Comment by Ayesh

You don't necessarily need to authenticate users on that domain with a cookie. An HMAC token would be ideal, because you don't have to maintain state.

Don't hardcore the content domain. In case the content domain gets flagged, it should be easy to change to a new domain.

The assets themselves (such as images, scripts, etc) can have any browser cache expiration time. HTML documents cache duration will matter, and once that has elapsed, browsers should start to use the new content domain.