Two cache-control headers?

#1

I have several Wordpress sites now running through Cloudflare Free. I installed the Cloudflare plugin, applied defaults, enabled automatic caching, and set CF to respect existing headers. I’m also running Hummingbird in Wordpress for page caching. Various web page speed tests suggest I’m caching at 100% on my JS/CSS/Images, but I’m seeing two problems:

  1. In Cloudflare analytics, my cached rate is running at only .5%-1.5% even after letting it run for days.

  2. My JS/CSS/Images are showing only one cache-control header (which corresponds to what I set in my htaccess), but, for the static HTML files generated by Hummingbird, I’m seeing two cache-control headers:

cache-control: max-age=3600, must-revalidate
cache-control: max-age=31536000 (this is from my htaccess)

When I turn on Cloudfare Dev mode, the first cache-control header goes away.

I currently have no page rules set.

How do I get Cloudflare to respect existing headers on static HTML and not issue a second cache-control directive? I don’t think that alone is causing my poor cached rate in Cloudflare, but I don’t think it’s helping my performance because I think the 3600 seconds is winning out, even though Cloudflare’s documentation says it won’t.

Any help would be appreciated!

#2

If you do not have any page rule set, your HTML will not be cached by Cloudflare. By default, Cloudflare will cache only static files.

You need a page rule with a Cache Level: Cache Everything setting to enable caching of the generated HTML on your WordPress site. You’d also want to have another page rule to avoid caching /wp-admin/ and /wp-login.php areas. For example (the order matters, as just one page rule is triggered for each URL):

example.com/wp-*
Settings:
Origin Cache Control: ON
Security Level: High
Rocket Loader OFF

example.com/*
Settings:
Cache Level: Cache Everything
Edge Cache TTL: 1 week
Browser Cache TTL: 1 day

Of course you should adjust the settings according to your website content and audience.

As for the other issue, if you don’t mind revealing your domain, it would increase the chances that someone from this Community will be able to help you further. Otherwise, I’d suggest you open a Support ticket.