Cloudflare is a widely used content distribution network (CDN) which is freely available to help speed up your website by caching various contents at locations around the world.
While I have been taking advantage of the free plan on this website for a number of years I’ve often asked myself “is the Cloudflare Pro plan worth getting?”. At $20 USD per month it costs the same as the server itself. With limited resources available online, I decided to upgrade myself and find out if the pro plan made much of a practical difference to my website.
I’ve performed some basic benchmarks on a number of different file types at different file sizes on this website both on the free plan, and on the Pro plan after I upgraded in August 2016. We’ll take a look at the results and see if any of the Pro features helped speed up load times.
See here for a full list of all differences between the Cloudflare plans.
Speed Comparison Test
For this test I selected different images that represented different file sizes and formats from around the website and loaded them from an external server every 5 minutes over a 24 hour period.
These images were definitely being served from the Cloudflare cache, I confirmed that no access requests were being logged on the web server. After the initial request that I manually performed before the full test started to get the image into the cache, no further requests were made to my web server. The test results are therefore all considered to be Cloudflare cache hits.
One of the features that the Pro plan offers is “Image optimization with Polish”. This applies either lossless or lossy image optimization to image files and claims that it can reduce image sizes by up to 35%. I quickly enabled this feature after upgrading to the Pro plan and selected the lossless option, as I still wanted decent quality images. After enabling this, I immediately purged my cache for the changes to take effect.
The lossless setting notes that it reduces the size of an image file without impacting visual quality which is what I was after. It does this by removing metadata on PNG, GIF, and JPG files. It also performs lossless compression on GIF and PNG files.
Lossy on the other hand performs these optimizations, but also performs lossy compression to JPG. I have not performed any testing with lossy, while I expect it would further reduce the file size I still want to keep full image quality on my images.
The Pro plan also offers mobile optimization with Mirage, however I have not tested this feature here.
It’s worth noting that a lot of these images were already quite compressed, so I was expecting Cloudflare to not make too much of a difference here. The image selection was not designed to be an exhaustive list, just different images that are actually being served out from this website that were a range of different sizes. I therefore consider this to be a real world test as these are images I was already using on my website, I wanted to see how these examples would change if at all with the Pro plan.
I’ve set the graph lines to be quite thin to allow you to better see the difference, as the results are so close any thicker lines unfortunately cover the other line from view. As the tests ran every 5 minutes over a 24 hour period, we have 288 total data points.
The averages are so close it appears that the difference is extremely negligible, with the free plan ahead in most of the tests. The graph below shows how close the results are.
As you can barely see the difference visually, I’ve also provided the raw data in the below table.
|Free Plan||Pro Plan|
So in general terms, will the Cloudflare pro plan improve loading time to images on your website when compared to the free plan? From my testing, the answer seems to be no probably not. That is not to say that the optimizations will not help you, just that in my testing with my selection of assets to load I did not see a noticeable practical difference.
No other files except for images were tested, as the extra features that the Pro plan introduces all target image optimization. While I understand there could be further improvements by testing with lossy JPG, the reality is that this is not really something I use on this website, so these results while valid for me may not completely apply to you. If you’re happy with lossy JPG then there may be a tiny boost for you to be had.
I actually provided these results to Cloudflare in a support ticket prior to writing this post to see what insights they could offer. They advised that they don’t currently compress GIF files very much, and a saving of only 670 bytes was observed. The largest PNG file on the other hand compressed from 308972 bytes to 240440 bytes, saving 68532 bytes. I was advised to see the best results to test with larger PNG/JPEG files, however I don’t personally use many large files on the site so I didn’t actually go ahead and retest with any larger images than what I had already done.
It was also suggested that my results could be the result of network variance between the test server and the Cloudflare PoP on that particular day. As all tests came from the same source server in the US, we should assume that most if not all of the requests went through the same and closest point of presence (PoP), however I do not know this for certain. It would make for an interesting future exercise to perform additional testing from different points around the world, while I suspect similar results as Cloudflare would have all of these configured the same it may be interesting to see any differences that may appear in the network as suggested by Cloudflare support.
