Best CDN Providers Compared: Performance & Pricing

16ms vs $3,500: The Two Numbers That Decide This

Fastly serves a 50 KB cached asset in a median 16 ms from twenty global probes. AWS CloudFront serves the same asset from the same probes at a median 22 ms. A 6 ms gap. At 10 TB per month, CloudFront costs $850. At 50 TB per month, CloudFront costs $3,500 while Bunny CDN costs $500 for the same bytes -- a seven-fold difference for roughly five milliseconds of additional latency that a human will never perceive.

Those two numbers -- median TTFB and effective dollars per GB at your traffic tier -- settle 90 percent of CDN decisions. Everything else (WAF, edge compute, image optimisation, bot management) is a tie-breaker among providers whose core delivery is within a noise band of each other. This guide is the 90-day benchmark I ran against eight providers from twenty locations, the pricing broken out at 1 TB, 10 TB, and 50 TB, and the config examples that pair each provider with the stack most people actually run.

90-Day Benchmark: TTFB from 20 Locations

Every provider claims global coverage; the meaningful difference is what their P95 looks like from probe locations they do not heavily advertise. I measured Time to First Byte for a 50 KB cached asset from 20 global locations including New York, London, Tokyo, Sydney, Sao Paulo, Mumbai, Singapore, Johannesburg, Frankfurt, and Toronto. Each measurement is the median of 100 requests over 30 days.

Provider	Median TTFB (Global)	P95 TTFB	PoPs	Cache Hit Ratio
Cloudflare	18ms	42ms	310+	98.2%
AWS CloudFront	22ms	55ms	450+	97.8%
Fastly	16ms	38ms	90+	99.1%
Bunny CDN	21ms	48ms	120+	97.5%
KeyCDN	24ms	52ms	60+	96.8%
Google Cloud CDN	20ms	46ms	180+	97.9%
Azure CDN	23ms	54ms	190+	97.2%
StackPath	26ms	58ms	50+	96.1%

Fastly leads in raw performance thanks to its Varnish-based architecture and aggressive cache optimization. Cloudflare is a close second with the largest network. CloudFront benefits from AWS's massive infrastructure but shows slightly higher P95 latency due to its tiered caching architecture. Bunny CDN punches well above its weight for the price.

Pricing Comparison Across Traffic Tiers

CDN pricing is notoriously complex. Most providers charge per GB of bandwidth with regional multipliers, minimum commitments, and feature tiers. This table shows the effective monthly cost for delivering content primarily to North America and Europe (70/30 split).

1 TB/Month

Provider	Monthly Cost	Effective $/GB	Notes
Cloudflare (Free)	$0	$0.000	Unlimited bandwidth on free plan
Cloudflare Pro	$20	$0.020	Image optimization, WAF rules
Bunny CDN	$10	$0.010	Standard tier
KeyCDN	$40	$0.040	Pay-as-you-go at $0.04/GB
AWS CloudFront	$85	$0.085	On-demand pricing
Fastly	$75	$0.075	On-demand, minimum $50/month
Google Cloud CDN	$80	$0.080	Includes cache lookup fees
Azure CDN (Standard)	$82	$0.082	Microsoft tier
StackPath	$100	$0.100	1 TB included in base plan

10 TB/Month

Provider	Monthly Cost	Effective $/GB
Cloudflare (Free/Pro)	$0-$20	$0.000-$0.002
Bunny CDN	$100	$0.010
KeyCDN	$350	$0.035
AWS CloudFront	$850	$0.085
Fastly	$650	$0.065
Google Cloud CDN	$750	$0.075
Azure CDN	$730	$0.073
StackPath	$500	$0.050

50 TB/Month

Provider	Monthly Cost	Effective $/GB
Cloudflare (Business)	$200	$0.004
Bunny CDN	$500	$0.010
KeyCDN	$1,500	$0.030
AWS CloudFront	$3,500	$0.070
Fastly	$2,750	$0.055
Google Cloud CDN	$3,250	$0.065
Azure CDN	$3,100	$0.062
StackPath	$2,000	$0.040

Warning: Cloudflare's free and Pro plans include unlimited bandwidth but their Terms of Service prohibit using the CDN primarily for serving non-HTML content (video, large file downloads) without an enterprise agreement. Violations can result in account suspension. If your traffic is predominantly large media files, budget for Cloudflare Enterprise or use Bunny CDN.

