CDN Basics and Setup

A Content Delivery Network (CDN) is a geographically distributed network of servers that caches copies of your site’s content — images, CSS, JavaScript, and sometimes entire HTML pages — and serves them from a location close to each visitor. Without a CDN, every request to your site travels from the visitor’s browser to your origin server, wherever that sits, and back. A visitor in Singapore loading a site hosted in a London data centre has a round-trip time of roughly 170ms before the server has even started responding — that latency is physical, a consequence of the speed of light through fibre, and no amount of server-side optimisation eliminates it. A CDN edge node in Singapore serves cached content with a round-trip time under 10ms. The improvement is that consistent and that significant for international audiences.

Time to First Byte (TTFB) is the measurement that a CDN most directly improves: the time from the browser sending a request to receiving the first byte of a response. Google’s Core Web Vitals include TTFB as a signal in site health scoring, and it feeds into Largest Contentful Paint (LCP), one of the three metrics Google uses for search ranking. A site with a 600ms TTFB for US visitors that drops to 80ms TTFB for those same visitors after a CDN is enabled is a real-world range, not a marketing claim.

Cloudflare is the CDN worth recommending for most sites, for reasons that go beyond performance. Cloudflare operates 300+ edge nodes globally, has one of the most extensive Anycast networks in the world, and offers a generous free tier that includes the CDN, DDoS protection, web application firewall (WAF) at a basic level, SSL certificate issuance, and — on the free plan — everything a typical site needs. Setting up Cloudflare in front of an existing host takes under thirty minutes: you create a Cloudflare account, add your domain, Cloudflare reads your existing DNS records automatically, you update your domain registrar to point nameservers to Cloudflare’s assigned nameservers, and DNS propagation typically completes within minutes to a few hours. Once the proxy is active, your origin server’s IP address is hidden behind Cloudflare’s infrastructure, which also eliminates a category of direct-to-origin attacks.

The configuration decisions worth making after the basic setup: enable “Always Use HTTPS” to force HTTPS sitewide; set caching rules for static assets (images, fonts, CSS) to cache at edge aggressively; configure a page rule or cache rule to bypass the cache for the WordPress admin, checkout, and cart pages (which must not be cached since they contain session-specific content); and review the SSL/TLS encryption mode — “Full (strict)” is the correct setting if your origin server has a valid certificate, which it should. On the free plan, Cloudflare caches static assets but does not cache HTML pages by default; to cache static HTML (useful for blogs and static-ish sites), you need either a custom cache rule or the $20/month Pro plan.

The failure modes to know about: Cloudflare’s proxy is a dependency — if Cloudflare has an outage or misconfigures your zone, your site goes down even if your origin server is healthy. Cloudflare has an exceptional reliability record (99.99%+ availability) but it is worth keeping your origin server’s IP address documented somewhere accessible so you can bypass Cloudflare temporarily if needed. The second failure mode is cache pollution: if Cloudflare caches a page that contains a logged-in user’s session data (typically because cache bypass rules are not set correctly for a WordPress install), other visitors may see another user’s account information. This is a configuration error, not an inherent flaw, and is avoided by the bypass rules noted above.

When to pick what: Cloudflare’s free plan is the correct CDN choice for any site not already served by a platform CDN. The Pro plan at $20/month adds HTML page caching (via APO for WordPress), faster WAF rules, and better analytics. Most managed WordPress hosts — Kinsta, WP Engine, Cloudways — include CDN functionality in their own plans; if you are on one of those platforms, enable their built-in CDN first and evaluate whether adding Cloudflare in front provides meaningful incremental benefit before adding the additional layer.