Cf-cache-status: BYPASS on scripts and stylesheets


For some reasons, I get the CloudFlare cache bypassed on my script and style sheets bundles.
Example url:
(This url is now obsolete for testing, it now answers with a pragma no-cache response because the version asked is obsolete.)

I am including the full response headers list below.

I have a single page rule, on url with one setting: cache level as cache everything.
I do not have any worker. Brotli compression and auto minify are enabled.
The web site is cookie less.

What should I do to get them cached?

At the moment the received headers are:
HTTP/2 200 OK
date: Wed, 02 Dec 2020 15:07:50 GMT
content-type: text/css; charset=utf-8
cache-control: public,max-age=31536000
last-modified: Wed, 02 Dec 2020 15:07:50 GMT
vary: Accept-Encoding
content-security-policy: frame-ancestors ‘self’;
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: BYPASS
cf-request-id: 06c597e70600001e6d76a36000000001
expect-ct: max-age=604800, report-uri=“
server: cloudflare
cf-ray: 5fb5f5b80a8e1e6d-AMS
content-encoding: br
X-Firefox-Spdy: h2

Additional information: the bundles are actually already minified, but by a somewhat old thing (the old .Net Framework System.Web.Optimization bundler). They are served by a quasi static IIS site using ARR to request the bundle from the actual .Net site, with some filtering to remove unwanted response headers.

What’s your caching level?

My wild guess is try to add an Edge Cache TTL to that Page Rule. But I don’t see a reason for the BYPASS response. Unless there’s some Origin Cache-Control headers that Cloudflare is hiding. Those would show up in a direct ‘curl’ against the origin server.

Here’s some info on cache responses:

Caching level is standard.

Thanks sdayman, that was it, an offending header not shown through Cloudflare. I should have thought about querying directly the server and checking this.

Here are the headers when querying directly. I guess I have to blame that empty Set-Cookie.
HTTP/1.1 200 OK
Date: Thu, 03 Dec 2020 09:18:03 GMT
Content-Type: text/css; charset=utf-8
Content-Length: 261315
Connection: keep-alive
Cache-Control: public,max-age=31536000
Last-Modified: Thu, 03 Dec 2020 09:16:53 GMT
Content-Security-Policy: frame-ancestors ‘self’;
Strict-Transport-Security: max-age=31536000; includeSubDomains

1 Like

Yes. This was the culprit. Cloudflare will bypass cache for responses with cookies.

The origin server instructed Cloudflare to bypass cache via a Cache-Control header set to no-cache , private , or max-age=0 . BYPASS is returned when enabling Origin Cache-Control. Cloudflare also sets BYPASS when your origin web server sends cookies in the response header.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.