Cache Everything with Anonymous Website Visitors

We are working to configure CloudfFare (CF) to cache anonymous user web pages. We use this type of Cache Everything rule:

If the URL matches epiphany4.microdinc.com/*.html
Cache Level: Cache Everything,
Edge Cache TTL: 1 hour,
Bypass Cache on Cookie: DisableCFCache=True

Our platform will set the Cookie DisableCFCache=True to Disable the Cloudflare cache once a user logs in. Is this an appropriate strategy?

What we have noticed is that when this Page Rule condition is met and CF caches the page the browser also caches the page locally and subsequent requests for the matched web page do not go to Cloudflare’s servers. Could it be the case that CF is modifying the Response Header that it sends to the client browser so that it forces the browser to cache the page locally?

Here is the response header when CF did not cache the page:
HTTP/2 200 OK
date: Thu, 25 Feb 2021 23:26:40 GMT
content-type: text/html; charset=utf-8
cf-ray: 627531506940e3be-ATL
cache-control: private
set-cookie: DisableCFCache=; expires=Wed, 24-Feb-2021 23:26:40 GMT; path=/; secure
strict-transport-security: max-age=31536000, max-age=31536000
vary: Accept-Encoding
cf-cache-status: BYPASS
cf-apo-via: origin,host
cf-request-id: 087d1d26420000e3bec3374000000001
expect-ct: max-age=604800, report-uri=“https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
set-cookie: datadome=…; Max-Age=31536000; Domain=.microdinc.com; Path=/; Secure; SameSite=Lax
x-client-image-vid: 10
x-client-vid: 309
x-content-type-options: nosniff
x-datadome: protected
x-epiphany-vid: 1059-1823
x-xss-protection: 1; mode=block
server: cloudflare
content-encoding: br

Here is the response header where CF cached the page:
HTTP/2 200 OK
date: Thu, 25 Feb 2021 23:27:58 GMT
content-type: text/html; charset=utf-8
cf-ray: 62753333eb71e3be-ATL
cache-control: public, max-age=31536000
expires: Fri, 25 Feb 2022 23:27:58 GMT
set-cookie: datadome=…; Max-Age=31536000; Domain=.microdinc.com; Path=/; Secure; SameSite=Lax
strict-transport-security: max-age=31536000, max-age=31536000
vary: Accept-Encoding
cf-cache-status: EXPIRED
cf-apo-via: origin,host
cf-request-id: 087d1e546f0000e3beae077000000001
expect-ct: max-age=604800, report-uri=“https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
x-client-image-vid: 10
x-client-vid: 309
x-content-type-options: nosniff
x-datadome: protected
x-epiphany-vid: 1059-1823
x-xss-protection: 1; mode=block
server: cloudflare
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

How can we make this work? Once CF caches the page and sends it to the browser client, the browser no longer subsequently requests the page but obtains it from its local cache. We do want the client browser to obtain many files from its local cache (css, js, jpeg) but we do not want the browser to cache the page HTML in its local browser cache. We need the browser to request the HTML from CF so that when the website visitor does log in, and we have set the cookie to disable the CF Edge Cache, CF will pass the request to our Origin server and we will deliver the appropriate HTML for a logged in user.

Here you have 1 year which first off you need to change it to ‘Respect Existing Header’

Avoid this as it override the s-maxage or max-age passed by origin.

  • Just having Cache Level: Everything is sufficient.
  • Send appropriate header from your origin server

Hint to cache assests for 1 hour in Cloudflare, for 0 seconds in visitor’s browser.

Cache-Control: s-maxage=3600, max-age=0

Hint to Cache assests for maximum 1 year.

Cache-Control: public, max-age=31536000, immutable

Direct browser and Cloudflare to do not cache at all.

Cache-Control: no-store, max-age=0

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.