How to prevent Set-Cookie from setting cache status to BYPASS?

What is the name of the domain?

Prefer not to say

What is the issue you’re encountering

Origin cache control with Set-Cookie forces cache status to be BYPASS

What steps have you taken to resolve the issue?

I’ve tried turning on Cache Everything to force caching the requests with the Set-Cookie header, but this way I override the origin Cache-Control header directives, which is not what I want.

What are the steps to reproduce the issue?

  1. Have a server return some Cache-Control headers
  2. Enable Origin Cache Control
  3. Add a Set-Cookie header to the same requests
  4. The cache status will be BYPASS

I understand that this is the default behavior. As written in the docs:

If origin cache control is enabled, Cloudflare does not cache the asset and preserves the Set-Cookie. A cache status of BYPASS is returned.

My question is how to opt out of this behavior. In my case, this Set-Cookie provides a cookie intended to enable session stickiness, meaning that a user gets served content from the same server. For example:

  1. Server responds with Set-Cookie: instance_id=123 and Cache-Control: max-age=180, s-max-age=180
  2. There’s a Custom Cache Key based on the instance_id, fragmenting the cache for each individual instance
  3. All clients who’re served that page from that edge see the cached pages of that particular instance for the next 3 minutes

In other words, I want the default Origin Cache Control behavior when Set-Cookie is not present, but when I do have a cookie. Is this possible?

What I also came up with is to have the cookie be set via JavaScript. So instead of putting it in Set-Cookie, I could have a <script> in the <head> of each page:

<script>document.cookie = 'instance_id=123'</script>

Then, this HTML would get cached as usual, while the clients also receive the cookie.

What worries me is that I’d rely on JavaScript for this to work, and JavaScript could be disabled or blocked. I feel like using Set-Cookie would be better.

Cloudflare won’t store cookies in cache. If you want User 123’s stuff to get cached, you’ll have to live with the BYPASS (or MISS) when the server sets the cookie.

If you want User 123’s stuff to get cached for just User 123, you would need an Enterprise Plan where you can set a custom cache key to include that cookie and its value.

Without an Enterprise Plan, you’d have to use a Worker with CacheAPI and manage your own cache keys.