i.e. there is a newer version of this content on the origin server. There are a few ways to deal with this:

  1. TTL - Time to live. You can tell the CDN to only cache certain responses for certain periods of time. For example, you can tell it to cache responseA (say a certain static file) for 1 day, but cache responseB (say a certain endpoint) for 1 hour.
  2. Purge - You can tell the CDN to purge (remove) certain cached responses. E.g. you can tell it to purge responseA, or all reponses, etc. Once you purge a response, the next time a client requests it, the CDN will get the response from the origin server, cache it, and send it to the client.
  3. Never Cache - You can also configure certain files/endpoints to never be cached. These will always be retrieved from the origin server.

DDOS Protection

A CDN can help protect against DDoS attacks. A DDoS attack is when an attacker tries to overwhelm a server with requests, causing it to slow down or crash. A CDN can help protect against this by:

  1. absorbing the attack - since there are so many CDN servers, it can be hard for DDoS to overwhelm them all. But beware, because often you pay for CDN on a per-use basis, if you are being DDoSed, you might end up with a huge bill.
  2. filtering out malicious traffic - a CDN can be configured to detect and filter out malicious traffic, traffic that seems to behave like a DDoS attack.
  3. rate limiting - a CDN can be configured to rate limit requests on a per-client (IP) basis. This makes it harder for DDoS attackers because they need to use many more IPs to attack with.

SSL/TLS and Token Authentication

A CDN can contain SSL certs. This means that the CDN can serve HTTPS traffic, which is obviously important for security, especially when you are sending sensitive information in the request, like a token for authentication! Speaking of tokens, you can also tell your CDN about approved tokens, and it will only serve responses to requests that have a valid token!

Dynamic Content

A CDN is excellent for serving static content, because static content is easily cacheable. But CDNs can even help with dynamic content. Certain CDN providers have the option of configuring edge servers to compute and serve dynamic content. This is often known as edge computing or serverless computing.

Sticky Sessions

A sticky session is when a client is always served by the same server. This is needed in certain scenarios, e.g. shopping carts. A CDN can be configured to use sticky sessions. The way it achieves this is the same way load balancers achieve it, by using a cookie. They map requests containing a certain cookie to always be served by the same server.


In conclusion, a CDN is a network, a web, of servers that are located all over the world. You can pay for this service. When you pay for the service, clients that make requests to your endpoints or static files, will be served from one of these CDN servers. This increases availability, reduces latency, reduces load on your main (origin) server, and gives you some DDoS protection.

Thanks for readin homie! I appreciate you!