Great,
My site is classfified site where users are posting ads daily same like gumtree.
for these kind of sites is it good option to use cloudflare? or it is only for statics sites?
My contect is cacheable for sure. but on my site there are more images than text
Images are especially good for caching (but you need to make sure youâre not sending from your server directives not to cache them!), and thus, cloudflare
But even if your images are cached - if the HTML youâre serving is never cached, for the loading of the HTML itself (and not all subsequent images), Cloudflare will have to go to your server, at least for the initial HTML. And if THAT is slow, users might not like the experience. Ideally if you donât have customized content (or at least, for not logged-in users), and all users get exactly the same page, you should make it cacheable.
One technique you might opt to choose if you must do customization for a little part of the page, is to serve the HTML in a static manner quickly from cache, and after page load is complete, in the bottom of the page, call Javascript to dynamically make additional calls for the server for the little parts that are different between users. That way, the site will appear to load fast, and only little portions will populate later, such as âLogged in user: Customer nameâ. etc.
great i understood what you mean.
the issue is i am not technically strong enough. Does it require code modification?
or is there any online tool to check if my script allows cloudflare to chache every thing including html code?
This is the result
fl=60f4 h=[dottpk.com](http://dottpk.com)
ip=37.127.11.116 ts=1546506676.978 visit_scheme=https uag=Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/71.0.3578.89 Mobile/15E148 Safari/605.1 colo=DXB http=h2 loc=SA tls=TLSv1.2 sni=plaintext
It really depends what is sending this header for you. If itâs your web server, statically on all objects, then itâs a web server configuration change.
If itâs your app (if the HTTP server config doesnât have anything set, then likely it just passes whatever the app sends), then what the app sends need to be changed. There may be an âadmin settingsâ place to do that (depending on the app), or you may have to change the code if itâs hard-coded in it.
To check the headers of a URL, you can paste it here: https://securityheaders.com/ and you could see the Cache-Control header.
thank you for helping below is the result.
Raw Headers
| HTTP/1.1 | 200 OK |
|---|---|
| Date | Thu, 03 Jan 2019 18:01:38 GMT |
| Content-Type | text/html; charset=UTF-8 |
| Transfer-Encoding | chunked |
| Connection | keep-alive |
| Set-Cookie | __cfduid=dd5c7cd98e0b65ee3cf972dddf44114b91546538498; expires=Fri, 03-Jan-20 18:01:38 GMT; path=/; domain=.pakbreed.com; HttpOnly; Secure |
| Cache-Control | no-cache, private |
| Cf-Railgun | direct (starting new WAN connection) |
| Set-Cookie | ip_country_code=us; expires=Fri, 02-Jan-1970 00:00:00 GMT; Max-Age=0; path=/; domain=www.pakbreed.com |
| Set-Cookie | X-XSRF-TOKEN=txa2IjDvnBzkqhrtAxBM9XiM1Wwryt05y7UswmTC; path=/; domain=www.pakbreed.com |
| Set-Cookie | laravel_session=eyJpdiI6Ilo2TVg4ZEFDRVVpTU12UFlKMjVYQXc9PSIsInZhbHVlIjoiTzNTT2Z2UE5FbkFaenlmdHFUS2pOVUdVd2luZ1pFRDdpM1liSUQ5K0pxV0psQVVURG5pamMrbTE4ZU1nSkZXSklZbnlpV2R3T0plRG5ZZDk1TTB1ZFE9PSIsIm1hYyI6ImY4NjlkMmQ3ZWZmNGU0ZTJlMTM0ZWY5YjllMzc0MzcyODA3NDBjYTlmZTUzOGE3ODlkZDk0NDUyOTYxOTEzYjYifQ%3D%3D; expires=Fri, 04-Jan-2019 18:01:38 GMT; Max-Age=86400; path=/; httponly |
| Vary | Accept-Encoding,User-Agent |
| X-Powered-By | PHP/7.2.13 |
| Expect-CT | max-age =604800, report-uri= âhttps://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ctâ |
| Server | cloudflare |
| CF-RAY | 49375f2f2ae41e71-SJC |
Missing Headers
| Strict-Transport-Security | HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. Recommended value âStrict-Transport-Security: max-age=31536000; includeSubDomainsâ. |
|---|---|
| Content-Security-Policy | Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. |
| X-Frame-Options | X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. Recommended value âX-Frame-Options: SAMEORIGINâ. |
| X-XSS-Protection | X-XSS-Protection sets the configuration for the cross-site scripting filter built into most browsers. Recommended value âX-XSS-Protection: 1; mode=blockâ. |
| X-Content-Type-Options | X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is âX-Content-Type-Options: nosniffâ. |
| Referrer-Policy | Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites. |
| Feature-Policy | Feature Policy is a new header that allows a site to control which features and APIs can be used in the browser. |
Yeah I know how it looks like - I pasted this information above already. You just asked me of a simple way to get the data yourself, so I have provided one.
You can look at the Cache-Control header, and see it says âno-cacheâ and âprivateâ.
As for the âFâ, it discusses other things related to security (as might be understood from the domain name of the serviceâŚ), not caching.
thank you so what should i do to solve this âno-cacheâ and âprivateâ.
should i contact my hosting provider?
Only if itâs your HTTP server sending them on itsâ own. Likely itâs not and itâs your app⌠having the hosting company do that by default doesnât make sense for them: It means they get more load because nothing is cached on proxies/clientsâ computers.
can you advise me which file i need to edit? i can request my developer to check it so we can allow cloudflare to cache every thing.
No, I am not familiar with your app. Your developer should know things like that, itâs quite basic. If they donât, I would personally hire a different developerâŚ
You might search for âmax-ageâ throughout the whole source code with a tool like grep⌠but in order to understand where it is OK to change things like that and where not, you need to understand the design of your system - thatâs the developerâs jobâŚ
thank you so much for your help. i will check this, meanwhile i am using cache every thing page rule i am not sure if it will help. but if you could send me correct settings for this rule i can do that my self.
these are my desired results from this rule. i want cloudflare to cache everything and load only new content ASAP as my site is dynamic site so i want cloudflare to check for new content regularly ASAP.
If user is searching some thing old then it should be presented from cloudflare chache.
âASAPâ and âuse cacheâ are mutually exclusive. If you get from cache you donât get latest data. You need to choose a balance for cache that is useful on one hand to not contact your server, and, on the other hand, that sometimes your server will be contacted to get fresh data at a relatively quick mannerâŚ
Thanks for replying. I hope i can do settings like that cloudflare should check after every 20 or 30 minutes to look for new content and cache it. Can you advise if it is possible by page rule for the whole site. if yes then how? what settings should i use in page rule to achieve this.
I did not use Page Rules myself (I just do my stuff on the server side where I get the most flexibility and have no limits), but âEdge Cache TTLâ and âBrowser Cache TTLâ sounds like the right setting for this. You may also be required to play with âCache Levelâ if you want to drop/ignore query strings for the purpose of cache (or âCache Everythingâ) - but do note that it means that multiple users that are supposed to see different things on the same URL - will see content from the other users (as mentioned above with âYouâre logged in asâŚâ) - and you really donât want that (in fact itâs a security issue, because one user can see other usersâ data)