APO Origin, cookies always bypass?

Hello Cloudflare Community,

I am new to the comunity and I hope somebody could help me to understand the root cause of the APO behavior affecting my website.

I have installed Cloudflare APO since a couple of weeks. Although it was originally working, since several days the APO appears to serve un-cached pages.

Please find below the response i get from the header. (Cf-apo-via: origin, cookie and Cf-cache-status: bypass)

Screenshot 2023-07-16 133208

I understand that in order for the APO to work properly serving cached pages from a local sever, the cf-cache-status should be HIT. Please note that this is what I can read for my staging site (copy of the live website) which indeed shows the HIT status. Please have a look below:

Screenshot 2023-07-16 134241

Is there somebody that could explain why this is happening and how I could ensure that the APO is working properly on my live website, therefore serving cached pages not from the origin?

Thanks in advance for your help.



APO for WordPress will serve from cache all pages that are considered to have static content. And will bypass cache for all pages that are considered to have dynamic content. There are two main signals that will make APO consider a page dynamic, the presence of query strings and the presence of cookies.

Except for query strings and cookies listed in the page below, APO will expect any page with either a QS or a cookie to be dynamic and will bypass cache for those pages. The example URL you provided on the screenshot has both a query string and a cookie. (This could also be the result of you visiting your site on a regular, logged-in browser tab. You should always test your APO site by visiting with your browser incognito mode, and with Dev Tools > Network tab > Disable Cache unchecked.)

If the content of the page is nevertheless static, you need to work with your developer or check your plugin settings to see if it’s possible to serve those pages without a cookie, and to change their URL so that the query string is converted into a regular path element:




An alternative would be to create Cache Rules that match those query strings to have these pages cached despite the APO logic.

1 Like

Hi Cbrandt,

Thank you for your explanations and reference article!

If I may I would like to ask you few clarifications, hoping that you still have the patience for replying to my basic questions :slight_smile:

When I scroll down the header or my live website i read the following:

I highlighted in yellow two areas that are not clear to me. In the first instance i have Cf-Apo-Cf: origin, cookie while more down I can read X-Flying-Press-Cache: HIT. (Flying Pres in my caching plugin). How should a read this? Are my pages served by the origin server or they are cached and served via APO?

The query string that you see at the end of my URL is due to the geolocalization which is active. Thanks to the IP geolocalization my site serves pages with the correct language and currency depending on the user location.
I understand form your explanation that the presence of the query string (/?v=cd32106bcb6d) makes the APO considering all my pages as dynamic. The point is that the actual content is in general static (I have pages pre-translated) however, language and currency define the final static content to be served. Is this still considered dynamic?

I see that Cloudflare offers the possibility to activate the option of cache by device type (Cache by device type · Cloudflare Automatic Platform Optimization docs) where the URL includes a string very similar to the one I have due to the geolocalization. Is there not a similar option for strings related to geolocalization to then only cache resources matching the specific language and currency?

As a way forward, you are referring to a cache rule matching my geolocalization query, and force the system to cache it anyway. Would you agree in something like that?

Thanks a lot for your feedback and I hope all these questions do not bother you.


They are served by your origin, as indicated by cf-apo-via: origin,cookie. The X-Flying-Press-Cache: HIT indicates the content was cached at the origin (that’s what you use a caching plugin for), not that it was cached by Cloudflare’s APO.

You need to plan it well for this feature to work as expected on Cloudflare. Currently, it’s working because APO is bypassing cache, and thus your origin plugin can decide which content to serve based on visitor’s IP address.

If you want this content to be cached, you need to move that decision to Cloudflare’s edge, by creating the equivalent Redirect Rules, so that Cloudflare matches requests from certain regions to the version with the desired currency/language pair. Please see this example, that you’d need to adapt to your content structure.

Without Redirect Rules, if you create the suggested Cache Rule, your language/currency specific content will be cached, but Cloudflare may end up delivering them to the wrong visitor.

That’s not a query string, and I can see where you confusion comes from. The funny string starting with a question mark there is a Regular Expression, that will evaluate requests by matching against user agents to determine whether the visitor has a desktop, tablet, or mobile device. There’s no such ready-made solution for language/currency specs that I’m aware of.

As long as the query string itself does not change, and, as explained above, as long as you create Redirect Rules so that this version is routed to the right visitors, this could work.

No question is too basic when asked in good faith. So, no worries, they don’t bother at all.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.