milcomp
Forum Replies Created
-
@mateuszgbiorczyk Did you test it with an added Cookie header as well? 🙂 Try it, it won’t be a Cache HIT.
@mateuszgbiorczyk Yes, I understand that from the plugin’s perspective everything is configured correctly. However, the issue is that in practice, it doesn’t work on real production sites.
The problem is that Cloudflare PRO plan does not cache resources with Vary: Accept header when cookies are present in the request – and practically every visitor has tracking cookies (Google
Analytics, Facebook Pixel, marketing tools, etc.).So while your plugin correctly configures everything and removes Cache-Control: private, Cloudflare itself bypasses the cache due to the combination of cookies + Vary header. This means:
- ✅ Works in testing (curl without cookies) → HIT
- ❌ Fails in production (real users with cookies) → BYPASS
- ❌ No CDN benefit, all traffic hits origin server If your plugin’s concept relies on Cloudflare’s “Vary for Images” feature, you should be aware: It will not work on most real-world sites where visitors have tracking cookies – which is basically
every site using analytics.
This appears to be a Cloudflare PRO plan limitation, not a plugin issue. But it makes the nginx routing approach incompatible with real production CDN usage.
Perhaps the documentation should mention this limitation, or consider an alternative approach that doesn’t rely on Vary: Accept for sites on Cloudflare PRO plans?
Cheers!
Marton@mateuszgbiorczyk I discovered the root cause of the BYPASS issue. It’s related to cookies in the request.
Test Results:
When I test with curl without cookies, I get a HIT:
curl -I “https://vates.hu/wp-content/uploads/2025/11/image.jpg” \
-H “Accept: image/webp”
Result: CF-Cache-Status: HIT ✅However, when I include cookies (like the ones set by WordPress analytics plugins such as Sourcebuster.js – sbjs_* cookies, or Facebook Pixel _fbp cookies), I get BYPASS:
curl -I “https://vates.hu/wp-content/uploads/2025/11/image.jpg” \
-H “Accept: image/webp” \
-H “Cookie: sbjs_migrations=…; _fbp=…”
Result: CF-Cache-Status: BYPASS ❌The Problem:
In real-world production environments, almost all visitors have cookies set by analytics/marketing plugins (Google Analytics, Facebook Pixel, etc.). This means images are never cached by Cloudflare
CDN – defeating the entire purpose of using a CDN.According to https://developers.cloudflare.com/cache/advanced-configuration/vary-for-images/, the “Vary for Images” feature should work with PRO plans. However, it appears that when the Vary:
Accept header is combined with cookies in the request, Cloudflare bypasses the cache.I’ve already tried:
- ✅ Cloudflare Variants API is configured correctly (shown in my previous message)
- ✅ Removed Cache-Control: private from nginx config
- ✅ Created Cache Rules in Cloudflare to force caching for /wp-content/uploads/*
- ✅ Purged Cloudflare cache multiple times
- ❌ Still getting BYPASS when cookies are present
Question: Is this a known limitation of the Cloudflare PRO plan with the Vary: Accept header? Does this plugin only work properly with Cloudflare Business/Enterprise plans, or am I missing something in the configuration?
Any guidance would be greatly appreciated!
Best,
MartonWhat I really don’t understand, that in CF the Vary is successfully configured by the plugin:
curl "https://api.cloudflare.com/client/v4/zones/3df2cfb4672039e0df74d3b33b98ab30/cache/variants" \
--header "Authorization: Bearer ***"
{
"result": {
"editable": true,
"id": "variants",
"modified_on": "2025-11-20T13:09:13.770148Z",
"value": {
"gif": [
"image/gif",
"image/webp",
"image/avif"
],
"jpeg": [
"image/jpeg",
"image/webp",
"image/avif"
],
"jpg": [
"image/jpeg",
"image/webp",
"image/avif"
],
"png": [
"image/png",
"image/webp",
"image/avif"
],
"webp": [
"image/webp",
"image/avif"
]
}
},
"success": true,
"errors": [],
"messages": []
}However, still no HIT :’)
Thanks for the quick Reply! I sent you on Slack and to the hello@mattplugins.com address as well. Sorry, wouldn’t share the hosting details here, I hope you understand. Thank you!
