during one of the design discussions with one of our Customers, I had a chance to discuss a bit about using anycast to scale out delivery via CDN.
unfortunately, as more ads served even on popular sites is malware or even miners for different cryptocoins it begs a question - how should you protect the site you’re maintaining?
using reputable CDN is good first step. the other one, i didn’t know about (and it seems to be quite natural if you think about it) is to verify hash of the attached resources. this can give you powerful tool to verify and then take an action before page is loaded to verify images or for example JavaScript.
if resource fails verification, it won’t be loaded. easy and working - if you need to use external resources. this is how our current ‘web’ works anyway.