Default cache policy and cache configuration validation logic - Edge Security Acceleration

When you use Edge Security Acceleration (ESA) to accelerate the delivery of static resources on the origin server, ESA caches the resources on the point of presence (POP) that is nearest to the client. Then, you can access and obtain the static resources from the POP instead of the origin server. This prevents origin pulls over a long route and speeds up content delivery. All POPs are equipped with caching systems. When a user or an origin server interacts with a POP, the caching system caches resources from the origin server and specifies a time-to-live (TTL) for the cached resources.

Default cache policy

Cache configurations take effect only for client requests that are sent to the cache component of ESA. To determine whether a client request is sent to the cache component, perform the following steps:

Determine whether the request is of the GET or HEAD type.
Determine whether the request meets the conditions specified in a cache rule. If the request meets the conditions, the request uses the cache rule instead of the global cache settings. For more information, see Cache configuration validation logic.
Determine whether the type of the requested file is one of the file types listed in Extensions for default cached files. If the type of the requested file is one of the file types, the request uses the global cache settings.

Extensions for default cached files

By default, a request goes to the cache component only if the extension of the requested file is one of the extensions listed in the following table. In this case, ESA caches the file based on its matching cache rule. The TTL of the cached resource is determined by the cache rule hit by the resource.

Note

If the resource types that you want to cache are not in the following table, create a cache rule for resources of such types. For more information, see Rules engine.

File type	File name extension
Documents	.doc and .docx: Microsoft Word documents. .ppt and .pptx: Microsoft PowerPoint presentations. .pdf: portable documents. .csv: comma-separated value files.
Image files	.bmp: bitmap images. .gif: Graphics Interchange Format (GIF) images. .ico: icon images. .jpeg and .jpg: Joint Photographic Experts Group (JPEG) images. .png: Portable Network Graphics (PNG) images. .svg, .svgz: Scalable Vector Graphics (SVG) images. .tif and .tiff: Tagged Image File Format (TIFF) images. .webp: WebP images, which support both lossy and lossless compression.
Audio files	.mp3: MPEG-1 Audio Layer III (MP3) files. .flac: Free Lossless Audio Codec (FLAC) files. .mid and .midi: Musical Instrument Digital Interface (MIDI) files.
Video files	.avi: Audio Video Interleave (AVI) files. .mp4: MPEG-4 (MP4) files. .mkv: Matroska Video (MKV) files. .webm: an open media container format that supports video and audio.
Compressed files	.7z: 7-Zip files. .gz: GNU Gzip files. .rar: RAR files. .tar: TAR files. .zip: ZIP files. .zst: Zstandard files.
Executable files (executable programs/installation packages)	.apk: Android package files. .bin: binary files, which are often used for firmware updates. .class: Java bytecode files. .dmg: macOS disk image files. .exe: Windows executable files. .jar: Java archive (JAR) files. .msi: Windows installer files. .iso: ISO image files.
Font files	.eot: Embedded OpenType (EOT) font files. .otf: OpenType font (OTF) files. .ttf: TrueType font (TTF) files. .woff, .woff2: Web Open Font Format (WOFF) files.
Script and code files	.css: Cascading Style Sheets (CSS) files. .ejs: Embedded JavaScript (EJS) template files. .js: JavaScript (JS) files.
Design and vector graphics files	.eps: Encapsulated PostScript (EPS) files. .pict: Apple PICT files. .ps: PostScript (PS) files. .swf: Shockwave Flash (SWF) files.

Cache configuration validation logic

The edge cache TTL has four options, each of which uses different cache configuration validation logic.

Honor Origin TTL or Use Default Cache Rule: If the response returned from the origin server contains the Cache-Control header, follow its directives. If the response returned from the origin server does not contain the Cache-Control header, cache resources according to the default cache policy of ESA. For more information, see Honor Origin TTL.
Honor Origin TTL or Do Not Cache: If the response returned from the origin server contains the Cache-Control, Expires, Last-Modified, or ETag header, follow its directives. If the response returned from the origin server does not contain the Cache-Control, Expires, Last-Modified, or ETag header, do not cache resources. For more information, see Honor Origin TTL or Do Not Cache.
Do Not Cache: All resources retrieved from the origin server are not cached on POPs.
Use Custom TTL: The cache policy specified by the Cache-Control, Expires, Last-Modified, or ETag header in the response returned from the origin server is ignored and the TTL specified in ESA is used.

