I have recently setup a Cloudfront distribution with the following behaviour cache policy:
- TTL settings:
- Minimum TTL (seconds): 0
- Maximum TTL (seconds): 31536000
- Default TTL (seconds): 0
- Cache Keys:
- Headers - None
- Cookies - None
- Query strings - All
Unfortunately pages with no-cache response headers continue to cache the response at fairly low levels of concurrency. I used apachebench to run 100 requests with concurrency of 5, and received the following:
100 Cache-Control: no-cache, no-store, must-revalidate, max-age=0
25 X-Cache: Hit from cloudfront
75 X-Cache: Miss from cloudfront
I also captured what should be unique response headers that should be unique per request/response (given there are no request headers/cookies) and this also shows that there are duplicate Set-Cookie responses. For example, this response came back 4 times:
4 Set-Cookie: csrftoken=h2uU7TKHJ6AicHgOIaJTwC5qIXJN4Zwf; Domain=.mysite.com; expires=Tue, 17-Jan-2023 15:10:37 GMT; Max-Age=31449600; Path=/
I do have ways around this I believe, such as higher priority Cloudfront behaviours to set a no-cache policy, however it takes the power away from the server-side to decide whether a response should dynamically be cached, and indicates that Cloudfront is not honouring the server-side decision.
