Hi @milcomp,
Thank you for your message. I am sorry you have encountered a problem with our plugin. Do not worry, I will try to help you.
I want to see what might have gone wrong. Could you send me a screenshot of the Help Center tab in the plugin’s settings? I will check it because in this tab I have information about the status of your website.
Best,
Mateusz
Thanks for the quick Reply! I sent you on Slack and to the [email protected] address as well. Sorry, wouldn’t share the hosting details here, I hope you understand. Thank you!
What I really don’t understand, that in CF the Vary is successfully configured by the plugin:
curl "https://api.cloudflare.com/client/v4/zones/3df2cfb4672039e0df74d3b33b98ab30/cache/variants" \
--header "Authorization: Bearer ***"
{
"result": {
"editable": true,
"id": "variants",
"modified_on": "2025-11-20T13:09:13.770148Z",
"value": {
"gif": [
"image/gif",
"image/webp",
"image/avif"
],
"jpeg": [
"image/jpeg",
"image/webp",
"image/avif"
],
"jpg": [
"image/jpeg",
"image/webp",
"image/avif"
],
"png": [
"image/png",
"image/webp",
"image/avif"
],
"webp": [
"image/webp",
"image/avif"
]
}
},
"success": true,
"errors": [],
"messages": []
}
However, still no HIT :’)
@mateuszgbiorczyk I discovered the root cause of the BYPASS issue. It’s related to cookies in the request.
Test Results:
When I test with curl without cookies, I get a HIT:
curl -I “https://vates.hu/wp-content/uploads/2025/11/image.jpg” \
-H “Accept: image/webp”
Result: CF-Cache-Status: HIT ✅
However, when I include cookies (like the ones set by WordPress analytics plugins such as Sourcebuster.js – sbjs_* cookies, or Facebook Pixel _fbp cookies), I get BYPASS:
curl -I “https://vates.hu/wp-content/uploads/2025/11/image.jpg” \
-H “Accept: image/webp” \
-H “Cookie: sbjs_migrations=…; _fbp=…”
Result: CF-Cache-Status: BYPASS ❌
The Problem:
In real-world production environments, almost all visitors have cookies set by analytics/marketing plugins (Google Analytics, Facebook Pixel, etc.). This means images are never cached by Cloudflare
CDN – defeating the entire purpose of using a CDN.
According to https://developers.cloudflare.com/cache/advanced-configuration/vary-for-images/, the “Vary for Images” feature should work with PRO plans. However, it appears that when the Vary:
Accept header is combined with cookies in the request, Cloudflare bypasses the cache.
I’ve already tried:
- ✅ Cloudflare Variants API is configured correctly (shown in my previous message)
- ✅ Removed Cache-Control: private from nginx config
- ✅ Created Cache Rules in Cloudflare to force caching for /wp-content/uploads/*
- ✅ Purged Cloudflare cache multiple times
- ❌ Still getting BYPASS when cookies are present
Question: Is this a known limitation of the Cloudflare PRO plan with the Vary: Accept header? Does this plugin only work properly with Cloudflare Business/Enterprise plans, or am I missing something in the configuration?
Any guidance would be greatly appreciated!
Best,
Marton
@milcomp, the only possible plugin-level issue was a Cache-Control rule set to private. These rules are automatically removed in the /wp-content/.htaccess file when you configure Cloudflare. However, you need to manually remove them from the Nginx configuration.
You did this, and the returned headers for images have the Cache-Control header set to “max-age=31536000.” There are no other reasons within our plugin for Cloudflare’s cache to be disabled. The value should be HIT, not BYPASS.
@mateuszgbiorczyk Yes, I understand that from the plugin’s perspective everything is configured correctly. However, the issue is that in practice, it doesn’t work on real production sites.
The problem is that Cloudflare PRO plan does not cache resources with Vary: Accept header when cookies are present in the request – and practically every visitor has tracking cookies (Google
Analytics, Facebook Pixel, marketing tools, etc.).
So while your plugin correctly configures everything and removes Cache-Control: private, Cloudflare itself bypasses the cache due to the combination of cookies + Vary header. This means:
- ✅ Works in testing (curl without cookies) → HIT
- ❌ Fails in production (real users with cookies) → BYPASS
- ❌ No CDN benefit, all traffic hits origin server If your plugin’s concept relies on Cloudflare’s “Vary for Images” feature, you should be aware: It will not work on most real-world sites where visitors have tracking cookies – which is basically
every site using analytics.
This appears to be a Cloudflare PRO plan limitation, not a plugin issue. But it makes the nginx routing approach incompatible with real production CDN usage.
Perhaps the documentation should mention this limitation, or consider an alternative approach that doesn’t rely on Vary: Accept for sites on Cloudflare PRO plans?
Cheers!
Marton
@milcomp the “Vary: Accept” header works fine with Cloudflare PRO. We’ve tested it, and it’s not a problem. That’s not the cause of the problem.
@mateuszgbiorczyk Did you test it with an added Cookie header as well? 🙂 Try it, it won’t be a Cache HIT.
@milcomp, I haven’t tested this with the Cookie header. We tested it on a clean WordPress installation on an Nginx server paired with Cloudflare PRO.
Hi, I’m having the same problem with the plugin and the PRO version of CF. Could you help me solve it?
