ESA is a next-generation product independent of DCDN. To upgrade from DCDN or CDN, deploy on ESA directly and switch DNS. ESA requires no migration.
Key differences between ESA and xCDN
ESA differs from xCDN in three key areas: core capabilities, cost structure, and intelligent security.
Enhanced core capabilities and security
|
Feature |
ESA |
xCDN |
|
CDN acceleration |
|
|
|
Anti-fraud protection |
|
|
|
Free DigiCert certificates |
|
|
|
Free DDoS protection |
|
|
|
Edge Functions and Pages |
|
|
|
Other |
|
|
Simple, transparent pricing
The following billing items apply only to ESA Pro and Premium plans. For the Enterprise plan, contact sales.
The xCDN column below covers both CDN and DCDN.
|
Billing item |
ESA |
xCDN |
|
Traffic-based billing |
Single global rate. The ESA Pro plan suits traffic-heavy services or those requiring anti-fraud protection. |
Region-based billing |
|
HTTPS request billing |
No charge For the Enterprise plan, contact us for custom pricing. |
Charged |
|
QUIC request billing |
No charge |
Charged |
|
WAF request billing |
No charge For the Enterprise plan, contact us for custom pricing. |
Charged |
|
Real-time log requests |
No charge |
Charged |
|
Blocked traffic and requests |
No charge |
Charged |
Smarter security
ESA adds four security capabilities beyond xCDN:
-
AI-driven threat detection: Identifies and blocks network threats automatically.
-
Real-time attack visualization: Displays attack patterns and defense outcomes in real time.
-
Intelligent rate limiting: Detects and throttles anomalous traffic automatically.
-
One-click anti-fraud: Millisecond-level response; protection takes effect instantly.
Product migration: Feature comparison
ESA is a complete redesign of DCDN and CDN. When you upgrade from DCDN or CDN to ESA, the following tables map DCDN and CDN features to their ESA counterparts to help you get started with ESA.
Basic configuration
|
Feature |
Description |
CDN |
DCDN |
ESA |
|
Modify acceleration region |
Changes service scope by switching the acceleration region. |
|||
|
Origin server configuration |
Configure origin servers: OSS domains, IP addresses, origin domains, and Function Compute domains. |
Add DNS records to configure various types of origin servers for your site. |
||
|
IPv6 switch |
Enables IPv6 for requests over various links. |
IPv6 configuration for client requests. |
IPv6 configuration for client requests. |
ESA lets you configure end-to-end IPv6 access. |
|
IPv6 back-to-origin configuration for back-to-origin requests. |
IPv6 back-to-origin configuration for back-to-origin requests. |
Domain name management
|
Feature |
Description |
CDN |
DCDN |
ESA |
|
Add, delete, and query domain names |
Add, delete, and query domain names. |
|
||
|
Domain name migration |
Migrate domain names across accounts. |
Migrate a domain by adding it to ESA. |
||
|
Verify domain name ownership |
You must verify ownership when adding a domain name. |
|
Back-to-origin configuration
|
Feature |
Description |
CDN |
DCDN |
ESA |
|
origin HOST |
Customizes the Host header in back-to-origin requests. |
|
||
|
origin protocol |
Specifies the protocol POPs use for back-to-origin requests. |
|
||
|
back-to-origin for private Alibaba Cloud OSS bucket |
Grants back-to-origin access to all resources in a private Alibaba Cloud OSS bucket. |
|||
|
origin SNI |
Required when your origin hosts multiple HTTPS domains on one IP to ensure the correct SSL certificate is presented during TLS handshake. |
|||
|
back-to-origin HTTP request timeout |
Sets the maximum wait time for a POP to receive a response from the origin. |
|||
|
back-to-origin HTTP request header |
Adds, deletes, or modifies HTTP headers in back-to-origin requests. |
Use a transform rule to modify request headers. |
||
|
back-to-origin HTTP response header |
Modifies HTTP response headers from the origin. |
Use a transform rule to modify response headers. |
||
|
Common Name whitelist |
Allows back-to-origin requests to succeed when the origin SNI does not match the certificate Common Name. |
Not supported |
||
|
follow 301/302 redirect |
POPs automatically follow 301/302 redirects from the origin, reducing round trips. |
|||
|
back-to-origin URL rewrite |
Rewrites the request URL before forwarding to the origin. |
Use a transform rule to rewrite a URL. |
||
|
back-to-origin parameter rewrite |
Modifies query string parameters in a back-to-origin URL. |
|||
|
origin group |
Define origin groups with multiple primary and secondary origin addresses. |
|||
|
conditional origin |
Routes requests to a specific origin server if they match defined rule conditions. |