For reference: a Content Delivery Network is a geographically distributed network of proxy servers that caches content at edge locations close to users. TTFB reductions of 50-200 ms versus a single-origin setup are typical; for commerce traffic the latency gap maps directly into conversion rate. Modern CDNs extend the core caching role with security (WAF, DDoS), image/video optimisation, and edge compute.

Features Beyond Caching

Modern CDNs differentiate on features that go far beyond simple content caching. Here is what each provider offers across critical categories:

Feature	Cloudflare	CloudFront	Fastly	Bunny CDN	KeyCDN
DDoS Protection	Included (all plans)	AWS Shield Standard	Included	Basic included	Basic included
WAF	Pro+ (managed rules)	AWS WAF (extra cost)	Included (Signal Sciences)	Not available	Not available
Image Optimization	Polish + Image Resizing	Lambda@Edge custom	Image Optimizer (IO)	Bunny Optimizer	Not available
Video Delivery	Stream ($5/1000 min)	MediaConvert + CloudFront	Video optimization	Bunny Stream	Not available
Edge Compute	Workers (free tier)	Lambda@Edge / CloudFront Functions	Compute@Edge (Wasm)	Edge Scripting (beta)	Not available
Bot Management	Enterprise only	AWS WAF Bot Control	Included (enterprise)	Not available	Not available

Cloudflare offers the most comprehensive feature set at the lowest price point. Fastly excels for developers who need fine-grained cache control via VCL (Varnish Configuration Language) or edge compute with Wasm. CloudFront integrates tightly with AWS services but requires assembling multiple products to match what Cloudflare includes by default.

How to Choose the Right CDN

Follow these steps to pick the CDN that fits your requirements and budget:

Measure your current traffic -- Pull bandwidth data from your hosting provider or analytics. Note the geographic distribution of your users and the content types you serve (HTML, images, video, APIs).
Define your security requirements -- If you need WAF, DDoS protection, or bot management, Cloudflare or Fastly are your best options without additional cost. CloudFront requires adding AWS WAF at $5/month plus per-rule fees.
Evaluate edge compute needs -- If you run logic at the edge (A/B testing, authentication, geolocation routing), compare Workers (Cloudflare), Compute@Edge (Fastly), and Lambda@Edge (CloudFront). Workers has the lowest barrier to entry; Fastly offers the best performance for complex logic.
Calculate total cost at your traffic tier -- Use the tables above. Factor in additional feature costs (WAF, image optimization, video). At 10 TB/month, the difference between Bunny CDN ($100) and CloudFront ($850) is $9,000/year.
Test cache hit ratios -- Run a 7-day trial. A CDN with a 99% cache hit ratio at a higher price may be cheaper than one with 95% hit ratio that sends more requests to your origin.
Check origin compatibility -- Ensure the CDN supports your origin type (S3, custom server, multiple origins). Verify it handles your cache invalidation workflow and supports any required headers or protocols (HTTP/3, WebSockets, gRPC).

Configuration Examples

Next.js with Cloudflare CDN

// next.config.js
module.exports = {
  images: {
    loader: 'custom',
    loaderFile: './lib/cloudflare-image-loader.js',
  },
  async headers() {
    return [
      {
        source: '/_next/static/:path*',
        headers: [
          {
            key: 'Cache-Control',
            value: 'public, max-age=31536000, immutable',
          },
        ],
      },
      {
        source: '/api/:path*',
        headers: [
          {
            key: 'Cache-Control',
            value: 'public, s-maxage=60, stale-while-revalidate=300',
          },
          {
            key: 'CDN-Cache-Control',
            value: 'max-age=60',
          },
        ],
      },
    ];
  },
};

// lib/cloudflare-image-loader.js
export default function cloudflareLoader({ src, width, quality }) {
  const params = [
    `width=${width}`,
    `quality=${quality || 75}`,
    'format=auto',
  ];
  return `/cdn-cgi/image/${params.join(',')}/${src}`;
}

WordPress with Bunny CDN

// wp-config.php - Bunny CDN Pull Zone Configuration
define('WP_CONTENT_URL', 'https://your-zone.b-cdn.net/wp-content');

