Cache-Control header not working

What is the name of the domain?

exmaple.com

What is the issue you’re encountering

Set-Cookie Header Missing from response

What steps have you taken to resolve the issue?

I added the following header and verified that it’s being sent:
cache-control: max-age=0, private, no-store

But the page is still being cached. And the set-cookie header is still being stripped from the response.

I forgot to mention that I recently migrated page rules to cache rules. The cache rule is ignore Cache-control header and use this TTL. But I don’t want to ignore Cache-control when the response is no-store.

1 Like

Something about your Cache Rule is forcing that page to be cached. You’ve not provided an example URL to look at, or a screenshot of your cache rule, so there’s not much else we can diagnose.

Once you’ve forced a resource to be cached, the cookie will be stripped out:

https://developers.cloudflare.com/cache/concepts/cache-behavior/#interaction-of-set-cookie-response-header-with-cache

You can’t have it both ways. You may be able to modify the cache rule to have an exception like “cookie does not contain…” (this would be the cookie in the Request, rather than the response where it’d be stripped out). Or change your server behavior to not send those no-store type headers on a response that’s safe to cache, then you wouldn’t have to override the cache-control header for Edge Cache TTL.

1 Like

It’s the TTL I want to override not the entire Cache-Control header. Which is exactly what the rule says.

I found a solution which was to select “Use cache-control header if present, bypass cache if not” but that doesn’t allow me to specify my own TTL in my cache rule.

Now I suppose if I want to specify a TTL I need to do it on the origin server by adding a custom header of Cache-control: public, s-maxage=[num seconds]

That still won’t cache due to the no-store in the response’s cache-control header.

Correct. As long as there’s not some other directive preventing caching.

Am I the only one who finds this wording confusing? Use this TTL to me suggests only ignoring the max-age and s-maxage values, not the whole header. I wasn’t expecting this to cache stuff with a no-store directive. That’s an absolute no-no.

It says this:

Specify if (emphasis mine) and how long Cloudflare should cache the response, depending on if a cache-control header is present on the origin response. Learn more

The first two options are to respect to the cache control header, if present. If not present, then do something else (DON’T cache, or YES cache).

The third option is to disregard any cache control header, and force caching for X amount of time.

This topic was automatically closed after 15 days. New replies are no longer allowed.