Pakbreed.com


#21

Great,

My site is classfified site where users are posting ads daily same like gumtree.
for these kind of sites is it good option to use cloudflare? or it is only for statics sites?

My contect is cacheable for sure. but on my site there are more images than text


#22

Images are especially good for caching (but you need to make sure you’re not sending from your server directives not to cache them!), and thus, cloudflare

But even if your images are cached - if the HTML you’re serving is never cached, for the loading of the HTML itself (and not all subsequent images), Cloudflare will have to go to your server, at least for the initial HTML. And if THAT is slow, users might not like the experience. Ideally if you don’t have customized content (or at least, for not logged-in users), and all users get exactly the same page, you should make it cacheable.

One technique you might opt to choose if you must do customization for a little part of the page, is to serve the HTML in a static manner quickly from cache, and after page load is complete, in the bottom of the page, call Javascript to dynamically make additional calls for the server for the little parts that are different between users. That way, the site will appear to load fast, and only little portions will populate later, such as “Logged in user: Customer name”. etc.


#23

great i understood what you mean.
the issue is i am not technically strong enough. Does it require code modification?
or is there any online tool to check if my script allows cloudflare to chache every thing including html code?


#24

This is the result

fl=60f4 h=[dottpk.com](http://dottpk.com)
ip=37.127.11.116 ts=1546506676.978 visit_scheme=https uag=Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/71.0.3578.89 Mobile/15E148 Safari/605.1 colo=DXB http=h2 loc=SA tls=TLSv1.2 sni=plaintext

#25

It really depends what is sending this header for you. If it’s your web server, statically on all objects, then it’s a web server configuration change.

If it’s your app (if the HTTP server config doesn’t have anything set, then likely it just passes whatever the app sends), then what the app sends need to be changed. There may be an “admin settings” place to do that (depending on the app), or you may have to change the code if it’s hard-coded in it.

To check the headers of a URL, you can paste it here: https://securityheaders.com/ and you could see the Cache-Control header.


#26

thank you for helping below is the result.
Raw Headers

HTTP/1.1 200 OK
Date Thu, 03 Jan 2019 18:01:38 GMT
Content-Type text/html; charset=UTF-8
Transfer-Encoding chunked
Connection keep-alive
Set-Cookie __cfduid=dd5c7cd98e0b65ee3cf972dddf44114b91546538498; expires=Fri, 03-Jan-20 18:01:38 GMT; path=/; domain=.pakbreed.com; HttpOnly; Secure
Cache-Control no-cache, private
Cf-Railgun direct (starting new WAN connection)
Set-Cookie ip_country_code=us; expires=Fri, 02-Jan-1970 00:00:00 GMT; Max-Age=0; path=/; domain=www.pakbreed.com
Set-Cookie X-XSRF-TOKEN=txa2IjDvnBzkqhrtAxBM9XiM1Wwryt05y7UswmTC; path=/; domain=www.pakbreed.com
Set-Cookie laravel_session=eyJpdiI6Ilo2TVg4ZEFDRVVpTU12UFlKMjVYQXc9PSIsInZhbHVlIjoiTzNTT2Z2UE5FbkFaenlmdHFUS2pOVUdVd2luZ1pFRDdpM1liSUQ5K0pxV0psQVVURG5pamMrbTE4ZU1nSkZXSklZbnlpV2R3T0plRG5ZZDk1TTB1ZFE9PSIsIm1hYyI6ImY4NjlkMmQ3ZWZmNGU0ZTJlMTM0ZWY5YjllMzc0MzcyODA3NDBjYTlmZTUzOGE3ODlkZDk0NDUyOTYxOTEzYjYifQ%3D%3D; expires=Fri, 04-Jan-2019 18:01:38 GMT; Max-Age=86400; path=/; httponly
Vary Accept-Encoding,User-Agent
X-Powered-By PHP/7.2.13
Expect-CT max-age =604800, report-uri=https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Server cloudflare
CF-RAY 49375f2f2ae41e71-SJC

Missing Headers

Strict-Transport-Security HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. Recommended value “Strict-Transport-Security: max-age=31536000; includeSubDomains”.
Content-Security-Policy Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.
X-Frame-Options X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. Recommended value “X-Frame-Options: SAMEORIGIN”.
X-XSS-Protection X-XSS-Protection sets the configuration for the cross-site scripting filter built into most browsers. Recommended value “X-XSS-Protection: 1; mode=block”.
X-Content-Type-Options X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is “X-Content-Type-Options: nosniff”.
Referrer-Policy Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
Feature-Policy Feature Policy is a new header that allows a site to control which features and APIs can be used in the browser.

#27

the result is Big F by the way


#28

Yeah I know how it looks like - I pasted this information above already. You just asked me of a simple way to get the data yourself, so I have provided one.

You can look at the Cache-Control header, and see it says “no-cache” and “private”.

As for the “F”, it discusses other things related to security (as might be understood from the domain name of the service…), not caching.


#29

thank you so what should i do to solve this “no-cache” and “private”.
should i contact my hosting provider?


#30

Only if it’s your HTTP server sending them on its’ own. Likely it’s not and it’s your app… having the hosting company do that by default doesn’t make sense for them: It means they get more load because nothing is cached on proxies/clients’ computers.


#31

can you advise me which file i need to edit? i can request my developer to check it so we can allow cloudflare to cache every thing.


#32

No, I am not familiar with your app. Your developer should know things like that, it’s quite basic. If they don’t, I would personally hire a different developer…

You might search for ‘max-age’ throughout the whole source code with a tool like grep… but in order to understand where it is OK to change things like that and where not, you need to understand the design of your system - that’s the developer’s job…


#33

thank you so much for your help. i will check this, meanwhile i am using cache every thing page rule i am not sure if it will help. but if you could send me correct settings for this rule i can do that my self.

these are my desired results from this rule. i want cloudflare to cache everything and load only new content ASAP as my site is dynamic site so i want cloudflare to check for new content regularly ASAP.
If user is searching some thing old then it should be presented from cloudflare chache.


#34

“ASAP” and “use cache” are mutually exclusive. If you get from cache you don’t get latest data. You need to choose a balance for cache that is useful on one hand to not contact your server, and, on the other hand, that sometimes your server will be contacted to get fresh data at a relatively quick manner…


#35

Thanks for replying. I hope i can do settings like that cloudflare should check after every 20 or 30 minutes to look for new content and cache it. Can you advise if it is possible by page rule for the whole site. if yes then how? what settings should i use in page rule to achieve this.


#36

I did not use Page Rules myself (I just do my stuff on the server side where I get the most flexibility and have no limits), but “Edge Cache TTL” and “Browser Cache TTL” sounds like the right setting for this. You may also be required to play with “Cache Level” if you want to drop/ignore query strings for the purpose of cache (or “Cache Everything”) - but do note that it means that multiple users that are supposed to see different things on the same URL - will see content from the other users (as mentioned above with “You’re logged in as…”) - and you really don’t want that (in fact it’s a security issue, because one user can see other users’ data)


#37

thank you for your valuable time.


#38

This topic was automatically closed after 14 days. New replies are no longer allowed.