Comparison between Azure Front Door and Azure CDN services

Azure Front Door and Azure CDN are both Azure services that offer global content delivery with intelligent routing and caching capabilities at the application layer. Both services can be used to optimize and accelerate your applications by providing a globally distributed network of points of presence (POP) close to your users. Both services also offer various features to help you secure your applications from malicious attacks and to help you monitor your application's health and performance.

Diagram of Azure Front Door architecture.

Note

To switch between tiers, you must recreate the Azure Front Door profile:

Important

Azure Front Door (classic) will be retired on March 31, 2027. To avoid any service disruption, it's important that you migrate your Azure Front Door (classic) profiles to Azure Front Door Standard or Premium tier by March 2027. For more information, see Azure Front Door (classic) retirement.

Service comparison

The following table provides a comparison between Azure Front Door and Azure CDN services.

Features and optimizations Front Door Standard Front Door Premium Front Door (classic)
Delivery and acceleration
Static file delivery
Dynamic site delivery
WebSockets Preview Preview
Domains and certs
Custom domains ✓ (DNS TXT record based domain validation) ✓ (DNS TXT record based domain validation) ✓ (CNAME based validation)
Prevalidated domain integration with Azure PaaS service
HTTPS support
Custom domain HTTPS
Bring your own certificate
Supported TLS versions TLS1.3, TLS1.2 TLS1.3 TLS1.2 TLS1.3, TLS1.2
Caching
Query string caching
Cache management (purge, rules, and compression)
Cache behavior settings ✓ (using standard rules engine) ✓ (using standard rules engine) ✓ (using standard rules engine)
Routing
Origin load balancing
Path based routing
Rules engine
Server variable
Regular expression in rules engine
URL redirect/rewrite
IPv4/IPv6 dual-stack
HTTP/2 support
Routing preference unmetered Not required as Data transfer from Azure origin to AFD is free and path is directly connected Not required as Data transfer from Azure origin to AFD is free and path is directly connected Not required as Data transfer from Azure origin to AFD is free and path is directly connected
Origin port All TCP ports All TCP ports All TCP ports
Customizable, rules based content delivery engine
Mobile device rules
Security
Custom Web Application Firewall (WAF) rules
Microsoft managed rule set ✓ (only default rule set 1.1 or less)
Bot protection ✓ (only bot manager rule set 1.0)
Private Link connection to origin
Geo-filtering
DDoS protection
Domain fronting block

| Analytics and reporting | | | | | Monitoring metrics | ✓ (more metrics than Classic) | ✓ (more metrics than Classic) | ✓ | | Advanced analytics/built-in reports | ✓ | ✓ (includes WAF report) | | | Raw logs - access logs and WAF logs | ✓ | ✓ | ✓ | | Health probe log | ✓ | ✓ | | | Ease of use | | | | | Easy integration with Azure services, such as Storage and Web Apps | ✓ | ✓ | ✓ | | Management via REST API, .NET, de.js, or PowerShell | ✓ | ✓ | ✓ | | Compression MIME types | Configurable | Configurable | Configurable | | Compression encodings | gzip, brotli | gzip, brotli | gzip, brotli | | Azure Policy integration | ✓ | ✓ | ✓ | | Azure Advisory integration | ✓ | ✓ | | | Managed Identities with Azure Key Vault | ✓ | ✓ | | | Pricing | Azure Front Door pricing | Azure Front Door pricing | Azure Front Door pricing | | Simplified pricing | ✓ | ✓ | |

Related content