cancel
Showing results for 
Search instead for 
Did you mean: 

Using Policies to insert Cache-Control Headers

SteveEason
Cirrus
Cirrus

We've implemented several rules into a policy which we are applying to our sites to do several functions, like inserting cache-control, pragma and removing X-powered-by, etc. We have a developer who is complaining because one site they have that they want to ensure isn't caching content, isn't working as they intended. He has noticed that not all the files are showing the cache rules on them. Here are the Rules we have in place specifically to this.

 

Conditions:

HTTP Header full string named 'Cache-Control' is not 'no-cache', 'no-store', 'must-revalidate', or 'no-cache, no-store, must-revalidate' at response time.

Actions:

Insert HTTP Header named 'Cache-Control' with value 'no-cache, no-store, must-revalidate' at response time.

 

I'm concerned that we aren't using it correctly or that it doesn't work inside of a policy. Or that there is a misunderstanding that it won't show on specific files.

 

FYI, to evaluate, we are opening up the page in Chrome, opening Developer tools. and then viewing the results in the Network tab. When clicking on individual named items on the left, we can see the applied Response and Request headers.

 

1 ACCEPTED SOLUTION

Ivan_Chernenkii
F5 Employee
F5 Employee

Hello Steve,

 

As I understand, you need to use a little bit different rules:

  1. If no "Cache-Control" header, then insert it in response with appropriate values
  2. If "Cache-Control" header exists, then replace its values with your values.

Thanks, Ivan

View solution in original post

2 REPLIES 2

Ivan_Chernenkii
F5 Employee
F5 Employee

Hello Steve,

 

As I understand, you need to use a little bit different rules:

  1. If no "Cache-Control" header, then insert it in response with appropriate values
  2. If "Cache-Control" header exists, then replace its values with your values.

Thanks, Ivan

SteveEason
Cirrus
Cirrus

Thank you. I've adjusted our policies based on your information and it appears to have fixed the issues. The policy now has 2 rules, that look like the following.

 

Rule 1:

Conditions:

HTTP Header full string named 'Cache-Control' does not exist at response time.

Actions:

Insert HTTP Header named 'Cache-Control' with value 'no-cache, no-store, must-revalidate' at response time.

 

Rule 2:

Conditions:

HTTP Header full string named 'Cache-Control' exists at response time.

Actions:

Replace HTTP Header named 'Cache-Control' with value 'no-cache, no-store, must-revalidate' at response time