Always revalidate cache with origin cache-control: no-cache

I have a json api that I always want to return up-to-date data if possible, but I also want to utilise the cache as much as possible. So, I return the following cache control header with most api responses from the origin:
Cache-Control: public,no-cache,max-age=2592000. I also include a last-modified header.
To my understanding, this should mark the response as cacheable for a month, but on every subsequent request, revalidate the cache before using it.

I created a Cache Rule to mark all responses as “Eligible for cache”. To preserve the no-cache value in the cache-control header of the response I set the option Browser TTL to “Respect origin TTL”.

Testing it on an endpoint, after the second load (after a MISS) the cf-cache-status header value was “REVALIDATED” and from the third load onwards, it was “HIT”.

I then set Edge TTL to “Use cache-control header if present, bypass cache if not”. Now the second load after MISS had a cf-cache-status of “BYPASS” and the third onwards of “HIT”.

Does HIT mean the cache was not revalidated? I would expect, with the above origin cache-control and last-modified headers, any subsequent request to return a REVALIDATED status instead of HIT.

Is there an issue with my Cache-Control header or my Cache Rule configuration, or am I just not understanding how this works? Any help is appreciated!