How to defend against Account Takeovers
Learn about account takeover threats, protection strategies, and detection methods to secure your digital accounts and prevent unauthorised access.
Support FAQ
CDN performance comes from reducing unnecessary distance, repeated work, and transfer size in the path between a visitor and a website. A CDN can serve cacheable responses from nearby edge locations, keep connections efficient, compress or transform content, and reduce the number of requests that reach the origin.
That does not mean every site becomes fast just by enabling a CDN. Page speed depends on the page itself, the browser, the device, the network, third-party scripts, origin behavior, and cache policy. A CDN is one performance tool in that chain. It is most effective when teams know which requests should be cached, which assets should be smaller, and which metrics prove that users are having a better experience.
The first improvement is proximity. If a visitor in Singapore can receive a stylesheet from an Asian edge instead of a server in North America or Europe, the network round trip is shorter. This can improve time to first byte and reduce the delay before the browser can start rendering.
The second improvement is cache reuse. A cache hit avoids the origin entirely. This is usually the biggest win for static assets, downloads, fonts, images, scripts, and public pages that can be reused safely. It also protects the origin from repetitive work, which matters during traffic spikes.
The third improvement is protocol and connection handling. CDNs often support HTTP/2, HTTP/3, TLS session reuse, connection pooling to origins, Brotli or gzip compression, and optimised routing. These features can reduce connection setup time and bytes transferred, especially for users on mobile or lossy networks.
The fourth improvement is content shaping. Some CDNs can resize images, convert formats, cache transformed variants, minify selected assets, or normalise request behavior. These features help only when they fit the page. An image transformation that produces a smaller file but breaks dimensions or visual quality is not a useful improvement.
Performance work should start by identifying what can be cached. Versioned static assets are usually straightforward. Public HTML may be cacheable if it does not include personalisation. API responses may be cacheable if they are read-only, public, and controlled by accurate headers. Authenticated pages, checkout flows, account pages, admin paths, and state-changing requests usually need bypass rules.
Cache keys decide whether reuse is correct. The key might include scheme, host, path, query string, content encoding, language, device class, or selected cookies. Including too many request attributes fragments the cache and lowers hit ratio. Including too few can serve the wrong response. This is why cache key design affects both speed and correctness.
Freshness policy also matters. Long TTLs improve reuse, but stale content can become a business problem. Frequent purges keep content current, but they can create miss storms. Stale-while-revalidate, targeted purges, versioned assets, and route-specific TTLs are often better than one global rule.
Do not judge CDN performance from one synthetic test alone. Lab tests are useful for repeatability, but real users vary by country, device, browser, connection type, and login state. A strong evaluation combines synthetic tests, real user monitoring, CDN logs, and origin metrics.
Useful user-facing metrics include time to first byte, Largest Contentful Paint, Cumulative Layout Shift, Interaction to Next Paint, total page weight, image weight, render-blocking requests, and error rates. Useful delivery metrics include cache hit ratio, byte hit ratio, edge response time, origin response time, origin request count, origin bandwidth, compression ratio, and purge frequency.
Break results down by route. A high global cache hit ratio may hide a slow product page, a cache-busting search path, or one country routed poorly. Byte hit ratio may tell a different story from request hit ratio if the CDN caches many small files but misses large images or downloads.
One trap is treating the CDN as a substitute for page optimisation. If a page ships oversized images, too much JavaScript, blocking CSS, unstable layout, or slow third-party tags, edge caching cannot fix everything. The browser still has to download, parse, execute, and render the page.
Another trap is cache fragmentation. Varying by full user agent, all cookies, every query parameter, or unnecessary headers can create many near-duplicate cache entries. The site may look configured for caching while most real requests still miss.
Over-purging is also common. A full-site purge after every content change can erase the cache repeatedly and push work back to the origin. For busy sites, this can slow users at exactly the moment freshness matters. Targeted purges and stable asset versioning usually produce better behavior.
Finally, performance changes can break correctness. Caching a private response, ignoring a language variation, compressing an already compressed file, or transforming an image used for precise design can create user-visible defects. Faster wrong content is still wrong.
Performance and security share the same path. Bot traffic, scraping, cache-busting query strings, abusive API clients, and DDoS events can consume origin capacity and reduce speed for real users. Rate limits, bot controls, WAF rules, request normalisation, and origin protection can therefore be performance controls as well as security controls.
At the same time, security rules can add latency or block legitimate traffic if they are too broad. Measure rule actions, challenge rates, false positives, and origin relief. Apply stricter controls to risky routes without slowing every asset request unnecessarily.
Operationally, teams need visibility from browser to edge to origin. Response headers should make cache status understandable during debugging. Logs should show edge location, cache outcome, origin status, response time, request ID, and security action. Dashboards should separate cache hits from misses and edge latency from origin latency.
Begin with a baseline. Record user metrics, cache metrics, origin load, and representative page tests before changing rules. Then improve the easiest routes first: static assets, images, fonts, and public downloads. Move to public HTML and APIs only after the cache key, freshness model, and privacy rules are clear.
Change one major policy at a time. Watch whether user metrics improve, origin work falls, and error rates stay stable. Keep rollback steps for cache rules, transformations, and security controls.
A CDN improves performance best when it is treated as part of the application delivery design, not as a switch. The aim is faster real pages, lower origin pressure, and enough evidence to prove the change helped the users who matter.
Learn about account takeover threats, protection strategies, and detection methods to secure your digital accounts and prevent unauthorised access.
An overview of Account Takeover Attacks
A practical reference for common AI crawler user agents, operators, purposes, and recommended Peakhour bot-management actions.
AI For Cybersecurity explains the concept in the context of AI security, with practical checks and mitigation considerations for site operators.
AI Image Generation explains the concept in the context of AI security, with practical checks and mitigation considerations for site operators.
AI Misuse explains the concept in the context of AI security, with practical checks and mitigation considerations for site operators.
© PEAKHOUR.IO PTY LTD 2026 ABN 76 619 930 826 All rights reserved.