Skip to content
Cloudflare Docs
Docs DirectoryAPIsSDKs

Connection reuse

Smart Shield reduces the number of connections between Cloudflare and your origin server by batching multiple requests through shared connections. When requests from an upper-tier data center — the layer of Cloudflare's cache that sits closest to your origin — need to reach your server, Smart Shield sends them over a single connection instead of opening a new connection for each request. This reduces overall connections to your origin by 30% on average, which lowers resource consumption on your origin and reduces the risk of connection exhaustion under high traffic.

For more information, refer to the Smart Shield announcement blog post.

About connection reuse

Every HTTP request requires a TCP connection between a client and a server. Each connection is identified by a pair of network addresses: the source IP address and port, and the destination IP address and port. Opening a new TCP connection has overhead — it requires a handshake between client and server, and a TLS negotiation if the connection is encrypted.

Connection reuse (also called persistent connections or keep-alive) avoids this overhead by sending multiple HTTP requests over a single TCP connection instead of opening a new connection for each request. HTTP/1.1 made this the default behavior.

For example, when a browser opens a connection to shop.example.com, the page may reference dozens of additional resources — stylesheets, images, scripts, and other files. Without connection reuse, each resource would require its own TCP connection. With connection reuse, all of these requests flow through the same connection.

Connection coalescing (HTTP/2)

With HTTP/2, connection reuse extends further through connection coalescing. This allows requests for different hostnames to share a single connection, as long as two conditions are met:

  • The hostnames resolve to the same destination IP address and port.
  • The TLS certificate on the server covers both hostnames (for example, a certificate that lists both shop.example.com and blog.example.com in its Subject Alternative Names).

This means a connection originally opened for shop.example.com can also carry requests for blog.example.com, reducing the total number of connections to your origin even further.

Connection reuse and Dedicated CDN Egress IPs

Connection reuse and connection coalescing are also considered when allocating your Dedicated CDN Egress IPs.