Requirements for using cdn

I am considering use of a cdn more for performance reasons than security. i did not realize that it was so involved to establish, and am a bit uncertain of the details so here goes. my website is small and for all practical purposes is in start-up mode, so the Pro plan is what fits the budget.

  1. ssl certificates. i understand that cloudflare supplies one which i must use. i already have certificates for www and mail hosts, as well as another subdomain. are these irrelevant? do i keep them, or must i uninstall them?

  2. will i give up dns management at my registrar? i know that i must move the name servers, but what about dns settings where i have a considerable invested in various settings such as subdomains, dmarc, spf, dkim etc etc

  3. since i host my own email, it looks like i would migrate all mx records to cloudfare - yes?

  4. does cdn cover subdomain assets?

  5. how many urls will i need to add to my Content Security Policy. it is already a list a mile long. will there be another mile of authorizations to grant? or more to the point, is there a documented list of urls to open?

  6. what are typical conversion and down times like? sometimes when i make dns changes at my registrar i see them almost immediately. i have been waiting on one for 8 hours now, and think that the changeover in name servers and dns settings could be several hours or longer. that sounds as though my website and email would be down for that time, but maybe i am missing something

no guarantees that this is all of my concerns, but it is more than a start.

You may keep them, but if you don’t want to run into SSL expiration issues in the future, you may just use Cloudflare Origin Certificate from now on to avoid any hassle (unless you have some subdomains that can’t be proxied e.g. mail, then DO NOT use Cloudflare Origin Certificate).

Yes. Just make sure all the DNS records in Cloudflare are the same as your existing DNS management at your registrar. Some registrars allow you to export DNS records and import to other DNS management services like Cloudflare.


Yes if you proxy the subdomain.

I think I’m not the right person to answer this. Maybe someone can help?

If your DNS records are identical in both DNS management, there should be no downtime. What’s your domain? It depends on your registrar TTL for the new nameserver to propagate.

1 Like

There are a few features here that may require script-src to include,, and possibly others, including hash values :scream:. I generally don’t use those features, so my CSP is unchanged.


thank you everyone for prompt, courteous answers.

@erictung - my registrar is Domains Priced Right which may be owned by godaddy - at least mxtools reports the name servers as belonging to godaddy. Its ttl is normally one hour but i am nearing the 24 hour mark waiting for dkim update (first time).

one last area of inquiry concerns the contents eligible for cdn coverage. I know that images are. does this apply to images which are collated as part of a dynamic page response? for example, i use a .net shopping cart whose pages are dynamic using static images. will cdn capture those images?

also, will css, js, and static html be covered?

This is documented here:

I believe that "connect-src 'self’ is also needed if you are using Browser Insights, but that is not documented. (I opened ticket 1817962 about this a long time ago.)

@michael - thank you - that list is exactly what i was seeking.

as for the larger question of tangible performance improvement, will cdn provide anything significant?

for example, i watched the brief performance video. i am already using compression, caching, and minifications. there may be a few ms saved if visitors use a closer data center, but with all of the foregoing, there may not be any additional gains.

again, i am only considering the performance angle.

If you’re just caching at the server, that’s not near most of your users. Cloudflare caches frequently used static files (images/js/css) at edge nodes which is much faster.

That is a difficult question to answer, and there are too many variables to give a definitive answer. In general, yes, performance will improve using a CDN. If your assets are heavily cached, almost certainly performance will improve. There are lots of posts on the community about maximising your applications performance, (especially those by @eva2000). Maybe start with this one: