AI summary
Overview: This article explains how to evaluate content delivery networks (CDNs) in 2026. It describes the technical layers that make a CDN effective—routing, caching, content distribution models, and transport protocols—and explains how the market has bifurcated into a low‑margin bandwidth “pipe” and a higher‑value platform layer built around edge compute and security.
Bottom line: Point‑of‑presence counts are an unreliable proxy for performance. The decisive factors are physical connectivity to major internet exchanges, spare capacity to absorb large attacks, a tiered cache with an origin shield, programmable edge compute and low‑egress storage, and transparent commercial terms. Buyers should prioritize architecture and workload fit over raw scale.
Key technical considerations include routing (anycast with DNS/GSLB steering), a multi‑tier cache hierarchy to minimize origin load, support for modern transport (HTTP/3/QUIC and TLS 1.3), and options for origin‑pull or push distribution. Edge compute and low‑latency streaming stacks separate commodity delivery from platform capabilities, while AI crawler traffic and edge inference introduce new caching and monetization requirements.
The commercial and operational context has shifted: pure bandwidth providers face structural pressure, so successful vendors combine robust infrastructure with integrated security, API‑first controls, predictable pricing, and strong SLAs. Latency and tail‑performance have direct business impact, making peering depth and jitter stability critical for sectors such as streaming, live gaming, programmatic advertising, and large‑file distribution.
In procurement, validate presence at the exchanges that serve your audience, measurable DDoS headroom, deep caching with origin shielding, programmable edge runtimes and low‑egress storage, comprehensive security and bot controls, an API/automation‑first control plane, and clear, predictable pricing and compliance options.
A CDN (content delivery network) is a distributed system of servers that keeps copies of content close to users, so requests are served from a nearby node instead of the origin. This cuts latency, takes load off the origin, and absorbs traffic spikes and attacks. In 2026, the market has split into a commodity “pipe” layer and a “platform” layer of edge compute and security, and the right choice now depends more on peering and edge capability than on raw point-of-presence count.
How does a content delivery network actually work?
A CDN is built from a few independent layers, and providers differ mainly in those layers rather than in marketing slogans. The four that matter are routing (how a user reaches a node), caching (how content is stored and refreshed), the content model (how nodes get the content in the first place), and transport (the protocols that carry the bytes). Understanding these makes provider comparisons far easier.
Routing: anycast versus DNS-based steering
There are two schools of request routing. Anycast announces a single IP address from many locations, and BGP routes each user to a topologically near node. It is simple to operate and naturally resilient to DDoS, because an attack spreads across every anycast site. The trade-off is weaker control over exactly where a request lands, since it depends on the BGP policies of other networks.
DNS-based global server load balancing (GSLB) takes a different path. A traffic manager returns different IP addresses based on geography, node health, and measured latency. This gives tighter control over placement, at the cost of an extra DNS resolution step and the delay introduced by resolver TTL caching. In practice most large networks run a hybrid: anycast at the DNS layer plus GSLB-style steering at the content layer.
Caching: the edge-to-origin hierarchy
Content is cached in tiers, and the tiers exist to keep traffic away from the origin. A request travels through an edge cache, then a regional cache, then an origin shield, and only reaches the origin on a miss at every level. Google’s Media CDN documents three layers explicitly, with deep caches inside ISP networks serving the bulk of traffic and a long-tail node acting as the origin shield. This structure is what keeps origin offload high and steady for video, often above 90%, instead of leaving the long tail to hammer the origin.
Content model and transport
There are two ways content reaches the edge. Origin pull means the edge fetches from the origin on a cache miss, which suits websites and static assets. Push, or pre-positioning, means content is placed in advance, which suits large files, software distribution, and big video libraries. Transport then carries the bytes, and here CDNs drive adoption: HTTP/1.1 on CDN traffic fell from 16% of HTML requests in 2024 to 2% in 2025 (HTTP Archive Web Almanac 2025).
One number is worth reading carefully. W3Techs recorded that 38.8% of sites advertised HTTP/3 support in April 2026, while Cloudflare Radar measured actual negotiated HTTP/3 requests at around 21% in the same period. Both figures are correct, because one counts what a site offers and the other counts what browsers and clients actually use. Much automated traffic, such as default HTTP clients in scripts, still falls back to older versions.
