Ignoring CORS Origin-headers when determining cache hit/miss

I’m using Cloudflare as a very simple CDN/cache server. We always set CORS to allow everything (access-control-allow-origin: *).

In the docs it states:

Identifying cached assets based on the Host Header, Origin Header, URL path, and query. This allows different resources to use the same Host header but different Origin headers.

I think I understand how that would make sense, but in our case always allowing everything, I would rather just cache everything, regardless of origin. We serve content on banner networks, so there could be thousands of origins, which means that often only half of the requests are cached, and the other half reaches the origin (which has a cost).

Is it possible to change this behavious with a setting, or possible with some sort of rewrite rule that would fake the origin at the point where the hit/miss cache decision is made (my knowledge of the Cloudflare stack/ecosystem is very shallow).

Answering my own question, in case someone runs into this in the future (or i forget myself :wink:
Transform Rules will let you do this.
Add an HTTP Request Header Modification rule that removes the “Origin” header
Add an HTTP Response Header Modification rule that adds the desired headers. e.g.

Set static: access-control-allow-methods: GET
Set static: access-control-allow-origin: *
Set static: access-control-max-age: 1800
1 Like