But for what reason they hide? Is this Amozon cdn policy?
Cloudfront would only know you were looking for the x.cloudfront.net endpoint if that were what had been typed into the browser directly
This opens up great possibilities for abuse, but by whom?
The risk is manifold: "*.cloudfront.net hostname are shared by tens or hundreds or thousands of other distributions. The Host: header sent by the browser is the mechanism CloudFront uses in order to work out which distribution the request will be processed by and the "Alternate Domain Names" configuration is how these are provisioned" Info credits StackOverflow's Michael.
So whenever something goes wrong with a hack or there is a data-breach, you have an enormous incident.
Who is checking on the clowns that think of such less secure infrastructure just for profit or surveillance?