I always got cf-cache-status: BYPASS for javascripts and stylesheets

I tried to fetch a javascript file for my website using curl, somehow it always showed BYPASS for cf-cache-status.

It had worked before. I don’t have any page rule for the subdomain. Could someone please help? I would appreciate a lot.

Kind regards,
Shih-Chin Yang

Here is my command and response:
curl -s -v https://www.bsafes.com/javascripts/bSafesCommonUI.js > /dev/null

… TLS related cut…

GET /javascripts/bSafesCommonUI.js HTTP/2

Host: www.bsafes.com

User-Agent: curl/7.54.0

Accept: /

  • Connection state changed (MAX_CONCURRENT_STREAMS updated)!

< HTTP/2 200

< date: Wed, 19 Aug 2020 04:00:19 GMT

< content-type: application/javascript; charset=UTF-8

< set-cookie: __cfduid=d5c019afdd77422c0890e17d0549644b01597809619; expires=Fri, 18-Sep-20 04:00:19 GMT; path=/; domain=.bsafes.com; HttpOnly; SameSite=Lax; Secure

< x-dns-prefetch-control: off

< x-frame-options: DENY

< strict-transport-security: max-age=15552000; includeSubDomains

< x-download-options: noopen

< x-content-type-options: nosniff

< x-xss-protection: 1; mode=block

< content-security-policy: … cut …

< cache-control: public,max-age=604800

< last-modified: Wed, 19 Aug 2020 01:56:50 GMT

< etag: W/“fa1a-174046ee2d0”

< cf-cache-status: BYPASS

< set-cookie: connect.sid=s%3A420de9bf-1dc0-4003-a17a-083a625d1f76.sGUwhbQ3UDeBr8x9i40AzJK7MBvBU%2BwEOIz2EZsCvYA; Path=/; Expires=Fri, 20 Aug 2021 04:00:19 GMT; HttpOnly; Secure

< cf-request-id: 04a6790996000005343c8fa200000001

< expect-ct: max-age=604800, report-uri=“https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct

< server: cloudflare

< cf-ray: 5c50f788fe300534-LAX

Do you have any Page Rules for your zone? If so, can you please post a screenshot of them?

Many thanks for your prompt response!

I only have one page rule for another sub-domain. Please see the screen shot.

Kind regards,
Shih-Chin Yang

Likely because of the cookie in the response.

In general, your web server usually is the one serving static files like .js in which no cookie would be returned. Otherwise, if your actual application is reading the files and returning them, it can lead to higher load on your server and issues like this one where cookies that are meant for each user either lead to the content not being safely cache-able, or the same cookie is served to each visitor.

You should set up your web server to serve files before it goes to your backend application.


Hi, Judge:
Many thanks for your suggestion. I followed your instruction to service static contents before setting cookie in response, and it worked!

Kind regards,
Shih-Chin Yang

1 Like

This topic was automatically closed after 31 days. New replies are no longer allowed.