ETag Headers being removed by Cloudflare

Hello, I recently implemented cache-control and expires on my new setup. And while I was testing, I found out that after turning on Cloudflare, the ETag header was removed and I also couldn’t get the 304 Not Modified response code (not sure if it’s related though).

Following is the output I get with curl when Cloudflare is disabled.

HTTP/2 200
date: Wed, 14 Oct 2020 23:09:46 GMT
content-type: text/html
set-cookie: __cfduid=dfe454252aa07d4cf09914f9408d75a5f1602716986; expires=Fri, 13-Nov-20 23:09:46 GMT; path=/; domain=.example.com; HttpOnly; SameSite=Lax
last-modified: Wed, 14 Oct 2020 22:57:50 GMT
etag: W/"5f87826e-400"
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: DYNAMIC
cf-request-id: 05caf984eb0000e0f214301000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=16&lkg-time=1602716987"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 5e24f84e4e86e0f2-IAD
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

And following is the output with Cloudflare enabled:

    HTTP/2 200
    date: Wed, 14 Oct 2020 22:58:23 GMT
    content-type: text/html
    set-cookie: __cfduid=df39647adb4345114647b2018b8fdd8c81602716303; expires=Fri, 13-Nov-20 22:58:23 GMT; path=/; domain=.example.com; HttpOnly; SameSite=Lax
    last-modified: Wed, 14 Oct 2020 22:57:50 GMT
    expires: Thu, 01 Jan 1970 00:00:01 GMT
    cache-control: no-cache
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    x-xss-protection: 1; mode=block
    x-frame-options: SAMEORIGIN
    x-content-type-options: nosniff
    referrer-policy: strict-origin-when-cross-origin
    cf-cache-status: DYNAMIC
    cf-request-id: 05caef19f20000744d62b9a000000001
    expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=16&lkg-time=1602716304"}],"group":"cf-nel","max_age":604800}
    nel: {"report_to":"cf-nel","max_age":604800}
    server: cloudflare
    cf-ray: 5e24e7a319fc744d-IAD
    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

Now, I have already gone through CF’s official documentation on using ETag. But even after disabling Email Obfuscation and Automatic HTTPS Rewrites I couldn’t get it to work.

Is there something that I missed?

Anyone?

My guess would be that Cloudflare removes your etag header because your server tells clients and cloudflare to not cache any content.

1 Like

Is that because I set up browser caching on my server and set CF’s Browser Cache TTL to respect the origin header?

might help https://support.cloudflare.com/hc/en-us/articles/218505467-Using-ETag-Headers-with-Cloudflare

When using weak ETag headers, disable Email Obfuscation and Automatic HTTPS Rewrites to ensure Cloudflare doesn’t remove the ETag headers set by your origin web server.

If a resource is cacheable and there is a cache miss, Cloudflare does not send ETag headers to the origin. This is because Cloudflare requires the full response body to fill its cache.

1 Like

Yes, I disabled all those features to ensure that the headers are not removed.

I figured it out. Just lacked the proper knowledge on the topic. The thing is, I am not using Cache Everything and have set CF to respect origin headers.

On the server, the HTML expire is set to " epoch" which explicitely means “no caching” and asks the browser to always ask the website if the page is up to date.

The reason I removed Cache Everything and set the browser TTL to respect origin headers was because the content on my website was being indexed very late (in Bing, Google, etc). May be it was not getting the appropriate response earlier (with a different server and configuration altogether).

This brings me down to my last question: Is it possible to use Cache Everything and still ensure that Cloudflare fetches the latest version of the HTML (at least every few hours)?

I read about Edge Cache TTL, is that what I need? Is the proposed Cache Everything configuration correct for what I am trying to achieve?

That is exactly what you want

1 Like

Makes sense now. And, thank you so much for your time. :slightly_smiling_face:

This topic was automatically closed 60 minutes after the last reply. New replies are no longer allowed.