Origin Cache-Control Headers Not Passed by CF
Hi guys, for some reason Cloudflare is not passing the cache control headers I've specified in my apache configuration on ONE domain only. My other website passes its cache control values through Cloudflare just fine. I've verified through using
Any help or insights you could provide will be helpful! Thanks!
curl -Icurl -IRespect Existing HeadersRespect Existing HeadersAny help or insights you could provide will be helpful! Thanks!
<IfModule mod_ssl.c>
<VirtualHost *:443>
#### Virtual Host Configuration for my.website
ServerAdmin webmaster@my.website
ServerName my.website
ServerAlias www.my.website
DocumentRoot /var/www/my.website
<Directory /var/www/my.website>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
#### Cache rules and security headers
<IfModule mod_headers.c>
## Security headers
<IfModule mod_rewrite.c>
RewriteEngine On
#### RewriteRule ^ - [E=CSP_NONCE:%{UNIQUE_ID}e]
</IfModule>
## CORS headers
Header always set Access-Control-Allow-Origin "https://my.website https://cloudflareinsights.com"
Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS"
Header always set Access-Control-Allow-Headers "Content-Type, Authorization"
Header always set Content-Security-Policy "default-src 'self'; style-src 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com; img-src 'self'; script-src 'self' https://static.cloudflareinsights.com 'nonce-%{CSP_NONCE}e'; connect-src 'self' https://cloudflareinsights.com; object-src 'none';"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
## Cache Control Rules - Specific Rules First
<FilesMatch "\.(ttf|otf|eot|woff|woff2)$">
Header set Cache-Control "max-age=31536000, public, immutable"
</FilesMatch>
<FilesMatch "\.(jpg|jpeg|png|gif|ico|webp|svg)$">
Header set Cache-Control "max-age=31536000, public"
</FilesMatch>
<FilesMatch "\.(css|js)$">
Header set Cache-Control "max-age=2628000, public"
</FilesMatch>
<FilesMatch "\.(html|htm)$">
Header set Cache-Control "max-age=3600, public"
</FilesMatch>
<FilesMatch ".*">
Header setifempty Cache-Control "max-age=604800, public"
</FilesMatch>
</IfModule>
#### SSL Configuration
#[redacted]
#### Logging
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
</IfModule><IfModule mod_ssl.c>
<VirtualHost *:443>
#### Virtual Host Configuration for my.website
ServerAdmin webmaster@my.website
ServerName my.website
ServerAlias www.my.website
DocumentRoot /var/www/my.website
<Directory /var/www/my.website>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
#### Cache rules and security headers
<IfModule mod_headers.c>
## Security headers
<IfModule mod_rewrite.c>
RewriteEngine On
#### RewriteRule ^ - [E=CSP_NONCE:%{UNIQUE_ID}e]
</IfModule>
## CORS headers
Header always set Access-Control-Allow-Origin "https://my.website https://cloudflareinsights.com"
Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS"
Header always set Access-Control-Allow-Headers "Content-Type, Authorization"
Header always set Content-Security-Policy "default-src 'self'; style-src 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com; img-src 'self'; script-src 'self' https://static.cloudflareinsights.com 'nonce-%{CSP_NONCE}e'; connect-src 'self' https://cloudflareinsights.com; object-src 'none';"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
## Cache Control Rules - Specific Rules First
<FilesMatch "\.(ttf|otf|eot|woff|woff2)$">
Header set Cache-Control "max-age=31536000, public, immutable"
</FilesMatch>
<FilesMatch "\.(jpg|jpeg|png|gif|ico|webp|svg)$">
Header set Cache-Control "max-age=31536000, public"
</FilesMatch>
<FilesMatch "\.(css|js)$">
Header set Cache-Control "max-age=2628000, public"
</FilesMatch>
<FilesMatch "\.(html|htm)$">
Header set Cache-Control "max-age=3600, public"
</FilesMatch>
<FilesMatch ".*">
Header setifempty Cache-Control "max-age=604800, public"
</FilesMatch>
</IfModule>
#### SSL Configuration
#[redacted]
#### Logging
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
</IfModule>curl -Icurl -Icurl -I --resolve my.website:443:127.0.0.1 https://my.website/assets/fonts/Cinzel-Regula
r.ttf
[omitted lines to save space]
Cache-Control: max-age=31536000, public, immutable
Content-Type: font/ttfcurl -I --resolve my.website:443:127.0.0.1 https://my.website/assets/fonts/Cinzel-Regula
r.ttf
[omitted lines to save space]
Cache-Control: max-age=31536000, public, immutable
Content-Type: font/ttf
Welcome to the official Cloudflare Developers server. Here you can ask for help and stay updated with the latest news
85,042Members
Resources
Was this page helpful?
