How can cross-domain requests with different "Origin" headers be cached only once?

I use Microsoft’s edge browser to access the pages of my website. There are some cross-domain resources in the pages, but this browser loads these resources without “Origin” header. Then I opened Google’s Chrome and found that Chrome had “Origin” headers when accessing these cross-domain resources through its pages.And although these resources have been accessed once in edge browser, when accessed in Chrome, the cache state is still miss, not hit.
Testing requires tools such as “HttpAnalyzer”. Change the value of “Origin” in the request headers to access a file that allows caching. The value of “cf-cache-status” is always “MISS”.This means that the same file with different “Origin” will be cached many times.
How can I let Cloudflare ignore the “Origin” change and cache it only once?

You need to use a custom cache key.

I’ve seen all the instructions for custom caching keys. My English is not very good, but I think I need the cache key. This way, the same file can be accessed once, and “HIT” will be displayed for other requests with different “Origin” headers.

I need ignore “header: origin” option.

The default cache key is:

You need to have your solutions engineer create a page rule with a custom cache key that does not contain the Origin header:


Do I need to upgrade to an enterprise solution to apply for a cache key?

The document linked to earlier does not say so, it’s probably best to contact support directly to clarify.

This behavior can be modified with custom cache keys, a feature only available on our Enterprise plan.


Unfortunately, I don’t have enough budget to upgrade to the Enterprise plan. I can only hope that there will be an option to ignore the “origin” in the future to solve this small problem.

Solving this purely on Cloudflare might be tricky in this case. The only possible approach I could imagine right now would be workers. These cant modify the cache key either, however you could recreate the request object and omit the Origin header. That might work, no guarantee though :slight_smile:

Some browsers automatically add or modify the “origin” header in a cross-domain request. Such as the Chrome browser. Therefore, it is not useful to omit the “origin” header on request.

If you cant remove the header, you either cant solve the issue on Cloudflare alone, cant solve it at all, or will have to upgrade to an Enterprise plan.

Browsers add it during a CORS request. (Which is not necessarily the same as a cross origin request). Unless you have significant resources being loaded cross origin I would not expect Origin to make a big difference.

What is actually going on that you are looking to control?

It’s just a small problem. The scripts in my client’s website will cross-domain access the short video tutorials on my site. Customers in some countries need several minutes to load these short video tutorials, although the short video is only 10 MB. The test found that after being cached by Cloudflare, short video tutorials can be instantaneously played in any country of the customer. Unfortunately, these visits are cross-domain. So it’s not suitable for that.

This topic was automatically closed after 30 days. New replies are no longer allowed.