Not available |
Configure DNS records for different conditions in an origin rule to implement conditional origin. |
Cache configuration
|
Feature |
Description |
CDN |
DCDN |
ESA |
|
Cache TTL |
Controls how long POPs cache origin resources. |
|
||
|
Status code TTL |
Caches specific HTTP status codes for a set TTL, reducing origin load. |
|||
|
Set HTTP response header |
Adds or modifies HTTP response headers at the POP to control browser caching, CORS, and other behaviors. |
Use a transform rule to modify outbound response headers. |
||
|
Custom error page |
Returns a custom page instead of the default error page when content is not found or an error occurs. |
Implement this feature by adding a custom edge function. |
||
|
Request URL rewrite |
Rewrites incoming request URLs to a new path. |
Use a rule to configure request redirection. |
||
|
Custom cache key |
Maps similar requests to a single cache key to improve cache hit ratio. |
|||
|
Shared cache / request collapsing |
Allows domains under the same account to share cache space, improving hit ratio. |
Not supported |
Not supported |
HTTPS configuration
|
Feature |
Description |
CDN |
DCDN |
ESA |
|
HTTPS certificate |
Encrypts requests between clients and POPs. |
|||
|
HTTP/2 settings |
Reduces latency through binary framing, multiplexing, and header compression. |
|||
|
Force redirect |
Automatically redirects all client HTTP requests to HTTPS. |
|||
|
TLS versioning |
Selects TLS versions to balance security with backward compatibility for older clients. |
|||
|
HSTS |
Improves security by forcing clients to connect to POPs exclusively over HTTPS. |
|||
|
OCSP Stapling |
POPs cache certificate revocation status, eliminating client-side OCSP queries during TLS handshakes. |
Access control
|
Feature |
Description |
CDN |
DCDN |
ESA |
|
referer hotlink protection |
Filters requests by Referer header using a blacklist or whitelist. Unauthorized requests receive a 403 error. |
ESA implements a referer blacklist/whitelist using WAF custom rules. |
||
|
url authentication |
Validates requests using an encrypted URL string and timestamp to prevent unauthorized access. |
ESA implements this by configuring an edge function based on templates for authentication methods A, B, and C. |
||
|
ip blacklist/whitelist |
Filters requests by IP blacklist or whitelist to restrict traffic sources and block malicious scraping and attacks. |
ESA implements an ip blacklist/whitelist using WAF custom rules. |
||
|
user-agent blacklist/whitelist |
Filters requests by User-Agent blacklist or whitelist to restrict access from specific clients. |
ESA implements a user-agent blacklist/whitelist using WAF custom rules. |
||
|
remote authentication |
Forwards requests to a specified authentication server for verification. |
Not supported |
ESA implements this by adding a custom edge function. |
Performance optimization
|
Feature |
Description |
CDN |
DCDN |
ESA |
|
html optimization |
Strips comments and whitespace from HTML, JavaScript, and CSS to reduce file size. |
Implemented by adding a custom edge function. |
||
|
Gzip compression |
Compresses files to reduce transfer size and bandwidth. |
|
||
|
Brotli compression |
Often achieves better compression than Gzip. Edge nodes compress resources before delivery. |
|
||
|
Ignore parameters |
Edge nodes ignore the query string (after |
|
||
|
Image processing |
Performs on-the-fly image operations (resize, crop, rotate, compress) at the edge. |
Video features
|
Feature |
Description |
CDN |
DCDN |
ESA |
|
Range back-to-origin |
Adds a Range header to back-to-origin requests so the origin returns only the requested portion, improving efficiency and cache hit ratio. |
|||
|
Video seeking |
Lets users jump to any point in an audio or video stream. |
|||
|
Listen to video |
Extracts and delivers only the audio track from a video file. |
Not supported |
Not supported |
|
|
Audio or video preview |
Delivers a specified duration of audio or video for non-subscriber previews. |
Not supported |
||
|
Rewrite standard M3U8 encryption |
Modifies M3U8 manifest files for HLS by dynamically adding encryption parameters after a specific tag. |
Not supported |
Resource monitoring
|
Feature |
Description |
CDN |
DCDN |
ESA |
|
Bandwidth and traffic |
Bandwidth and traffic data for an accelerated domain, queryable by region, carrier, and protocol. |
|
||
|
Number of requests/QPS |
Request count and QPS for an accelerated domain across different dimensions. |
|||
|
Http status code |
HTTP status codes returned for an accelerated domain. |
|||
|
Back-to-origin statistics |
