Skip to content

Cloudflare caching per origin despite Vary not including Origin #1254

New issue
New issue
Open
Open
Cloudflare caching per origin despite Vary not including Origin#1254
@ChaseMalik

Description

@ChaseMalik
ChaseMalik
opened on Dec 8, 2025

It seems as though esm.sh is set up to cache responses per requesting origin, despite the Vary header not including Origin.

Is this intentional?

Based on the following:

(MISS - https://www.example.com)

curl -I -H "Origin: https://www.example.com" https://esm.sh/react@19.2.1/es2022/react.mjs
HTTP/2 200 
date: Mon, 08 Dec 2025 17:14:09 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 03 Dec 2025 15:28:37 GMT
server: cloudflare
vary: Accept-Encoding
cf-cache-status: MISS
cf-ray: 9aade5c2b819edec-LHR
alt-svc: h3=":443"; ma=86400

(HIT - https://www.example.com)

curl -I -H "Origin: https://www.example.com" https://esm.sh/react@19.2.1/es2022/react.mjs
HTTP/2 200 
date: Mon, 08 Dec 2025 17:14:21 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 03 Dec 2025 15:28:37 GMT
server: cloudflare
vary: Accept-Encoding
age: 11
cf-cache-status: HIT
cf-ray: 9aade60bbb144a37-LHR
alt-svc: h3=":443"; ma=86400

(MISS - https://www.exampl.com - missing e)

curl -I -H "Origin: https://www.exampl.com" https://esm.sh/react@19.2.1/es2022/react.mjs
HTTP/2 200 
date: Mon, 08 Dec 2025 17:14:27 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 03 Dec 2025 15:28:37 GMT
server: cloudflare
vary: Accept-Encoding
cf-cache-status: MISS
cf-ray: 9aade6301d1cbea4-LHR
alt-svc: h3=":443"; ma=86400

(MISS - https://www.examp.com - missing le)

curl -I -H "Origin: https://www.examp.com" https://esm.sh/react@19.2.1/es2022/react.mjs
HTTP/2 200 
date: Mon, 08 Dec 2025 17:23:48 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 03 Dec 2025 15:28:37 GMT
server: cloudflare
vary: Accept-Encoding
cf-cache-status: MISS
cf-ray: 9aadf3e2f982ef05-LHR
alt-svc: h3=":443"; ma=86400

(HIT - https://www.exampl.com - missing e)

curl -I -H "Origin: https://www.exampl.com" https://esm.sh/react@19.2.1/es2022/react.mjs
HTTP/2 200 
date: Mon, 08 Dec 2025 17:24:38 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 03 Dec 2025 15:28:37 GMT
server: cloudflare
vary: Accept-Encoding
age: 611
cf-cache-status: HIT
cf-ray: 9aadf51d3f0611ce-LHR
alt-svc: h3=":443"; ma=86400

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions