A content delivery network (CDN) is designed to reduce the load on your primary web servers by caching your static assets in a network of servers. These servers get closer to the users, which can speed up your loading times.
How do CDNs work?
A CDN does not replace your web server. it sits between the user and the web server and caches the content of the website. Each CDN endpoint is called PoP, and most CDN providers will have hundreds of them worldwide. Having a PoP physically close to the end user reduces the latency, called the “network edge”;. CDNs try to optimize the time users spend on the network edge without having to make a request further into the network (and bug your web server).
This type of CDN is called an “origin pull” or “mirror” CDN. A pull CDN mirrors the content of your website and delivers it with lower latency and improved caching. The second variant is called an “origin push” CDN, which can replace certain parts of your web server. Push CDN is primarily used to host content that would be impossible to host on traditional web servers such as video streaming services or other large media. For example, photos and videos stored in Amazon S3 can be served via their CloudFront CDN in a push configuration, eliminating the need to host the content altogether.
Many CDNs are mainly used to cache images, files and other static content. However, some CDNs, especially Cloudflare, Fastly and Amazon CloudFront, can cache your entire site. Cached downloads across the entire site can be configured to expire in just a few seconds, making your site responsive while taking a heavy load on your web servers.
You can set rules for each type of page you have and choose how long you want the content to be cached. This can be done either through the admin panel with your CDN provider or by adding
Cache-Control headings for your HTTP responses, which you can set up
max-age to a certain time in seconds.
However, you should not apply these settings entirely to your entire site. Some things have to be dynamic. For example, a user’s profile page or any page that requires authentication should Never cachas, otherwise anyone who visits their own profile page can find themselves on the information from another account. This is exactly what happened to Steam during their Christmas sales in 2015, when Valve updated its cache configuration to try to mitigate a traffic increase and inadvertently cached user data. This did not allow anyone to log in as another user, but it did allow them to view a copy of their private data, which is still a major security breach.
In some cases, APIs can be cached. For example, a website like Reddit does not have to make a database query every time someone requests the best posts on the website. Instead, you can cache them every minute or so and only make requests when needed, like someone requesting new posts. However, some APIs can break with caching, so you need to test at the end to see if it works for yours.
Are you going to use a CDN?
If your site receives a lot of traffic, caching the entire site (or at least the main pages of your site) can put a lot of strain on your web servers.
If you use a specialized hosting provider, such as SquareSpace, Shopify or WordPress, that provider probably already has its own CDN built in and usually handles the information about hosting your website for you.
You should also use the browser cache, which you can use with a CDN. Essentially, your assets will be stored in the user’s browser for a short period of time (5-10 minutes), so if they click on another page on your site, their browser does not even need to make a request for the content it already has. But if you made changes to the site and they came back the next day, they would get an updated page from the CDN because the browser’s cache has expired.