CDN-first Is No Longer a Performance Feature

Loading libraries from CDN’s used to be a performance feature (kind of*):

<script src="https://cdn.example.com/jquery-3.6.0.min.js"></script>

A browser would load a resource from cache even if it was included on multiple websites, because the cache key would only be URL of a resource:

{
  "https://cdn.example.com/jquery-3.6.0.min.js": data
}

Well, that is not the case anymore courtesy of the new Double-keyed Caching that includes the requesting site’s origin. Addy Osmani got a thorough write-up on the topic:

Double-keyed caching introduces a fundamental change to how browsers store and retrieve resources. Instead of using just the resource URL as the cache key, browsers now use two pieces of information: the top-level site making the request and the resource’s URL.

{
  ["https://cdn.example.com/jquery-3.6.0.min.js" + "website.com"]: data
}

Reasons for that being security and privacy. Which makes a lot of sense considering the exponential growth of Internet and exploitations.

* Personally, I have never practised CDN-first for critical resources in production. A performance strategy based on CDN provider and the exact version of a resource match has always sounded like a low probability wishful thinking. And there are a bunch of other reasons to avoid it.