Speaking of support, I figured I’d mention that on both the free and Pro plans you only get email support, however the median response time of the free plan is 13 hours, while the Pro plan is 2 hours. I’ve always found the Cloudflare team quick to respond and very helpful.
I was also advised that when it comes to the differences between the free and Pro plans, the only differences are the features such as the WAF, number of page rules, Polish, etc. There is usually no difference regarding the routing, and no prioritization of the traffic or any rate limiting of the responses for different plans. This seems accurate, given my extremely close results above.
Cloudflare released this very interesting blog post about the price of their bandwidth at different locations around the world. They note that some providers simply cost so much that they have moved to only using them for paid plans.
Here in Australia, Telstra and Optus (both listed in that post above) charge a lot more money than other providers, so if you’re on one of these ISPs you may instead route to an international PoP. Many users based in Australia have been posting their traceroutes to both free and paid Cloudflare websites here if you’re interested in seeing these differences.
While I personally am in Australia, the majority of my audience isn’t, which is partly why I moved the website to the US for better global performance. So for me the free plan would still be fine, however if I was specifically targeting users in one of these locations with high bandwidth costs, it may be more beneficial to consider a paid plan in this instance.
Web Application Firewall
This is another major selling point of the Cloudflare Pro and above plans, the web application firewall (WAF).
The WAF claims to offer real-time prevention against attacks including SQL injection, XSS, and other known attacks that may come through HTTP POST requests. There are various rules that have been optimized for different applications, such as WordPress or Drupal for instance which can provide you with a very quick way of providing a base level of security to a web application.
While this may be a good way of easily blocking the majority of automated attacks, it’s definitely not a silver bullet and various Cloudflare WAF bypass techniques have come out over the years. Additionally even if the WAF does block an attack that would have otherwise been successful, it’s only masking a real problem that may exist within the web application. You should always ensure that your web application has been properly tested and secured rather than only relying on a WAF from any provider.
While the WAF is good as an extra level of defence, I wouldn’t personally rely on this alone. Instead it could best be used in a defence in depth approach as part of an overall security solution. It’s also worth keeping in mind that there are techniques to find the real server behind Cloudflare.
Initially I was thinking that the WAF may perhaps slow down the requests, given that we must assume they are somehow being scanned before being allowed through. Based on the speed tests above this does not seem to be noticeable with static content files.
Additional Page Rules
You also get more page rules with the Pro plan which I found useful. The free plan is limited to 3, while the Pro plan is limited to 20.
If you’re purely after more page rules you can now pay for additional rules without paying the full price of the Pro plan which may be a good option for some people. Although it’s $5 per 5 page rules, this may be a good in between option if you just need a few extra rules without wanting to go Pro.
So is the Cloudflare Pro paid plan worth the $20 USD per month price? It will depend on the specific requirements for each website. Personally I don’t mind paying for the extra features and will probably stay on the Pro plan for the foreseeable future, although it does cost about the same as the actual VPS the website is hosted on.
While it definitely does offer many advantages over not using it all, the majority of the best features are free, so comparing the free plan against the Pro plan just doesn’t really seem to offer as much for me in terms of measurable practical benefits.
If you’re just after a speed increase then I’d probably say no, unless you’re happy to introduce lossy images which may reduce overall quality. If requests of the paid plan were somehow prioritized then I think this could be beneficial to paid customers, however at the same time I can also see that this may upset a lot of free customers.
If you’re after the many extra features such as the WAF, faster support, more image compression options, more page rules and other minor features I haven’t covered such as more granular analytical information, then you should definitely take a look at upgrading.
Cloudflare also recently introduced support for the WebP image format as part of Polish, so once more browsers and benchmarking tools start to support this we may have some new interesting results to report – watch this space!