There's a companion to this piece over in our plain-terms guides that asks the buyer's question — do you even need a CDN? This one asks a different question, the privacy one: when you do route your site through a CDN, who else is now standing in the doorway, and what can they see from there? Because the same architecture that makes a CDN fast makes it a place where a great deal of the web's traffic can be watched from a single seat.
Recall what a CDN does: instead of every visitor reaching your one server, their request first goes to the CDN, which serves a nearby copy. Useful. But notice the word first. The CDN now sits between your visitor and your site — and it sits there for not just your site, but for an enormous number of others using the same network.
One network, in the doorway of millions of sites
From that one seat it can see, for each request: the visitor's IP address, which site they wanted, when, roughly where they are, and which browser. Multiply by millions of sites, and a single company holds a map of much of the web's daily movement.
This is the part the speed pitch never mentions. A CDN isn't just a faster route — it's a position of observation. The biggest networks sit in front of a substantial fraction of all websites, which means a substantial fraction of all web visitors pass under one company's gaze, site by site, day after day. Your visitors became part of that the moment you flipped it on, usually without anyone framing it as a privacy decision.
A CDN doesn't have to read your mail to know a lot about you. Standing in the doorway of millions of sites, it only has to watch who comes and goes.
What the doorway actually sees
To be fair and precise — because this field guide isn't in the business of alarm — here's the honest scope of it. A reputable CDN is not secretly reading the contents of encrypted pages for fun, and many are run by serious people with real privacy commitments. But the metadata it necessarily handles is substantial:
- Who visits. Each visitor's IP address — a rough identity and location — for every request it routes.
- What they reach for. Which site, which page, at what moment. Across many sites, this is a behavioral trail.
- The cross-site picture. Because one network fronts so many sites, it can potentially see the same visitor appearing across different sites — a view almost no individual site could assemble alone.
- For some configurations, more. Where a CDN also terminates encryption (handles the secure connection on your behalf, which is common), it technically sits at the point where traffic is briefly readable. Reputable providers handle this carefully — but the position exists.
Is the trade ever worth it? Sometimes — on purpose
None of this makes CDNs villains, and for some sites the trade is genuinely worth making: a global audience, heavy media, real attack traffic to absorb. The point of this guide isn't "never use a CDN." It's that routing all your visitors through a third party's network is a privacy decision — one that should be made deliberately, not flipped on as a default because a host or a tutorial suggested it.
And here's the quiet sovereignty point, the one that threads this whole field guide: a great many small sites reach for a CDN to solve a speed problem they don't actually have. The thing slowing most sites isn't distance from the server — it's weight. Trackers, bloated builders, heavy scripts. A lean, clean site served straight from its own host is often fast enough for its real audience with no middleman in the doorway at all. Subtraction beats interposition.
See your own doorway
You don't need to rip anything out today — you need to know whether you made this choice on purpose. A few honest questions:
- Am I behind a CDN right now — and did I choose it deliberately, or did a host or builder switch it on?
- Where are my visitors actually — far-flung enough that a CDN earns its place, or mostly near my server?
- Is my site slow from distance, or from weight I could simply remove instead?
- Do I know this provider's privacy posture — what it logs about my visitors, and for how long?
- If I dropped it, would my real audience even notice — or was it solving a problem I don't have?
If your reach genuinely needs it and you trust the provider, a CDN can be a deliberate, defensible choice. If you're a local business with a clean, light site, you may be routing every visitor through a global chokepoint for a speed-up you'd never feel the absence of. That's not a disaster — it's just a doorway you can now decide whether to keep.
When you're ready
Want a site fast enough to skip the middleman?
Clean static builds that are light and quick by default — because for most small sites the speed problem is weight, not distance. If your reach genuinely needs a CDN, we'll choose one deliberately and tell you what it sees. If it doesn't, your visitors pass through nobody's doorway but yours.
See privacy & hardening services →The field guide · one thesis, ten threads
01Your fonts are phoning home 02You can measure traffic without surveilling people 03The cookie banner confession 04Who owns your website? 05Fast is a privacy feature 06Your site should let everyone in 07Your email is someone else's filing cabinet 08The CDN that watches everyone 09What your keyboard sends home 10Consent isn't a contract you sign once