Honor Origin TTL

If the response returned from the origin server contains the Cache-Control header, follow its directives

The Cache-Control header in a response returned from the origin server specifies one of the following policies:

If the Cache-Control header has one of the following directives, the resource is not cached.
- cache-control:no-cache
- cache-control:no-store
- cache-control:max-age=0
If the Cache-Control header contains the max-age or s-maxage directive, and the max-age or s-maxage directive is set to a value that is greater than 0, such as 3600, the TTL specified by the directive is used. If both the max-age and s-maxage directives exist, the value of the s-maxage directive prevails.

If the response returned from the origin server does not contain the Cache-Control header, follow the default cache policy

If the response returned from the origin server does not contain the Cache-Control header, the default cache policy of ESA is used. Headers in responses from the origin server are in the following descending order of priority: Expires > Last-Modified > ETag.

If the response returned from the origin server contains the Expires header, such as Expires:Tue, 25 Nov 2031 17:25:43 GMT, ESA honors the cache expiration set in the Expires header.
If the response returned from the origin server does not contain the Expires header but contains the Last-Modified header, the TTL is calculated based on the following rules:
- TTL = (Current time - Value of Last-Modified) × 0.1. If the value is from 10 seconds to 3,600 seconds, the actual value is used. If the value is less than 10 seconds, the TTL is 10 seconds. If the value is greater than 3,600 seconds, the TTL is 3,600 seconds.
If the response returned from the origin server contains only the ETag header, the TTL is 10 seconds.
If the response returned from the origin server does not contain the Cache-Control, Expires, ETag, or Last-Modified header, the resource is not cached.

Honor Origin TTL or Do Not Cache

Determine the cache policy of the origin server

To determine the cache policy of the origin server, you need to only check whether the response returned from the origin server contains the Cache-Control header. If the response does not contain the header, the resource is not cached. If the response contains the header, one of the following policies applies:

If the Cache-Control header contains the no-cache, no-store, or max-age=0 directive, the resource is not cached.
If the Cache-Control header contains the max-age or s-maxage directive, and the max-age or s-maxage directive is set to a value that is greater than 0, such as 3600, the TTL specified by the directive is used. If both the max-age and s-maxage directives exist, the value of the s-maxage directive prevails.

Cache status response

The response returned from POPs contains the X-Site-Cache-Status header, which indicates the cache status of the requested resource. The following table describes all cache statuses.

Status	Description
HIT	The resource is found in the cache of the POP and has not expired. The POP returns the cached resource to the client.
MISS	The resource is not found in the cache of the POP. The POP retrieves the resource from the origin server and then returns the resource to the client.
EXPIRED	The resource is found in the cache of the POP but has expired. The POP retrieves the resource from the origin server and then returns the resource to the client.
STALE	The resource is found in the cache of the POP but has expired. In the following cases, the POP cannot access the origin server to retrieve the updated resource and then returns the expired resource to the client: A cache rule is configured to serve stale content when the origin response times out or an HTTP 5xx status code is responded. Honor Origin TTL is enabled in ESA, the response returned from the origin server contains the stale-while-revalidate header, and the current time is not later than the time specified in the stale-while-revalidate header.
BYPASS	BYPASS is returned if Honor Origin TTL is set and the origin server returns the Cache-Control:no-cache, Cache-Control:no-store, or Cache-Control:max-age=0 header.
REVALIDATED	The resource is found in the cache of the POP but has expired. The POP retrieves the resource from the origin server and re-validates the resource by using the If-Modified-Since or If-None-Match header. If the origin server returns Status Code:304 Not Modified, the resource has not changed. Then, the POP returns the cached resource to the client.
DYNAMIC	In the following cases, the POP considers the resource to be dynamic content, retrieves the resource from the origin server, and returns the resource to the client: The resource is not of the type listed in the preceding table and is not in the static request range defined by cache rules. Development Mode is enabled in global cache settings. Bypass Cache is selected in a cache rule.