Why a CDN Is for Everybody In 2024: Website Security, Performance, and Peace of Mind
CDNs or "Content Delivery Networks" used to be reserved for getting content delivered more quickly to distant regions of the world, often for higher-traffic sites. Today, it is an umbrella term, increasingly used for web and mobile performance acceleration, security, and peace of mind for all websites.
You will notice that many of the leading providers distance themselves from the term a bit, calling themselves a "cloud platform" or "cloud network platform", but the term "CDN" persists as the only way to recognizably identify this layer of the internet ecosystem that makes websites faster and more secure.
Why a CDN Is for Everybody: Performance, Security, and Peace of Mind
CloudFlare was one of the most well-known pioneers in pushing CDNs far beyond simple content distribution, including performance enhancements like on-the-fly image compression, security enhancements like a Web Application Firewall (WAF), and peace of mind measures like "Always Online" that serves cached versions of the website in case the web server goes down.
Companies like Akamai that used to be CDN-only have been catching up, but at a price tag and lack of agility you'd expect from an older, larger company.
What's Required To Enable a CDN? Why Is It Sometimes A Political Battle With IT?
For many providers, you have to change the name servers of your domain to point to those of the CDN company. Basically, it's a complex DNS maneuver that makes your average IT person unnecessarily nervous. You are handing over your DNS handling to one of these CDN companies, but that's no more risky (perhaps less risky) than using your current DNS registrar.
Many IT folks are nervous about the risks of letting go of control of your DNS while completely ignoring the risks of not letting go: security, performance, increased risk without the "peace of mind" features, and ultimately business dollars and profit left on the table due to slower site performance.
This is similar to the desire to host the website on-premise in the back closet (extremely risky) rather than relying on a 3rd party cloud computing company with more dollars, infrastructure, trained staff, and economies of scale.
You need to find a way to be a CDN champion—or hire someone who can—to get your IT personnel to budge and let go of their unfounded worries. However, there are providers like Fastly that allow you to gain many of these benefits without changing your name servers, and CloudFlare does indeed allow you to use a CNAME setup (instead of a name server change) although it is only available on the more costly Business and Enterprise plans.
Note that your root domain (i.e. https://domain.com) will not be protected – only subdomains can be protected, so you should redirect https://yourdomain.com to https://www.yourdomain.com ("www" is considered a subdomain). Although, unless you really know what needs to be done to protect and properly set up your name servers, it's usually best to use the name servers provided by these CDN companies.
Most of the CDN companies offer a variety of options to increase performance. Some examples of performance improvements offered by such CDNs are as follows:
- On-the-fly image compression
- Faster page loads through high-tech infrastructure
- Page caching and purging
- Fast DNS lookups
- GZIP compression, reducing file and page size
- HTTP/2 Support
Here is a recent benchmark of a site that we put behind a CloudFlare Pro plan with performance enhancements enabled (note that this site was already behind a CDN used by the Pantheon hosting platform, so this is really just measuring the performance enhancements) as tested on the reliable, less-noisy, and less-profit-driven site https://www.webpagetest.org/.
Before Implementing CloudFlare CDN Performance Improvements:
After Implementing CloudFlare CDN Performance Improvements:
- A 1 second decrease in load time!
- 0.7 MB in bandwidth savings
- Image compression!
On another site with a lot of technical baggage, we were able able to get a 2.5 second performance increase! Just by enabling CloudFlare. Do you know how many developer hours that would have taken?! Here are the results.
Before Implementing CloudFlare CDN:
After Implementing CloudFlare CDN:
- A 2.5 second decrease in load time!!
- A ~0.7 MB in bandwidth savings.
- Transfer compression (compressing everything that the web server sends -- was not working properly so CloudFlare fixed it)
- That "D" rating on First Byte is just noise. Also, ignore the incorrect "F" grade on the "Cache static content" on the "after" pic -- this was due to a technicality of the site architecture outside of CloudFlare's control, and static content caching still markedly improved:
The other metrics matter, too, for overall user experience. You may wish to research what they mean in further detail.
Need to audit your Drupal or WordPress site?
A Web Application Firewall (WAF) is more and more important, especially since you can implement one with such low cost and barrier to entry. I work in this industry, so I see hacking all the time. I see emergency calls, expensive mistakes, data loss, lost revenue due to site downtime, and customer / personally identifiable information stolen. It's way too easy to pretend it won't happen to you.
Take the time to do your best by implementing a WAF in front of your website. Even our favorite hosting companies do not provide this out of the box. You will often see a hosting company advertise "security" but what they are often talking about is that they provide a WAF for their entire hosting infrastructure but not your individual website. It's up to you to provide that, at least in this day and age.
Another great thing you often get from a CDN is free HTTPS / SSL (yes, you read that right), so that you don't have to pay for and install an SSL certificate to get the https:// before your domain name, which is important both for security and SEO ranking. By signing up for a free CloudFlare plan, for example, you also get free HTTPS / SSL. Everyone on the internet should at least have HTTPS / SSL these days, because it is completely free.
Peace of Mind
There are varies "peace of mind" features, where each competitor seems to differ the most. Examples of peace of mind features follow:
- Website hacking cleanup and first responder service (Sucuri)
- Blacklist removal (Sucuri)
- SEO Spam Repair (Sucuri)
- Website security scanning for hacks and blacklists (Sucuri)
- DDoS protection hotline (CloudFlare)
- Keep a cached version of the website to serve even if the web server goes down (CloudFlare)
- Distributed networks keeping internet properties available and performant (multiple)
- Load balancing (multiple)
- Off-site website backups (Sucuri) -- it's good to keep a redundant off-site backup even if your hosting provider does back-ups as well.
Platforms like CloudFlare offer a very generous free plan that still gets you a CDN, free HTTPS, and some of the performance improvements. However, its Free plan doesn't offer WAF protection, leaving your site vulnerable to attacks from DDoS strategies, bots, spam, and other vulnerabilities.
At its $20/month Pro plan, you get the WAF but do not receive advanced DDoS mitigation and custom SSL -- to get those features you'll need to shell out $200/mo for the Business plan. That pricing jump for those who require bigger-business-level features can entice folks to choose alternatives like Fastly, Securi, Incapsula, or Stackpath.
Get a CDN. It's free if you don't want to pay for it. If you don't have one, you're behind, at risk, and losing money from a simple performance enhancement that requires zero developer time to implement.