Need a CDN built for predictable global delivery? Reach out.
What makes a CDN strong in 2026, and why is it no longer about PoP count?
The foundation of a strong CDN has moved from “many locations” to a small set of physical capabilities that software cannot fix. A node only helps if it connects well to the networks your users sit on, has spare capacity to survive an attack, caches deeply enough to spare the origin, and can run code locally. These are infrastructure facts, set before any feature is switched on.
Peering is the first foundation
Direct peering at the major internet exchanges decides real-world latency more than PoP count does. Each removed network hop between content and user lowers delay and steadies jitter. The scale is visible in exchange data: DE-CIX reported that global peering traffic grew 130% over five years and hit a record 26.99 Tbit/s on 9 December 2025 during a Champions League matchday, with DE-CIX Frankfurt alone reaching 18.73 Tbit/s (DE-CIX, 2025).
The practical reading for buyers is direct. A provider without presence at the exchanges where the audience concentrates, such as Frankfurt, Amsterdam, London, Ashburn, and São Paulo, cannot claim genuinely global delivery. This is the one part of a CDN you cannot improve later with a software release, which is why it belongs at the top of any evaluation.
DDoS absorption is now an entry requirement
Spare capacity to absorb large attacks has become table stakes. The volumes have grown fast: Cloudflare reported 47.1 million attacks across 2025, a 121% year-on-year rise, including a single attack that peaked at 31.4 Tbit/s, and said it crossed 500 Tbit/s of total network capacity by April 2026 (Cloudflare DDoS reports, 2025–2026). For some industries the conversation does not even start below tens of terabits of headroom.
Deep caching and edge compute
Two more pieces complete the foundation. A tiered cache with an origin shield is what keeps origin offload high and steady for video and large-file workloads, commonly above 90%. Programmable edge compute, running on V8 isolates or WebAssembly with sub-millisecond cold start, is the line that separates a “pipe” from a “platform.” Providers also now treat low-egress object storage as part of the base, because egress fees are the largest and least predictable cost in large-file delivery.
Why does choosing a CDN today look different from a few years ago?
The market has separated into two distinct businesses, and that separation is the main reason the buying decision has changed. One business is the bandwidth pipe, where prices keep falling and margins thin out. The other is the platform, where compute, security, and AI-traffic control live, and where the margin and the differentiation now sit. A provider that only sells bits is competing in the harder half.
The clearest evidence was the collapse of Edgio. It filed for Chapter 11 in September 2024, and its network, which carried real scale, was shut down by mid-January 2025; Akamai acquired its customer contracts but not its network. The cause was a structural slowdown in internet-traffic growth that made a pure-bandwidth model hard to sustain. That failure pushed serious customers toward multi-CDN designs as a hedge.
So the buying criteria have shifted. A few years ago a buyer counted PoPs and compared per-gigabyte prices. Today the questions are about peering depth, attack headroom, edge programmability, transparent pricing, and how easily the provider slots into a multi-CDN setup through an API. The table below makes the contrast explicit.
[VISUAL — two-column comparison] Then vs now. Left column “A few years ago”: PoP count, price per GB, single provider, bandwidth focus. Right column “2026”: peering depth, DDoS headroom, edge compute, multi-CDN by API, platform focus. Two clean columns, no icons needed.
How is AI traffic changing what a CDN has to do?
AI traffic has created a product category that did not exist two years ago. Crawlers that feed AI models now generate a meaningful share of requests: Cloudflare measured AI bots at an average of 4.2% of HTML requests across 2025, with daily peaks above 6%. These crawlers behave differently from human users, and that difference breaks assumptions CDNs were built on.
The specific problem is caching. Research by Cloudflare and ETH Zurich (ACM Symposium on Cloud Computing 2025) found that classic least-recently-used caches degrade under AI crawler load, because crawlers request a high share of unique URLs and follow inefficient patterns. The response has been new tooling: AI crawl controls, and a pay-per-crawl model that uses the HTTP 402 “Payment Required” status to charge bots for access. Content access has become a billable line item.
A grounded note on edge AI inference belongs here too. Running models at the edge helps most for small, fast operations such as embedding lookups, classification, and routing decisions, where saving network milliseconds is felt. It helps far less for heavy text generation, where the processing itself takes seconds and the network is a small slice of the total. Provider marketing tends to blur that distinction.
[VISUAL — simple line] AI bots are now part of the baseline. A small line showing AI-bot share of HTML requests across 2025, averaging 4.2% with a peak above 6%. Annotate the average. Source: Cloudflare, 2025.
Why is latency a revenue question, not a technical detail?
Latency converts directly into money, and the evidence is causal rather than correlational. The strongest study remains Krishnan and Sitaraman’s peer-reviewed analysis of 23 million video views on Akamai’s network (ACM IMC 2012). Viewers begin abandoning a video once startup takes longer than 2 seconds, and each additional second of startup delay raises the abandonment rate by 5.8%.
The effects continue after playback starts. A viewer who experiences rebuffering equal to 1% of the video’s length watches about 5% less of it, and someone who hits a failure is 2.32% less likely to return to the same site within a week. The data is over a decade old, and mobile-first viewers on faster connections are likely even less patient now. This is what peering depth and cache efficiency are paying for.
The protocols have moved to chase that target. Low-latency HLS and low-latency DASH, built on CMAF, now deliver a few seconds of glass-to-glass latency, commonly under five, while keeping CDN-scale reach and native iOS support, which makes them the sensible default for most live streaming. WebRTC is the choice when sub-second latency is a hard requirement, such as live casino dealers or interactive video, and it carries a higher infrastructure cost because the fan-out grows steeply with concurrent viewers (Mux engineering, 2026).
Which industries cannot operate without a CDN?
Some businesses treat a CDN as helpful, and a few treat it as oxygen. The filter that matters: if turning the CDN off would stop the product or cost money in real time, the CDN is critical rather than convenient. Five categories sit clearly on the critical side.
Video, VOD, and OTT
For streaming the bits are the product, so delivery is the business. These services need a deep tiered cache with high origin offload, low-latency protocols such as LL-HLS and CMAF, and cheap delivery of large files. Live events make the demand spike synchronously, which is exactly what the DE-CIX Champions League record illustrates. Advanced Hosting builds for this with dedicated OTT and VOD infrastructure and broader video streaming infrastructure.
iGaming and live casino
iGaming combines two hard requirements. Money moves in real time by the second, and live dealer streams need sub-second latency over WebRTC, so jitter stability matters more than average latency. That two-way, real-time path is what Advanced Hosting’s interactive streaming platforms are built for. The sector is also the most attacked: Cloudflare’s quarterly reports repeatedly place gambling and casinos near the top for DDoS frequency, often from competitors, which makes built-in DDoS and WAF protection a condition of staying online, and the basis of Advanced Hosting’s iGaming infrastructure.
Online gaming
Gaming has two separate delivery problems. Build releases and patches, now often over 100 GB, create a synchronous global download spike that overwhelms any single origin and needs push distribution with tiered caching. Live multiplayer then depends on steady jitter rather than raw latency, which makes direct peering the deciding factor. Both needs are addressed by purpose-built CDN for gaming.
AdTech and programmatic advertising
In real-time bidding, latency switches a payout on or off. An RTB auction expects a response within roughly 100 milliseconds per bid, and a bid that arrives late simply loses the auction and the revenue for that impression. What kills bids is not the average response time but the tail, the p95 and p99 cases, where a single jitter spike pushes one bid past the deadline. Shared virtual machines add exactly that kind of variance through CPU contention and noisy neighbours, so a bare-metal foundation earns its place by holding the tail tighter rather than by lowering the average. This is one of the few cases where bare metal wins on physics rather than price.
Large-file and software distribution
App stores, operating-system and security updates, package registries, and AI model weights round out the list. Delivering a multi-gigabyte update to millions of devices from a single origin is physically impossible, so without a CDN the product does not ship. DE-CIX names large software and game updates among its top drivers of peak traffic, which is why this workload leans on push distribution, long cache TTLs, and an origin shield to survive synchronous download spikes.
