Always get cf-cache-status BYPASS

I have this page rule:*
Cache Level: Cache Everything, Automatic HTTPS Rewrites: On, Origin Cache Control: On

When accessing a page, I get this response:

HTTP/1.1 200 OK
CF-Cache-Status: BYPASS
CF-RAY: 712199519f259ac3-MIA
Cache-Control: s-max-age=1800
Cdn-Cache-Control: public, max-age=840000
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Fri, 27 May 2022 20:46:16 GMT
Expect-CT: max-age=604800, report-uri=""
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Envoy-Upstream-Service-Time: 942
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

How can I get Cloudflare to respect the CDN-Cache-Control header and cache the page?

Do you have any firewall rules that are enabled for bypass?

1 Like

No, I’m not using the Firewall Rules feature of Cloudflare.

From the docs BYPASS is set when

The origin server instructed Cloudflare to bypass cache via a Cache-Control header set to no-cache , private , or max-age=0 even though Cloudflare originally preferred to cache the asset. BYPASS is returned when enabling Origin Cache-Control. Cloudflare also sets BYPASS when your origin web server sends cookies in the response header.

I would check to see if any of those conditions are met


Might not be related, but it is s-maxage.


I’ve looked into that. The response headers I shared above show that none of that should be a problem, hence my confusion. Any other ideas?

Thanks! Alas, it made no difference with the cache bypass issue.

I’m using Render, which happens to use Cloudflare for DDOS protection (but not caching). Maybe that has something to do with it?

Some more details:

  • I’m not using Cloudflare workers
  • I have Cloudflare proxying enabled in my DNS settings

May you share your domain? It’s hard to help people, without seeing the real page.

1 Like

Ok so, I’ve determined it’s related to my use of Render as a host for my origin server.

If I use my router’s public IP, the cf-cache-status is MISS as desired.

In case someone hits the same issue, the solution is to use a CNAME record on root instead of an A record, and point it to the subdomain related to your project.