CF is returning multiple cache headers



I’ve hit something strange, maybe a bug!
my origin server is sending out this headers in response to a request
[“Content-type: application/json”,“Cache-Control: max-age=3000”,“Expires: Sun, 08 Jul 2018 12:19:15 GMT”]

which is OK as I want the resource to be cached for 3000 seconds, but having CF in between I get multiple cache headers for this request.

cache-control: public, max-age=0
cache-control: max-age=3000

The same goes for expires header. I tried all sorts of stuff and configs. Could you help me what’s is happening here?
You can see the response for yourself at


This is coming from your origin server itself rather than Cloudflare so you’ll need to fix it there. To verify this you can use a tool like cURL to send a request direct to your origin:

Here’s a cURL direct to your origin showing the response (I have replaced your origin IP with REDACTED so it is not revealed here):

$ curl "" --resolve --silent --verbose --output /dev/null
* Added to DNS cache
* Hostname was found in DNS cache
*   Trying REDACTED...
* Connected to (REDACTED) port 80 (#0)
> GET /api/product/page?psize=6&sort=1 HTTP/1.1
> Host:
> User-Agent: curl/7.59.0
> Accept: */*
< HTTP/1.1 200 OK
< Set-Cookie: azerafati=agu08mtompqto8j8fm8a3tb545; path=/
< Cache-Control: public, max-age=0
< Expires: Wed, 11 Jul 2018 08:39:09 GMT
< Content-Type: application/json
< Cache-Control: max-age=3000
< Expires: Wed, 11 Jul 2018 09:29:09 GMT
< Content-Length: 2357
< Date: Wed, 11 Jul 2018 08:39:09 GMT
< Accept-Ranges: bytes
< X-By: @azerafati
< Connection: Keep-Alive
{ [1073 bytes data]
* Connection #0 to host left intact

As you can see the double cache-control header is returned there - you’ll need to check the configuration of your webserver or application code to remove this.