I am taking my effing time to respond to your question, to analyse why your effing domain does not cache because you are unable to configure your server correctly and instead of reading and applying my responses you call me an effing spammer?!
I seriously think I have had it. Seriously, whats wrong with you people! Un-effing-believable!
When not enabled, CF will return the origin’s HSTS headers to the browser.
It’d be simpler to link all of them
Custom error pages will only take effect if CF is having issues connecting to your server, or if a user hits a “challenge page” (used to prevent bad bots from getting to your site)
You can add, manage, and remove apps by going to the “apps” page of the dashboard.
The security headers website I linked above and gf.dev both report these two headers that I have never added anywhere on my server: Cache-control max-age=0, no-cache, no-store, must-revalidate Pragma no-cache
For HSTS, it turns out that my max-age is set to 0 in CF. That must be the default option that I overlooked during the setup and assumed that a value of 0 wouldn’t modify my existing max-age directive. So that mystery is solved.
Thank you for the links. I’ll admit I haven’t read up on those other features because performance and security are more of a priority. But on the subject of custom error pages, does that include the AlwaysOnline feature? Because the description says it makes CF serve a cached version of my website when it’s offline, but that’s not what happened in my testing. I got the CF error page with the “retry for live version” button.
Regarding apps that run a worker, does that mean they aren’t usable without paying to use their workers?