Back-to-origin bandwidth and traffic for an accelerated domain. |
In Cache Analysis, filter by |
||
|
Http status code (back-to-origin) |
HTTP status codes from the origin for back-to-origin requests. |
|||
|
Hit ratio |
Byte and request hit ratios for an accelerated domain. |
Not applicable |
||
|
Real-time data monitoring |
Real-time bandwidth, traffic, request count, and QPS for an accelerated domain. |
|
||
|
Real-time back-to-origin monitoring |
Real-time back-to-origin bandwidth and traffic for an accelerated domain. |
In Cache Analysis, filter by |
||
|
Real-time quality monitoring |
Real-time request hit ratio, byte hit ratio, and HTTP status codes for an accelerated domain. |
|
Operations reports
|
Feature |
Description |
CDN |
DCDN |
ESA |
|
PV/UV |
View PV/UV metrics for a domain over a specified time range. |
|
||
|
Top client IPs |
Top client IPs for a domain and date, ranked by traffic or request count. |
|||
|
Regions and carriers |
User visit distribution by region and carrier. Covers the Chinese mainland, Hong Kong (China), Macao (China), Taiwan (China), and overseas. |
|||
|
Popular referers |
Top referers by traffic volume, traffic share, request count, and request share for hotlink protection analysis. |
|||
|
Popular URLs |
Top URLs by traffic or requests for a domain, filtered by status code. |
|||
|
Popular URLs (back-to-origin) |
Top back-to-origin URLs by traffic or requests for a domain, filtered by status code. |
|||
|
Domain name ranking |
Ranks domains by traffic share, traffic volume or bandwidth peak, peak time, and total requests. |
|||
|
Subscribe to operations report tasks |
Subscribe to customizable reports emailed to a specified address. |
Purge and prefetch
|
Feature |
Description |
CDN |
DCDN |
ESA |
|
URL purge |
Purges a cached resource by URL. The next request retrieves the latest version from the origin. |
|||
|
Directory purge |
Purges all cached resources within a directory. The next requests retrieve latest versions from the origin. |
|||
|
Regex purge |
Batch-purges resources matching a regular expression. |
Use these purge policies instead: |
||
|
URL prefetch |
Prefetches origin resources to edge nodes before user requests, reducing origin load. |
Tools
|
Feature |
Description |
CDN |
DCDN |
ESA |
|
IP address query |
Checks whether an IP address belongs to an acceleration node. |
|||
|
URL diagnostic tool |
Troubleshoots webpage loading failures or errors. |
Not supported |
Not supported |
Usage and billing queries
|
Feature |
Description |
CDN |
DCDN |
ESA |
|
Usage query |
Query usage data by traffic, bandwidth, HTTPS requests, and billing region. |
|||
|
Usage summary |
View a usage summary across all domain names for the product. |
Not supported |
||
|
Export summary |
Export total usage data across all domain names for the product. |
Not supported |
||
|
Export details |
Export per-item usage details across all domains, filterable by domain, time, and account. |
Not supported |
||
|
Resource plan query |
View resource plan details: total amount, remaining amount, and expiration date. |
ESA is a subscription service and does not use resource plans. |
||
|
Billing method query |
View your current billing method. |
View your current plan level in Websites or Query usage. |
||
|
Change billing method |
Change your billing method. |
Other features
|
Feature |
Description |
CDN |
DCDN |
ESA |
|
Traffic cap |
Caps maximum bandwidth for a domain to prevent losses from sudden traffic surges. |
Not supported |
||
|
EdgeScript |
Custom scripts for flexible edge logic when standard console settings are insufficient. |
|||
|
QUIC protocol switch |
Reduces connection and transmission latency while maintaining standard security. |
|||
|
EdgeScript execution status |
View the execution status of your EdgeScript. |
|
||
|
EdgeScript exceptions |
View exceptions and error codes from EdgeScript execution. |
|||
|
Rules |
Conditional logic via a graphical interface to match request parameters and apply configurations. |
Not supported |
Use Rules. |
|
|
Offline log download |
Hourly access logs per domain, downloadable for the past 30 days. |
|||
|
Transfer offline logs using Function Compute |
Automatically transfers new offline logs to OSS via a preconfigured Function Compute function. |
Not supported |
Achieve this by creating a real-time log delivery task. |
|
|
Real-time log delivery |
Delivers real-time logs from accelerated domains to SLS for monitoring and troubleshooting. |
Deliver real-time CDN logs to SLS to analyze user access data |
||
|
Data statistics |
Aggregated traffic, performance, and user access statistics. |
|