A CDN (content delivery network) is a distributed edge layer and defensive control, one of the protections a thorough DDoS test is built to exercise. It fronts the origin with caches at many points of presence, serving static content close to users and absorbing volumetric load across the edge fleet rather than at a single origin link. Most modern CDNs bundle anycast routing, rate limiting, and a WAF into the same layer.
Why it matters in DDoS testing
A CDN only protects what routes through it. A test validates that the origin IP is not reachable directly (bypassing the edge entirely), that cache-hit ratios hold under a flood of cache-busting query strings, and that dynamic, uncacheable paths (login, search, cart) do not collapse the protection model by passing straight through to compute.
For how CDN-based protection compares across providers, see AWS Shield versus Cloudflare.