Head Requests and Set-Cookie Headers
In this page, we document how Cloudflare's cache system behaves in interaction with:
HEADrequestsSet-Cookieresponse headers
Cloudflare converts HEAD requests to GET requests for cacheable requests.
When you make a HEAD request for a cacheable resource and Cloudflare does not have that resource in the edge cache, a cache miss happens. Cloudflare will send a GET request to your origin, cache the full response and return the response headers only. Make sure the origin server is setup to handle GET requests, even if only HEAD requests are expected, so that compatibility with this behavior is ensured.
For non-cacheable requests, Set-Cookie is always preserved. For cacheable requests, there are three possible behaviors:
-
Set-Cookieis returned from origin and the default cache level is used. If origin cache control is not enabled, Cloudflare removes theSet-Cookieand caches the asset. If origin cache control is enabled, Cloudflare does not cache the asset and preserves theSet-Cookie. A cache status ofBYPASSis returned. -
Set-Cookieis returned from origin and the cache level is set toCache Everythingin Page Rules, orEligible for cachein Cache Rules. In this case, Cloudflare preserves theSet-Cookiebut does not cache the asset. A cacheMISSwill be returned every time. -
Set-Cookieis returned from origin, the cache level is set toCache Everythingin Page Rules, orEligible for cachein Cache Rules, and edge cache TTL is set. In this case, Cloudflare removes theSet-Cookieand the asset is cached.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark