Guides

FinOps guide

CDN Cost Optimization: Egress, Cache Hits and Origin Shielding

A higher cache-hit ratio is not automatically a lower bill. Attribute delivery, origin, shield, compute, and log meters to the request paths that produce them.

Published
Updated
Reading time
13 min read
On this page

CDN cost optimisation is a measurement problem, not a universal TTL recommendation. A cache hit may avoid an origin fetch, but its financial impact depends on object size, contracted rates, origin work, shielding topology, edge products, and observability retention.

Overview

Outcome

Build a cost-to-serve model and safe experiment loop that can distinguish a real cost change from a local metric improvement or a shifted bill.

Model the complete delivery path

Representative fully loaded cost model
total = delivery bytes + CDN requests + shield or inter-POP traffic
    + edge products + origin egress + origin requests and compute
    + logging, storage, queries + allocated fixed commitments

Use effective, region-specific contract rates rather than public-list-price examples. Separate avoided usage from financial savings: fewer origin requests do not reduce a fixed reserved-capacity bill until a capacity decision changes.

Where a cache miss can cost

Viewer delivery, edge policy, shield, origin transfer, application work, and telemetry can each be metered independently.

Measure bytes and origin work, not one cache ratio

Request cache-hit ratio gives a cached thumbnail and a cached video segment equal weight. Byte offload shows how much delivered body volume was served by cache. Origin-request avoidance is often closer to API and compute impact. Define the cacheable population and report PASS, private, write, error, and revalidation traffic separately.

MetricCalculationDecision use
Request hit ratiohits / eligible requestsDiagnose cache behaviour
Byte offloadcache-served bytes / eligible delivered bytesEstimate transfer avoided
Origin avoidance1 - origin fetches / eligible requestsModel API and compute pressure
Cost per unitattributed cost / GB, request, stream, order, or tenantConnect technical use to business value

Fix fragmentation before extending freshness

Query order, tracking parameters, cookies, headers, image transformations, locale, experiments, and signed URLs can divide a reusable representation into many keys. Remove or normalise a dimension only after proving it does not change the representation or weaken authorisation. Never raise a hit ratio by exposing private data.

Treat shielding as a break-even experiment

Origin shielding can consolidate duplicate misses, especially for globally requested cacheable objects and constrained origins. It can also add inter-POP requests, bandwidth, and double edge execution. Measure pre/post origin cost, added shield cost, latency, errors, freshness, and fallback behaviour before retaining it.

Troubleshooting

Cost optimisation guardrails

  • Do not add local hit ratios across CDNs; use end-user and shared-origin denominators.
  • Do not extend a public cache policy to authenticated, personalised, or transaction state.
  • Do not retain raw logs indefinitely just to preserve a future optimisation option.
  • Do not declare a saving until billing and capacity evidence support it.

Authoritative references

Measure delivery economics before changing cache policy

Optimi can help join edge, origin, and usage evidence into a cost model that preserves correctness and reliability.

Assess CDN cost drivers