Comparison between Azure Front Door Standard and Azure Front Door Premium

Azure Front Door and Azure CDN are both Azure services that offer global content delivery with intelligent routing and caching capabilities at the application layer. Both services can be used to optimize and accelerate your applications by providing a globally distributed network of points of presence (POP) close to your users. Both services also offer various features to help you secure your applications from malicious attacks and to help you monitor your application's health and performance.

Diagram of Azure Front Door architecture.

Note

To switch between tiers, you must recreate the Azure Front Door profile:

Service comparison

The following table provides a comparison between Azure Front Door Standard and Azure Front Door Premium.

Features and optimizations Front Door Standard Front Door Premium
Delivery and acceleration
Static file delivery
Dynamic site delivery
WebSockets Preview Preview
Domains and certs
Custom domains ✓ (DNS TXT record based domain validation) ✓ (DNS TXT record based domain validation)
Prevalidated domain integration with Azure PaaS service
HTTPS support
Custom domain HTTPS
Bring your own certificate
Supported TLS versions TLS1.3, TLS1.2 TLS1.3, TLS1.2
Caching
Query string caching
Cache management (purge, rules, and compression)
Cache behavior settings ✓ (using standard rules engine) ✓ (using standard rules engine)
Routing
Origin load balancing
Path based routing
Rules engine
Server variable
Regular expression in rules engine
URL redirect/rewrite
IPv4/IPv6 dual-stack
HTTP/2 support
Routing preference unmetered Not required as Data transfer from Azure origin to AFD is free and path is directly connected Not required as Data transfer from Azure origin to AFD is free and path is directly connected
Origin port All TCP ports All TCP ports
Customizable, rules based content delivery engine
Mobile device rules
Security
Custom Web Application Firewall (WAF) rules
Microsoft managed rule set
Bot protection
Private Link connection to origin
Geo-filtering
DDoS protection
Domain fronting block
Ease of use
Easy integration with Azure services, such as Storage and Web Apps
Management via REST API, .NET, de.js, or PowerShell
Compression MIME types Configurable Configurable
Compression encodings gzip, brotli gzip, brotli
Azure Policy integration
Azure Advisory integration
Managed Identities with Azure Key Vault
Pricing Azure Front Door pricing Azure Front Door pricing
Simplified pricing