Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.
How do I troubleshoot and reduce increased latency from CloudFront?
I see increased latency in responses from Amazon CloudFront. I want to identify the cause and reduce latency.
Short description
To troubleshoot latency from CloudFront, identify the events that caused the latency. Then, follow these troubleshooting steps to reduce latency.
Resolution
Identify events that cause latency
Complete the following steps:
1. Run the following curl command:
curl -w "DNS\_resolution: %{time\_namelookup}| TCP\_negotiation\_time: %{time\_connect}| SSL\_negotiation\_time: %{time\_appconnect}| TTFB: %{time\_starttransfer}| Total time: %{time\_total} \\n" -o /dev/null -vsL https://www.example.com
Note: Replace example.com with your CloudFront domain name or alternate domain name (CNAME) and URL path.
2. Check how long each stage of a network request takes in the developer tools of your web browser. For example, if you use Mozilla Firefox, then check the Timings tab. For more information, see the Timings tab on the Firefox website. If you observed latency in the past, then check the time-taken and time-to-first-byte fields in the CloudFront access logs. CloudFront access logs don't log the time taken by the client for the DNS lookup process and TCP and SSL/TLS negotiations.
Reduce latency in DNS resolution
Complete the following steps:
- Increase DNS caching time in the client-side DNS.
- Increase the Time to Live (TTL) of the cache in the local DNS server.
- Increase the TTL on the DNS record in your DNS registrar.
- If the resolver DNS server from your internet service provider causes latency, then use public DNS servers.
Reduce latency in TCP and SSL/TLS negotiation time
Complete the following steps:
- Check your local network bandwidth and internet bandwidth.
- Check if there are any network disruptions in your internet service provider or router.
- Optimize your local network performance through your internet service provider or network routes.
- Make sure that the DNS resolver allows your web browser to find the closest and correct edge location.
- To improve HTTPS site performance, keep your certification chain short.
- A firewall, proxy, or local router might cause latency. To diagnose the network latency, run the following MTR command:
mtr -rw example.com --no-dns
Note: Replace example.com with your domain name.
Reduce latency in TTFB, TTL, and RTT
Complete these steps to reduce latency in Time Taken for First Byte (TTFB), Total Time Taken (TTL), Round Trip Time (RTT).
CloudFront returns an "X-Cache: Hit from cloudfront" response value
CloudFront returns "X-Cache:Hit from cloudfront" when requests are served from cache. To reduce latency, complete the following steps:
- Configure CloudFront to compress objects and increase download speed.
- Use local or browser caching to reduce requests to CloudFront. Specify a cache control header on the files to instruct web browsers to keep the website content in the browser's memory or the local disk. For more information, see Specify the amount of time that CloudFront caches objects.
- Activate HTTP/3 for your distribution to support the QUIC protocol connection.
Note: To use HTTP/3, the viewer must support TLSv1.3 and SNI.
CloudFront returns an "X-Cache: Miss from cloudfront" response value
CloudFront returns "X-Cache:Miss from cloudfront" when the request goes to the origin. To reduce latency, complete the following steps:
- Reduce the RTT between CloudFront edge location to your origin location. If a request from a CloudFront edge location goes to the nearest origin location, then the RTT is less. However, TTFB is affected if the request is from an edge location that's geographically distant from the origin. To optimize the RTT, replicate the origin server in multiple AWS Regions that are geographically closer to your users. Then, set up the DNS of your origin domain name so that it routes the request to origin servers based on latency or geolocation. If you use Amazon Route 53 as your DNS provider, then see Choosing a routing policy for more information.
- Turn on CloudFront automatic compression to compress files and reduce download speed. If your file format isn't supported by CloudFront automatic compression, then pre-compress the file in your origin and add a Content-Encoding header.
- To check the latency from the origin to CloudFront, activate the Origin latency metric.
Note: Standard CloudWatch rates apply. - Turn on CloudFront Origin Shield to add an additional layer of cache that minimizes your origins load and improves availability.
- Add response headers policies with the Server-Timing header feature turned on. This feature can help you understand the events that contribute to the latency between CloudFront and the origin.
Website traffic routes to the wrong edge location
CloudFront routes traffic based on the distribution's price class, associated geolocation databases, and EDNS0-Client-Subnet support. Depending on a combination of these factors, your website's viewers might get routed to an unexpected edge location. This can increase the overall latency to retrieve an object from a CloudFront edge location.
If traffic to your website routes to the wrong edge location, then check your configuration requirements. For more information, see Why did the traffic for my web content get routed to the wrong CloudFront edge location?
Related information
What information do I give AWS Support to diagnose CloudFront web distribution latency issues?
Manage how long content stays in the cache (expiration)
How do I troubleshoot 502 and 503 errors that Lambda@Edge functions cause in CloudFront?
- Language
- English
This article was reviewed and updated on 2026-02-09.
Relevant content
- asked 3 years ago
- asked 4 months ago
- asked 2 years ago
- asked 2 years ago
- AWS OFFICIALUpdated 9 months ago
