AWS CloudFront

AWS CloudFront

AWS CloudFront is Amazon's content delivery network that caches and serves website assets from edge locations worldwide. It delivers HTML, CSS, JavaScript, images, video, and API responses from the nearest point of presence to reduce latency. Operates as transparent infrastructure with no advertising or behavioral tracking — purely accelerates content delivery.

Back to Vendor Library

Overview

AWS CloudFront is Amazon's global content delivery network, serving as transparent infrastructure that accelerates website performance by caching assets at edge locations close to users. When detected on a website, it means the site's static files, media, or entire pages are being delivered through Amazon's CDN. CloudFront operates purely as delivery infrastructure with no advertising or behavioral tracking.

What This Script Does

CloudFront does not load tracking scripts or execute JavaScript on behalf of Amazon. It operates at the network layer, serving cached copies of the website's own content from the nearest edge location. Requests are routed through CloudFront's global network of 400+ points of presence.

CloudFront distributions are identified by *.cloudfront.net domains or custom domains configured by the website operator (a CNAME pointing to the CloudFront distribution).

CloudFront does set a limited number of cookies when specific features are enabled by the website operator:

  • AWSALB and AWSALBCORS — Application Load Balancer sticky session cookies; set when CloudFront forwards requests to an ALB origin; used for server affinity; session-scoped
  • CloudFront signed cookies — when the website uses CloudFront's private content feature, signed cookies (typically CloudFront-Policy, CloudFront-Signature, CloudFront-Key-Pair-Id) control access to restricted content; expiry set by the website operator

These cookies are set by the website operator's configuration, not by Amazon for its own purposes. They are functional cookies that serve the website's infrastructure needs.

CloudFront does not collect behavioral data, build user profiles, set advertising cookies, or participate in any ad network. Server access logs (if enabled by the website operator) record standard HTTP request metadata (IP, user agent, requested URL, timestamp) and are stored in the operator's own S3 bucket — Amazon does not use these logs for advertising or analytics.

Consent & Compliance

AWS CloudFront is classified as essential. It is foundational infrastructure that delivers the website itself. Without it, the website would either not load or load significantly slower for users outside the origin server's region.

Under the GDPR, CloudFront's data processing is limited to delivering content as instructed by the website operator. Amazon acts as a data processor under the AWS Data Processing Addendum. The cookies CloudFront sets (when present) serve infrastructure purposes and fall under legitimate interest or, more precisely, the website's technical necessity.

Under the ePrivacy Directive, CloudFront's cookies qualify for the strictly necessary exemption under Article 5(3). They are required for content delivery and access control — services the website operator has configured and that the user implicitly requests by loading the page. No consent is required.

Under CCPA/CPRA, CloudFront does not sell or share personal information. Amazon processes server request data solely for content delivery on behalf of the website operator. The relationship is governed by AWS's service terms, with Amazon acting as a service provider.

Should You Block This Without Consent?

No. AWS CloudFront is infrastructure that delivers the website's own content. Blocking it would break the website entirely — images would not load, scripts would fail, and pages may not render. It sets no tracking cookies and performs no behavioral profiling. It is one of the clearest cases of essential infrastructure in web technology.

Visit website

Consent Categories

Essential

Also Known As

Amazon CloudFrontAWS CDNCloudFront distributionAmazon content deliveryCloudFront edge

Industries

E-commerce and Shopping

Tracked Domains (1)

cloudfront.netEssential

Frequently Asked Questions

Does AWS CloudFront require cookie consent?

No. AWS CloudFront is essential CDN infrastructure that delivers the website itself. Its cookies — AWSALB for load balancer affinity and CloudFront signed cookies for access control — are strictly necessary. The ePrivacy Directive exempts them, and no consent is required.

What cookies does AWS CloudFront set?

When enabled by the site operator, CloudFront sets AWSALB and AWSALBCORS (session-scoped, for Application Load Balancer stickiness) and signed content cookies — CloudFront-Policy, CloudFront-Signature, CloudFront-Key-Pair-Id — to control access to private content. Expiry is set by the operator.

How does ConsentStack handle AWS CloudFront?

ConsentStack classifies CloudFront as essential infrastructure and never blocks it. Blocking CloudFront would break the website entirely, as it typically delivers HTML, CSS, JavaScript, and media assets. ConsentStack distinguishes CloudFront CDN requests from Amazon advertising scripts, which are gated separately.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for AWS CloudFront

ConsentStack automatically detects and manages AWS CloudFront trackers so your site stays compliant with global privacy regulations.

Get started free