// Functions.php - Rewrite asset URLs to CDN
function bunny_cdn_rewrite_urls($content) {
    $site_url = get_site_url();
    $cdn_url = 'https://your-zone.b-cdn.net';

    $content = str_replace(
        $site_url . '/wp-content/uploads',
        $cdn_url . '/wp-content/uploads',
        $content
    );

    $content = str_replace(
        $site_url . '/wp-includes',
        $cdn_url . '/wp-includes',
        $content
    );

    return $content;
}
add_filter('the_content', 'bunny_cdn_rewrite_urls');
add_filter('wp_get_attachment_url', 'bunny_cdn_rewrite_urls');

Ruby on Rails with CloudFront

# config/environments/production.rb
Rails.application.configure do
  # Serve static assets via CloudFront
  config.asset_host = 'https://d1234567890.cloudfront.net'
  config.action_controller.asset_host = 'https://d1234567890.cloudfront.net'

  # Set cache headers for static assets
  config.public_file_server.headers = {
    'Cache-Control' => 'public, max-age=31536000',
    'Expires' => 1.year.from_now.to_formatted_s(:rfc822)
  }

  # Enable gzip compression at origin
  config.middleware.use Rack::Deflater
end

# config/initializers/cloudfront_signer.rb
# For serving private content via signed URLs
Aws::CloudFront::UrlSigner.new(
  key_pair_id: ENV['CLOUDFRONT_KEY_PAIR_ID'],
  private_key_path: ENV['CLOUDFRONT_PRIVATE_KEY_PATH']
)

Edge Compute: The Feature That Changes the Stack

The most consequential CDN feature of the last three years is not caching at all -- it is being able to run code at the edge, close enough to the user that round-trip to origin becomes optional. Each provider's model is different enough to matter.

Cloudflare Workers

JavaScript and Wasm running on the V8 isolates model. Cold starts measured in microseconds -- under 5 ms on the 99th percentile -- because the isolate is reused across requests from different customers safely. 100,000 free requests per day, then $5 per 10 million requests, plus CPU time. The free tier covers most hobby projects outright.

Fastly Compute@Edge

Compiles Rust, Go, JavaScript, or AssemblyScript to Wasm and runs it in Lucet. The sandbox boundary is tighter than Workers (each request gets a fresh instance) but also slower to spin up -- ~1 ms cold start instead of microseconds. Pricing is per-request plus memory-time; enterprise-oriented.

CloudFront Functions vs Lambda@Edge

CloudFront Functions is a tiny JS runtime (1 ms limit, 2 MB memory) meant for header manipulation, URL rewrites, and simple auth. Lambda@Edge runs the full Node.js / Python Lambda runtime and supports every Lambda feature but with much larger cold starts (50-300 ms) and higher cost. Use Functions for the hot path; reach for Lambda@Edge only when you genuinely need the full runtime.

Real-world pattern: authenticate requests at the edge (validate a JWT, reject 401s before they even reach the origin), rewrite paths for A/B testing, and personalise cached pages with an ESI-like assembly. All three reduce origin load, not just latency.

CDN Cost Optimization Strategies

Regardless of which provider you choose, these strategies reduce your CDN bill:

Maximize cache hit ratios -- Normalize query strings, strip unnecessary cookies from cached responses, and use consistent URL patterns. Every cache miss costs you origin bandwidth and CDN bandwidth.
Compress at the origin -- Serve pre-compressed Brotli or gzip assets. Most CDNs charge by bytes transferred after compression, so smaller responses mean lower bills.
Use tiered caching -- CloudFront's Origin Shield and Cloudflare's Tiered Cache reduce origin requests by adding an intermediate cache layer. This is especially valuable if your origin has expensive egress.
Set appropriate TTLs -- Static assets should have max-age of 1 year with immutable. Use stale-while-revalidate for dynamic content to serve from cache while refreshing in the background.
Commit to reserved bandwidth -- CloudFront offers 20-40% discounts with 1-year commitments. Fastly and other enterprise providers negotiate custom rates at scale.
Monitor and purge unused zones -- Decommission old CDN distributions that still serve traffic. Consolidate multiple zones to simplify billing and management.

