Sucuri CDN

The Sucuri CDN is responsible for caching your website automatically. With zero configuration, the CDN is able to speed up your website by up to 60%.

You can find the CDN locations on the Sucuri Firewall Locations article.

How the Sucuri CDN works

Let’s assume your hosting server is located in Los Angeles (USA). A European visitor from Paris (France) would need to travel the Atlantic to reach your hosting server, adding 0.1 to 0.3 seconds to the loading time of each asset of your website (images, icons, videos, JavaScript, CSS, etc). Depending on their Internet service provider, the connection could even go the other way around and cross the Pacific, adding even more time.

When a good CDN is in place, most of your website, if not all (depending on your website platform), will be transferred directly from a PoP (point of presence) of the CDN, which is a fancy name for “one of the data centers” used by the CDN network.

In other words, if the Sucuri Firewall was activated, the Paris visitor would get the website assets from the Sucuri Firewall European data centers, decreasing the page load time and the server resource usage.

Discovering the nearest cluster

You don’t need to do anything to activate the CDN except for activating the Website Firewall itself. However, you can discover which data center/cluster you’re accessing. There are a couple tools you could use, but the simplest one is a tool called curl.

If you are using Microsoft® Windows, install Git for Windows before proceeding.

Open the Terminal/Git for Windows and run the following command:

curl -IL

In this example, we’ll be requesting the HTTP headers of the Sucuri KB. Don’t worry, although it seems technical, it’s pretty simple:

$ curl -IL
HTTP/2 200 
server: nginx
date: Wed, 27 Dec 2017 18:51:37 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-sucuri-id: 14016

Here are the lines we need to pay attention to for the purpose of this article:

x-sucuri-cache: HIT
x-sucuri-id: 14016

According to “x-sucuri-cache” header, the page requested ( was served straight from the Sucuri CDN and answered by “14016” PoP (CDN edge). The first two digits (14) identify the PoP (CDN edge) reached, which is the Washington data center.

Although the data center might not be the closest to you, it also takes network connectivity and lower latency into consideration to provide the fastest response.

That’s what an Anycast CDN network does. It “guides” the connections to the PoP (CDN edge) with the best/shortest network path, which happens to be the closest data center most of the time. It also allows Sucuri’s engineers to re-route traffic in case of maintenance or congestion with minimal or no impact.

Instead of using curl, you can also use a Visual Traceroute tool, such as The Dazzlepod IP Address Lookup and Monitis Visual Trace Route Tool. That, with a certain success rate, is able to demonstrate the network path on a map.

When opening a support ticket regarding blocks, connection issues, etc, you can include which cluster you’re reaching to speed up the troubleshooting process.

Was this article helpful?