Cloudflare don't respect origin Cache-Control header

I add a page rule Origin Cache-Control for *. domain.tld/*

Then my original server response with cache-control: public, max-age=3600. Cloud flare response with no cache-control header and cf-cache-status: DYNAMIC. Even I enable browser cache header as respect origin.

Thank you.

Assuming you are not on an Enterprise plan, you wouldn’t need that page rule as origin cache control is enabled by default.

However that won’t change what Cloudflare caches. For that you will need to change the cache level and the edge cache duration.

What exactly do you want to achieve?

I want to make cloudflare respect my origin cache-control totally. Even it’s html or any other thing.


As outlined by Understanding and Configuring Cloudflare Page Rules (Page Rules Tutorial) – Cloudflare Help Center Cloudflare should do this by default.

Post the URL in question.

Plus, cf-cache-status will be irrelevant here.

I think I have some misunderstanding to the docs. In actual I had read the docs you point before I post the question. :sweat_smile:

No worries, so everything is working then?

My origin response with Cache-Control: public, max-age=3600 But cloudflare responses without any cache-control header.:sweat_smile: thank you very much.

That really does not seem to include a cache-control header.

Would you be comfortable sharing your server IP address here?

Also, post a screenshot of your page rules.

Maybe post the curl output is enough? Thank you.

< HTTP/1.1 200 OK
< Server: nginx/1.14.0 (Ubuntu)
< Date: Fri, 12 Feb 2021 17:18:38 GMT
< Content-Type: text/html
< Content-Length: 641
< Last-Modified: Wed, 13 Jan 2021 03:21:34 GMT
< Connection: keep-alive
< ETag: "5ffe673e-281"
< Cache-Control: public, max-age=3600
< Accept-Ranges: bytes

Only one page rule. The origin cache control I post before.

You shouldn’t need that page rule in the first place.

Without the server address it is impossible to say more and you’d need to open a support ticket.

You have configured that on your HTTP connector, not your HTTPS one.

Furthermore you have an invalid SSL certificate and hence still an insecure connection.

What you need to do is

  1. Configure a proper certificate which is valid
  2. Change your encryption mode to Full strict
  3. Configure that cache-control setting for your HTTPS connector as well
1 Like

:disappointed_relieved::tired_face: I’m so foolish… I’m so sorry that my stupidity wasted lots of time. I fotgot to setup it globally.

No worries, glad we worked it out. Just make sure you configure a valid certificate as you have an insecure setup right now.

Plus, you can remove the posting with the IP address now if you wish.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.