TLS encrypts a connection between two endpoints. The subtlety is in what counts as an endpoint. When a site sits behind a reverse-proxy CDN (Cloudflare, Akamai, Fastly, Amazon CloudFront, and a few others), the DNS for that site points at the CDN, the CDN holds a valid certificate for the domain, and your browser's TLS session terminates on the CDN's hardware. Everything inside the session, URLs, cookies, form submissions, passwords, message bodies, exists as plaintext in that edge server's memory before being re-encrypted (usually) on a second connection to the origin.
Your browser cannot tell the difference, because from TLS's perspective there is no difference: the CDN legitimately holds a certificate for the domain, issued through the site owner's arrangement with the CDN. Every guarantee the padlock makes is being kept. It is just being kept by a middlebox you have never heard of, on behalf of a site that chose to put it there.
How much of the web this covers
W3Techs, which surveys technology usage across websites, has measured Cloudflare alone in front of roughly a fifth of all websites for several years running. Add Akamai (which has carried a large fraction of enterprise and media traffic since the early 2000s), Fastly, and CloudFront, and TLS termination by a third party is the normal condition of the web, not the exception. When Fastly had a configuration failure in June 2021, it took down Reddit, Amazon, the BBC, and the UK government's website simultaneously, a one-hour demonstration of how much of the web shares a small set of intermediaries.
Sites do this for good reasons. CDNs absorb distributed denial-of-service attacks that would flatten an origin server, cache content near users, and handle TLS configuration better than most origin operators would. For a small site, a CDN's free tier is often the difference between surviving an attack and going dark. The trade is real on both sides, which is exactly why it deserves to be understood rather than waved at.
What the intermediary position means
Three consequences follow from holding the decryption point for millions of sites.
Aggregation. Your ISP sees which domains you visit but not the content (what ISPs see is its own topic). A CDN terminating TLS for a site sees everything: full URLs, headers, cookies, and request bodies, and it sees this across every CDN-fronted site you visit. A single company can, in principle, observe your login to a news site, your search on a forum, and your checkout at a store, because all three sit behind it. The major CDNs publish policies about not mining this data, and there is no public evidence of the large providers doing so. The observation still stands: the capability is structural, and the check on it is policy, not mathematics.
Legal process. An intermediary that can read traffic can be compelled to disclose or intercept it, under whatever legal regime applies to its operations. For site operators this belongs in the threat model the same way their hosting provider does. For users, it means the jurisdiction of a site's CDN can matter as much as the jurisdiction of the site.
Failure amplification. In February 2017, a bug in Cloudflare's edge HTML parser, found by Google Project Zero's Tavis Ormandy and nicknamed Cloudbleed, caused edge servers to leak fragments of process memory into web responses. Because the edge handles decrypted traffic for many sites at once, the leaked fragments included session tokens, cookies, and personal data from unrelated sites, some of it captured in search engine caches before the bug was fixed. No cryptography failed. The failure surface was the shared plaintext point that the architecture creates.
Transport encryption protects data from the network between endpoints. It cannot protect data from the endpoints themselves, and a CDN edge is an endpoint. Any privacy property you need against the infrastructure has to come from a layer above TLS.
What actually protects content through a middlebox
That last sentence is the load-bearing one, and it is the reason end-to-end encryption exists as a separate discipline from transport encryption. When the sensitive payload is encrypted before it enters the HTTPS session, with keys held only by the sender and the final recipient, the CDN's position stops mattering for content. It forwards ciphertext it cannot read, and so does everyone else between the two endpoints.
This is the model of every serious encrypted messenger. A Signal message, an MLS group message, or a PGP-encrypted email traverses servers, CDNs, and relays as opaque bytes; what E2EE protects is precisely the content layer that TLS termination exposes. The infrastructure still sees metadata (who is talking to whom, when, how much), which is why metadata remains the hard problem. But the distinction matters practically: a webmail session through a CDN exposes your messages to the middlebox; an end-to-end encrypted message through the same middlebox exposes envelope information only.
For site operators, the honest hierarchy of options looks like this:
- Encrypt origin traffic properly. The CDN-to-origin leg should use full, validated TLS. Configurations that accept any certificate, or that fall back to plain HTTP behind the CDN, mean the padlock your users see covers half the journey.
- Keep the most sensitive paths off the shared edge where the product allows it, or use the CDN in a pass-through mode that does not terminate TLS for those routes.
- Design so the middlebox has nothing to read. If the application encrypts payloads end-to-end, the CDN can do its job (absorbing attacks, caching public assets) without ever holding user content. This costs engineering effort, and it is the only option that removes trust rather than relocating it.
What you can do as a user
Less than you might want, which is worth stating plainly. You do not choose a site's CDN, and refusing to browse CDN-fronted sites means refusing the web. What you can do is calibrate. Treat the padlock as what it is: proof of an encrypted path to the domain's serving infrastructure, not a statement about who operates that infrastructure or how many parties can read the plaintext. For browsing privacy against network observers, technologies like Encrypted Client Hello and encrypted DNS narrow what leaks on the wire. For content that genuinely must not be readable by infrastructure, the tool is end-to-end encryption, chosen at the application level, because no amount of transport security substitutes for it.
The web's encryption story of the last fifteen years is a real success: plaintext HTTP is nearly gone. The next honest question is the one this architecture raises: encrypted to whom? For most of the web, the answer includes a company in the middle, and knowing that is the difference between trusting a padlock and understanding one.