Cache keys
A Cache Key is an identifier that Cloudflare uses for a file in our cache, and the Cache Key Template defines the identifier for a given HTTP request.
A default cache key includes:
- Full URL:
- scheme - could be HTTP or HTTPS.
- host - for example,
www.cloudflare.com
- URI with query string - for example,
/logo.jpg
- Origin header sent by client (for CORS support).
x-http-method-override
,x-http-method
, andx-method-override
headers.x-forwarded-host
,x-host
,x-forwarded-scheme
(unless http or https),x-original-url
,x-rewrite-url
, andforwarded
headers.
Custom cache keys let you precisely set the cacheability setting for any resource. They provide the benefit of more control, though they may reduce your cache hit rate and result in cache sharding:
- Log in to your Cloudflare dashboard ↗, and select your account and domain.
- Go to Caching > Cache Rules.
- Select Create rule.
- Under When incoming requests match, define the rule expression.
- Under Then, in the Cache eligibility section, select Eligible for cache.
- Add the Cache Key setting to the rule and select the appropriate Query String setting.
- You can also select settings for Headers, Cookie, Host, and User.
- To save and deploy your rule, select Deploy. If you are not ready to deploy your rule, select Save as Draft.
There are a couple of common reasons to change the Cache Key Template. You might change the Cache Key Template to:
- Fragment the cache so one URL is stored in multiple files. For example, to store different files based on a specific query string in the URL.
- Consolidate the cache so different HTTP requests are stored in the same file. For example, to remove the Origin header added to Cloudflare Cache Keys by default.
The $scheme
refers to the protocol (HTTP or HTTPS) sent to your origin web server, not the protocol received from the visitor. Therefore, setting the Cloudflare SSL option influences caching decisions. For example, when using Flexible SSL, Cloudflare only attempts to connect to your origin web server via HTTP. This means that Cloudflare serves the same cached resource for visitor requests via either HTTP or HTTPS, since Flexible SSL instructs Cloudflare to connect to an origin solely over HTTP.
It is important to understand how SSL setting changes affect the cache:
-
Switching from Off to Full, Full (strict), or Strict will change the origin scheme from HTTP to HTTPS. This results in a cache bust, meaning the cached content becomes invalid and needs to be re-fetched from the origin server.
-
Transitioning from Flexible to Full, Full (strict), or Strict changes the origin scheme from HTTP to HTTPS, causing a cache bust.
-
Downgrading from Full, Full (strict), or Strict to Flexible or Off changes the origin scheme from HTTPS to HTTP, resulting in a cache bust.
This behavior is important to consider when adjusting SSL settings, as any change in the origin scheme (HTTP to HTTPS or vice versa) triggers a cache reset.
A Cache Level of Ignore Query String creates a Cache Key that includes all the elements in the default cache key, except for the query string in the URI that is no longer included. For instance, a request for http://example.com/file.jpg?something=123
and a request for http://example.com/file.jpg?something=789
will have the same cache key, in this case.
The following fields control the Cache Key Template.
The query string controls which URL query string parameters go into the Cache Key. You can include
specific query string parameters or exclude
them using the respective fields. When you include a query string parameter, the value
of the query string parameter is used in the Cache Key.
If you include the query string foo in a URL like https://www.example.com/?foo=bar
, then bar appears in the Cache Key. Exactly one of include
or exclude
is expected.
- To include all query string parameters (the default behavior), use include: ”*”
- To ignore query strings, use exclude: ”*”
- To include most query string parameters but exclude a few, use the exclude field which assumes the other query string parameters are included.
Headers control which headers go into the Cache Key. Similar to Query String, you can include specific headers or exclude default headers.
When you include a header, the header value is included in the Cache Key. For example, if an HTTP request contains an HTTP header like X-Auth-API-key: 12345
, and you include the X-Auth-API-Key header
in your Cache Key Template, then 12345
appears in the Cache Key.
To check for the presence of a header without including its actual value, use the check_presence
option.
Currently, you can only exclude the Origin
header. The Origin
header is always included unless explicitly excluded. Including the Origin header ↗ in the Cache Key is important to enforce CORS ↗. Additionally, you cannot include the following headers:
- Headers that have high cardinality and risk sharding the cache
accept
accept-charset
accept-encoding
accept-datetime
accept-language
referer
user-agent
- Headers that re-implement cache or proxy features
connection
content-length
cache-control
if-match
if-modified-since
if-none-match
if-unmodified-since
range
upgrade
- Headers that are covered by other Cache Key features
cookie
host
- Headers that are specific to Cloudflare and prefixed with
cf-
, for example,cf-ray
- Headers that are already included in the custom Cache Key template, for example,
origin
Host determines which host header to include in the Cache Key.
- If
resolved: false
, Cloudflare includes theHost
header in the HTTP request sent to the origin. - If
resolved: true
, Cloudflare includes theHost
header that was resolved to get theorigin IP
for the request. In this scenario, theHost
header may be different from the header actually sent if the Cloudflare Resolve Override feature is used.
Like query_string
or header
, cookie
controls which cookies appear in the Cache Key. You can either include the cookie value or check for the presence of a particular cookie.
You cannot include cookies specific to Cloudflare. Cloudflare cookies are prefixed with __cf
, for example, __cflb
User feature fields add features about the end-user (client) into the Cache Key.
device_type
classifies a request asmobile
,desktop
, ortablet
based on the User Agentgeo
includes the client’s country, derived from the IP addresslang
includes the first language code contained in theAccept-Language
header sent by the client
Cache keys options availability varies according to your plan.
Free | Pro | Business | Enterprise | |
---|---|---|---|---|
Cache deception armor | Yes | Yes | Yes | Yes |
Cache by device type | Yes | Yes | Yes | Yes |
Ignore query string | Yes | Yes | Yes | Yes |
Sort query string | Yes | Yes | Yes | Yes |
Query string | No | No | No | Yes |
Headers | No | No | No | Yes |
Cookie | No | No | No | Yes |
Host | No | No | No | Yes |
User features | No | No | No | Yes |
The Prefetch feature is not compatible with the custom cache keys. With Cache Rules, the custom cache key is used to cache all assets. However, Prefetch always uses the default cache key. This results in a key mismatch.