Origin Servers: Definition, Usage & Edge Server Comparison

Origin servers hold all of the data for your site. CDN servers hold static data. Working together, they can ensure that your site loads quickly—and that hackers can't get into pieces of content you'd rather protect. 

What are these two server types?

When we talk about website data management, we often use the word server in the singular form. In reality, you likely have several different systems working in tandem to both deliver and protect content. 

Understanding what these servers do and what information they hold is critical as you develop a plan for your website. 

Your two types of servers are:

  • Origin servers: This computer holds all of the programs, datasets, and meaningful information that make your website work. You'll store things like photos and text here. But you might also store passwords and usernames on an origin server. 
  • CDN servers: These computers are located close to your website visitors, and they hold static content that doesn't change. Your company logo, your masthead, and other pieces of information could sit here. When consumers visit your site, proximity matters. The pages will load quicker due to CDN servers. 

In this system, you have two very different computers that hold complementary but critical data. And this setup helps you balance both speed and security. 

How do origin servers and CDN servers interact?

A visitor hoping to load your website is likely to encounter both types of servers. The servers can handle some transactions locally, while other transactions require the latest and greatest data. 

Your user's path might look like this:

  • CDN server: Estimates vary, but most companies redesign their websites every three years. Otherwise, they're using static data that could sit on a CDN server. When a user tries to load a page, that person's computer requests the static bits, and that edge server delivers them.
  • CDN server: The user wants to do more on your site and attempts to enter a username and password. That request goes to the CDN server, which can't process it alone.
  • CDN to origin server: The CDN relays the request to the origin server, which verifies identity and sends account data back to the CDN. 
  • CDN server: The CDN unlocks the website for the user. 

This example is simplistic. Some websites require more back and forth between servers to validate requests. But most people only encounter the CDN server in this model, which shields the origin server.

CDN protections explained 

When you configure it properly, a CDN server makes attacking your origin server much more difficult. 

Your CDN server takes in all requests from visitors and processes them away from your origin server. Even if a hacker can breach the CDN server, that computer doesn't hold sensitive information. 

Data breaches grow larger every year. Of the 15 largest breaches in the 21st century, as compiled by reporters, the smallest involved 134 million people. Companies need to protect their data to avoid being the next headline. 

Proper configuration involves IP address changes. Your origin server needs a new IP address so hackers can't rely on a direct communication route and go around your CDN server. If your origin server's address has been exposed, even for just a week or two, that could be enough to allow hackers to mark the location and attack you. 

You must also deploy protections on that CDN server so it can spot attacks and stop them before they spread. If you're not sure what this configuration should look like or you need help with programs, contact Okta. We're an industry leader in the identity and security space, and we'd love to help. 


Why Companies Redesign Websites Every Three Years on Average—Or Do They? Walker Sands. 

The 15 Biggest Data Breaches of the 21st Century. (January 2021). CSO.