How do the major CDN providers compare?
Providers are best compared by architecture and best-fit workload rather than by a ranking. The table below summarizes the technical profile of the major networks and where each tends to be the strongest match. Advanced Hosting is included for the jitter-sensitive segment where a bare-metal foundation has a structural advantage over shared cloud virtual machines.
| Provider | Architecture and routing | Standout strength | Best-fit workload |
| Akamai | Deeply embedded PoPs inside ISP networks; Edge DNS on anycast with GSLB steering. | Largest deep-edge footprint and long history in media delivery; integrated API and security after the Noname acquisition. | Enterprise media, large-scale delivery, security-heavy estates. |
| Cloudflare | Anycast everywhere with a single global IP per service; 330+ cities. | Programmable compute on V8 isolates, zero-egress R2 storage, and the published capacity to absorb the largest recorded attacks. | Web platforms, edge compute, broad security and bot control. |
| AWS CloudFront | Edge PoPs plus regional edge caches, with optional origin shield; tight AWS integration. | Native integration with AWS Shield, Lambda@Edge, and WAF. | Workloads already built on AWS. |
| Google Media CDN | Planet-scale private backbone with a three-tier cache and in-ISP edge caches. | Very high origin offload for video through deep tiered caching. | Large VOD and OTT libraries. |
| Fastly | Programmable edge compiling code to WebAssembly via Wasmtime, with per-request isolation. | Instant global purge and real-time logging; developer-focused control. | Real-time, developer-driven applications. |
| Advanced Hosting | Two purpose-built engines: anycast for static assets, plus a load-aware video router that scores 50+ signals per request and reroutes mid-stream; 22 PoPs worldwide. | One flat per-TB price worldwide with no regional markups, three-copy file replication, six-layer anti-hotlink protection, and a 99.99% availability SLA. | High-traffic VOD and OTT libraries, large-file and game delivery, and static web assets. |
The honest framing for a specialist network is fit, not scale. Advanced Hosting does not chase the hyperscalers on raw capacity, and it does not have to. It splits delivery into two engines tuned for opposite jobs, routes every video request to a streaming node chosen from live load and network signals, replicates each file across three locations, and bills one flat per-TB rate worldwide. For a VOD platform serving an international audience, that mix is hard to beat on predictability and cost.
Build a CDN strategy around traffic patterns. Talk to an expert.
What should a strong CDN have in 2026?
A capable CDN today has to deliver on three levels at once: the physical infrastructure, the platform features, and the commercial model. Feature lists alone do not make a network fast, but the absence of any of these items is a reason to walk away during procurement.
Infrastructure that has to be there
The base layer is an anycast network with real peering at the major exchanges, DDoS headroom in the tens of terabits, a tiered cache with an origin shield, and modern transport. HTTP/3 and TLS 1.3 should be on by default; TLS 1.3 already reached 99% of CDN-served HTML (HTTP Archive Web Almanac 2025). Compression with Brotli and Zstandard rounds it out.
Platform features that separate pipe from platform
Above the base sit programmable edge compute, an integrated security suite combining WAF, bot management, API security, and DDoS, AI-crawler controls with optional access monetization, real-time granular purge, on-the-fly media optimization, a low or zero-egress storage option, a full low-latency streaming stack, and an API-first control plane with Terraform support and unsampled logs. A standalone WAF on its own is no longer a competitive product.
Commercial model, where providers most often fall short
The third level is where buyers get burned. They need transparent, predictable pricing without egress surprises, strong support with financially backed SLAs, and compliance and data-residency options for EU and regulated workloads. Emissions reporting still appears in enterprise tenders, though the Omnibus I deal of December 2025 narrowed which suppliers are legally obliged to report it. It remains a differentiator in large deals.
Whether you are scaling VOD, distributing large software builds, protecting static assets, or reducing delivery costs, Advanced Hosting can help you design a predictable global delivery setup with the right mix of CDN, bare metal, and colocation infrastructure.
