How to defend against Account Takeovers
Learn about account takeover threats, protection strategies, and detection methods to secure your digital accounts and prevent unauthorised access.
Support FAQ
CDNs reduce bandwidth cost by serving repeat traffic from locations between users and the origin. When a cached image, script, stylesheet, video segment, document, or page is delivered from the edge, the origin does not have to send the same bytes again. That reduces origin egress, backend work, and the amount of traffic that crosses expensive cloud, hosting, or transit boundaries.
The saving is not just about request count. A site may have many small HTML requests and a smaller number of very large image, font, download, or media requests. The most useful metric is often byte hit ratio: the share of transferred bytes served from cache. Cache hit ratio counts requests. Byte hit ratio shows whether the large objects are being offloaded.
Reusable static assets are the easiest starting point. Versioned JavaScript bundles, CSS files, fonts, images, PDFs, and downloadable files can usually be cached for long periods because their URLs change when the content changes. Serving those objects from a CDN means the origin pays for far fewer repeated transfers.
Public HTML can also reduce cost when it is safe to cache. Product category pages, article pages, documentation, marketing pages, and unauthenticated search results may be cacheable for seconds, minutes, or hours depending on how often they change. Even short edge freshness can remove bursts of repeated origin work during campaigns, crawls, or traffic spikes.
Compression and image optimization reduce the number of bytes delivered. Brotli or gzip can shrink text resources. Responsive image variants, WebP, AVIF, and correct dimensions can reduce oversized media. These savings still need cache discipline: if every transformed image variant is requested with a unique cache-busting query string, the CDN may store many low-value objects instead of a small set of reusable outputs.
Origin shielding can reduce duplicated misses. Without a shield, many edge locations may fetch the same object from the origin when a cache expires or is purged. A shield layer gives those edge locations one upstream cache to consult first. That can lower origin egress during cold starts and after invalidation.
Simply placing a CDN in front of a site does not guarantee lower bandwidth bills. The CDN has to be allowed to reuse responses. Response headers, cache rules, cookies, query strings, authorization headers, redirects, and status codes all influence reuse.
For example, a product image with a stable URL and a long freshness lifetime is likely to produce strong byte savings. The same image requested as image.jpg?timestamp=... for every page view may miss cache repeatedly unless query handling is normalized. A page that sends Cache-Control: private or sets a user-specific cookie may bypass shared cache correctly, but it will not reduce bandwidth in the same way as public content.
Cache keys are a common source of hidden cost. If the key varies by every query string, every cookie, every user agent, or every language header, the cache can fragment into many rarely reused entries. If the key ignores an attribute that really changes the response, users may receive the wrong content. Cost reduction depends on finding the smallest safe set of request attributes that define a distinct response.
A high request hit ratio can hide poor byte savings. If many tiny icons are cached but large hero images and downloads miss, origin egress may remain high. Review cache hit ratio and byte hit ratio together, then break them down by path type and file extension.
Purge-heavy workflows can also erase expected savings. Some publishing systems purge broad sections of a site whenever small changes occur. If every update clears thousands of objects, the CDN spends much of its time refilling cache. More targeted invalidation, cache tags, versioned asset URLs, and sensible stale serving can protect freshness without forcing every edge location back to origin.
Another misconception is that dynamic traffic cannot be optimized. State-changing requests should not be cached, and private responses need strict handling, but dynamic sites often contain public fragments, anonymous pages, static assets, API responses, or generated documents that can be cached safely. The right question is not "dynamic or static?" but "which routes produce the same response for many users, and for how long?"
Third-party assets need separate attention. A CDN in front of your origin does not reduce the transfer cost or performance impact of unrelated scripts, tags, fonts, or media hosted elsewhere. It may improve the first-party delivery path while the page still pays a large third-party byte cost.
Bandwidth savings should not come from caching unsafe content. Authenticated pages, account data, carts, payment steps, admin screens, and personalized API responses need clear no-store or private behavior unless they are explicitly designed for shared caching. A data leak caused by an overbroad cache rule is far more expensive than the bandwidth it saved.
Cost controls also overlap with abuse controls. Hotlinking can make someone else's pages consume your bandwidth. Cache-busting query strings can force repeated origin fetches. Automated scraping can request large files or uncacheable routes at high rates. Bot controls, rate limits, signed URLs, origin access restrictions, and query normalization can all protect both security and cost.
Origin exposure is another issue. If users or attackers can bypass the CDN and request the origin directly, the origin may still pay egress and compute costs even when the CDN cache is healthy. Restricting origin access to trusted CDN paths or private networks keeps the savings path enforceable.
Measure before and after. Track origin egress bytes, CDN egress bytes, cache hit ratio, byte hit ratio, origin request count, cache status by route, transformed image bytes, compression savings, purge volume, and response codes. Compare those metrics across normal traffic, publish events, sales, bot spikes, and regional incidents.
Look at the top byte producers first. Large images, videos, downloads, fonts, generated PDFs, and API exports can dominate cost. For each one, check freshness headers, cache key behavior, response size, content encoding, variant count, and purge pattern. Then confirm from logs that repeat requests are served from the intended cache layer.
Finally, evaluate the user impact. Reducing bandwidth by serving stale or wrong content is not a success. The best CDN cost reductions also improve latency, lower origin pressure, and keep troubleshooting evidence clear enough that operators can explain why a response was a hit, miss, bypass, or revalidated fetch.
Learn about account takeover threats, protection strategies, and detection methods to secure your digital accounts and prevent unauthorised access.
An overview of Account Takeover Attacks
A practical reference for common AI crawler user agents, operators, purposes, and recommended Peakhour bot-management actions.
AI For Cybersecurity explains the concept in the context of AI security, with practical checks and mitigation considerations for site operators.
AI Image Generation explains the concept in the context of AI security, with practical checks and mitigation considerations for site operators.
AI Misuse explains the concept in the context of AI security, with practical checks and mitigation considerations for site operators.
© PEAKHOUR.IO PTY LTD 2026 ABN 76 619 930 826 All rights reserved.