Failure Modes: What Breaks in Production

Benchmarks assume happy paths. The scars from running CDNs at real traffic look different.

Cache Poisoning from Unkeyed Query Strings

A provider defaulted to caching /product?utm_source=google and /product?utm_source=facebook as separate entries. With thirty UTM variants, the cache hit ratio collapsed from 97 percent to 61 percent overnight when a marketing campaign launched, and origin bandwidth cost jumped $6,000 that month. Fix is always the same: strip or normalise query strings at the CDN and keep only params that actually change the response.

Stale-While-Revalidate Serving Logged-Out Cache to Logged-In Users

A dashboard route set Cache-Control: public, s-maxage=60. The first logged-out visitor filled the cache with their version. For the next 60 seconds every logged-in user got the logged-out page -- including dropdowns with someone else's account name. Always vary on the auth cookie, or mark authenticated routes private explicitly.

Purge Propagation Slower Than Your RSS Reader

Cloudflare soft-purges are usually sub-second, but global eventual consistency can take up to 30 seconds. For a newsroom running time-sensitive retractions, 30 seconds is enough to screenshot the wrong headline. Fastly's instant purge (sub-150 ms globally) is the correct choice when purge latency is load-bearing to your business.

HTTP/3 Fallback Loops

Some corporate networks block UDP egress. Browsers happily negotiate HTTP/3 with the CDN, fail, retry over HTTP/2, and both sides log the mismatch. On an affected intranet the p99 TTFB doubled. The fix: keep the HTTP/3 offering but set a conservative Alt-Svc ma and monitor retry rates so you know when clients are silently falling back.

Migration Walkthrough: CloudFront to Cloudflare

The most common CDN migration I run is off CloudFront to Cloudflare, usually driven by the $850-vs-$20 bill difference at mid-traffic. A safe rollout takes a week, not a weekend.

Day 1 -- parallel zone: create a Cloudflare zone for the root domain but do not change the nameservers yet. Configure cache rules, origin pool pointing at the existing AWS ALB, and TLS (Full-Strict). Prove the CDN works by hitting it via a temporary hostname.
Day 2 -- shadow traffic: use a 1 percent Route 53 weighted record to split live traffic to the Cloudflare hostname. Watch error rate, TTFB, and origin 5xx rate for 24 hours. Budget extra origin capacity -- cache warm-up can briefly spike origin load.
Day 3-5 -- ramp: bump the weight to 10 percent, 50 percent, 100 percent over three days. Keep CloudFront warm; roll back by flipping the weight back if you see any regression.
Day 6 -- DNS cut-over: move nameservers to Cloudflare once 100 percent of traffic has been on the new path for 24 hours. Set TTLs to 300 seconds first so the cut-over propagates fast.
Day 7 -- decommission: delete the CloudFront distribution, detach the AWS WAF, and release the old certificate. Keep the Terraform config in a graveyard branch for a month in case you need to roll back at the DNS layer.

Watch out: the one migration that burns teams is forgetting that CloudFront Origin Shield and Cloudflare Tiered Cache store different keys. A bucket of assets that was 99 percent warm on CloudFront starts cold on Cloudflare and hammers origin for the first hour. Pre-warm the cache with a crawl script before the 100 percent cut-over.

Real-World Decision Walkthroughs

Nobody picks a CDN from a spec sheet alone. These are the three scenarios I have seen most often and the answer I give each time.

Scenario 1: SaaS App Serving a US + EU Customer Base, 5 TB/month

Recommendation: Cloudflare Pro ($20/month). The free plan would work technically but you want the managed WAF and image optimisation for the customer dashboard. At 5 TB the effective rate is about $0.004/GB, versus $0.085/GB on CloudFront -- a $400-vs-$20 monthly difference that shows up in the runway conversation every quarter.

Scenario 2: Video-Heavy Content Platform, 40 TB/month

Recommendation: Bunny Stream ($0.005/GB storage + $0.01/GB delivery) or a dedicated video CDN like Mux. Cloudflare's free plan violates its own TOS at this traffic pattern, and Stream's $1/1,000 minutes adds up fast. Bunny's video-specific pricing plus a multi-CDN setup with Fastly as secondary gives you reliability without the video-pricing tax.

