This has been discussed with Mark Bereznitsky from Atlassian here: https://community.developer.atlassian.com/t/confluence-7-0-eap-released/28060/33

The internal Confluence PDF exporter injects a webResourceIntegration bean which has an API to query the state of the CDN system (WebResourceIntegration#getCDNStrategy) and remove that from the rendered DOM.
Avoiding fetching from the CDN on PDF exports is a precaution done for several reasons:

Some site admins might be reluctant to open up communications from the Confluence instance to the CDN (without this, only one way traffic is needed).
The way the internal PDF exporter works with web resources, there may be scenarios where such a request could poison the CDN cache with resources that we don't want to make their way to a user who views that page, for example.
Adding to the whitelist is an option we're considering but it will not solve the above difficulties.

I'd be happy to discuss the technical details of this but it would be better to do it in a ticket.
...

All of our exporters render content in the PDF output mode - regardless of the actual filetype (Word, PDF, ...) like this:

pageContext.setOutputType(RenderContext.PDF);
ConversionContext conversionContext = new DefaultConversionContext(pageContext);
String html = xhtmlContent.convertStorageToView(content, conversionContext)

Since the built-in PDF exporter also needs to handle the CDN links specifically I was wondering if it wouldn't make sense to simply disable CDN integration when rendering content in this or related output modes. Another option could be a property in the conversion context or a thread local.

What do you think?

Thanks!