CDN (Content Delivery Network)
A CDN is a geographically distributed network of edge servers that cache static and dynamic content close to users, reducing latency and offloading origin servers.
CDN = vending machines placed in every neighborhood instead of making everyone drive to the factory. Same snacks, way closer. Origin shield = one regional warehouse between the vending machines and the factory.
CDNs serve static assets (JS, CSS, images, videos) with high cache hit rates from edge nodes. Cache-Control headers control TTL at the edge. CDN invalidation (purging) removes stale entries by URL, tag, or path prefix. For dynamic content, CDN edge caching with short TTLs (1–60s) reduces origin load during traffic spikes. CDN also provides DDoS protection, TLS termination, and HTTP/2 or HTTP/3 multiplexing at the edge.
Origin shield is a CDN optimization: an intermediate cache layer between edge nodes and the origin, so only one node per region (rather than every edge node) fetches from origin on a miss. This dramatically reduces origin fan-in. For personalized content, Vary headers on cache keys (by cookie, user-agent) fragment the cache, reducing hit rates — prefer public/private content separation: cache the public frame, fetch personalized fragments via client-side API calls. Edge computing (Cloudflare Workers, Lambda@Edge) runs code at CDN edge nodes, enabling request-time customization (A/B testing, auth, geolocation routing) without origin round trips. For media streaming, CDN + HLS/DASH adaptive bitrate ensures smooth playback by serving the right quality segment for each client's bandwidth.
For any system with static assets, CDN is the highest-ROI optimization — it eliminates origin load for assets that represent 80%+ of bytes transferred. I'd set long Cache-Control max-age (1 year) for fingerprinted assets (content-addressed filenames) and short TTLs (5–60s) for HTML. I'd use origin shield to prevent CDN edge nodes from stampeding the origin on a miss. For API responses, I'd use CDN caching for public, non-personalized endpoints with appropriate Surrogate-Control headers.
Relying on CDN caching for authenticated or personalized content without cache key customization. Without a user-specific cache key, one user's data is served to another. Use Cache-Control: private for personalized content, or use a CDN that supports custom cache keys.