Some JFrog customers secure their networks by limiting clients' egress traffic based on a domain-based Allow List. Therefore, when enabling CDN redirect, calls to cloudfront.net will get blocked unless explicitly allowed. While adding the entire cloudfront.net domain to the Allow List is technically possible, this setup is permissive and insecure.
Additionally, customers who already use a CNAME on top of their JFrog service would like to be able to extend the coverage of their CNAME to the CDN as well.