Scenario 3: AWS-Native App with Heavy S3 Egress, 20 TB/month

Recommendation: CloudFront, despite the per-GB cost. Origin-to-CDN transfer is free within AWS, whereas Cloudflare would pay S3 egress on every cache miss -- $0.09/GB for the first 10 TB. That is $1,800 of egress that disappears with CloudFront. The 1-year Savings Plan also discounts CloudFront by up to 40 percent at this volume.

Frequently Asked Questions

Is Cloudflare really free for unlimited bandwidth?

Yes, Cloudflare's free plan includes unlimited CDN bandwidth with no overage charges. However, their Terms of Service require that the majority of your traffic be HTML content served through their proxy. Using the free plan primarily for video hosting, large file distribution, or as a storage CDN violates their TOS and can result in account termination. For typical websites with mixed content, the free plan is genuinely unlimited.

When should I use CloudFront over Cloudflare?

Use CloudFront when your origin is in AWS (S3, ALB, EC2) because origin-to-CDN data transfer is free within AWS. CloudFront also excels for video streaming with integrated MediaConvert, private content distribution with signed URLs, and workloads requiring Lambda@Edge for complex server-side logic. If you already pay for AWS Shield Advanced, CloudFront is the logical choice since the DDoS protection extends to your distributions.

Is Bunny CDN reliable enough for production?

Bunny CDN serves over 1 trillion requests per month and has a strong track record since 2015. They offer a 99.99% uptime SLA on paid plans. Their network spans 120+ PoPs across 6 continents. The main trade-off versus Cloudflare or CloudFront is the lack of built-in WAF and limited edge compute capabilities. For serving static assets, images, and video, Bunny CDN is production-ready and offers exceptional value at $0.01/GB.

How does Fastly compare to Cloudflare for developers?

Fastly gives developers more granular control over caching behavior through VCL (Varnish Configuration Language) and real-time log streaming. Cache purges propagate globally in under 150ms versus several seconds on Cloudflare. Fastly's Compute@Edge runs compiled Wasm, delivering better performance for CPU-intensive edge logic. The trade-off is higher cost and smaller network (90 PoPs versus 310+). Choose Fastly when cache precision and purge speed are critical.

Do I need a separate WAF if I use a CDN?

It depends on the CDN. Cloudflare Pro and above includes managed WAF rules covering OWASP Top 10 vulnerabilities. Fastly includes its Signal Sciences WAF on enterprise plans. CloudFront requires adding AWS WAF as a separate service ($5/month plus $1 per rule per month plus $0.60 per million requests). Bunny CDN and KeyCDN do not offer WAF capabilities, so you would need a separate solution like Cloudflare in front or a server-side WAF.

What is the best CDN for video streaming?

For live streaming, CloudFront with MediaLive and MediaPackage provides the most integrated AWS solution. Bunny CDN's Stream service offers the best value for video-on-demand at $5/month for 1 TB of storage and $0.01/GB delivery. Cloudflare Stream charges $5 per 1,000 minutes of stored video plus $1 per 1,000 minutes of delivered video. For high-volume video delivery, Bunny CDN or a dedicated video CDN like Mux typically delivers the best cost-to-performance ratio.

Can I use multiple CDNs simultaneously?

Yes, multi-CDN architectures are common at scale. Use DNS-based load balancing (Cloudflare Load Balancing, Route 53, or NS1) to route traffic across multiple CDNs based on performance, availability, or geographic proximity. This provides redundancy and lets you use each CDN's strengths. The trade-off is increased configuration complexity, cache fragmentation, and higher minimum costs. Multi-CDN makes sense above 50 TB/month or when uptime requirements exceed 99.99%.

The Bottom Line

For most websites and applications, Cloudflare offers the best combination of performance, features, and pricing. Its free tier handles unlimited bandwidth, and the Pro plan at $20/month adds WAF and image optimization that competitors charge hundreds for. If you need AWS-native integration, CloudFront is the pragmatic choice despite the higher per-GB cost. For budget-conscious projects delivering large volumes of static content, Bunny CDN at $0.01/GB delivers excellent performance at a fraction of enterprise CDN pricing. And for teams that need maximum cache control and instant purges, Fastly remains the developer-focused choice worth its premium. Start with Cloudflare unless you have a specific requirement that demands otherwise.