Managing Static File Caching in PowerWAF
Introduction
Proper cache management is essential to fully benefit from a CDN like PowerWAF.
By storing static content across geographically distributed nodes, it reduces the load on the origin server and significantly improves website loading speed for end users.
PowerWAF automatically analyzes traffic patterns and applies smart caching rules by default to optimize performance with minimal setup. However, keeping a consistent cache strategy between the origin server and PowerWAF is crucial to ensure a fast, secure, and up-to-date user experience.
Configuring Static File Cache
PowerWAF respects HTTP cache headers set by the web server. Additionally, when no explicit cache policy is defined, PowerWAF applies a default behavior that favors performance for safe static assets.
This guide explains how to properly control caching of static files in your application.
How PowerWAF Interprets Cache Headers
When a response includes HTTP headers like Cache-Control, Expires, or Last-Modified, PowerWAF analyzes them to determine whether the file should be cached or not. The logic follows common browser behavior standards, ensuring compatibility and predictability.
Main headers PowerWAF considers:
| Header | Purpose |
|---|---|
Cache-Control | Main directive that defines caching rules (public, no-store, etc). |
Expires | Defines a specific expiration date/time for the cached content. |
Last-Modified | Indicates when the resource was last changed. |
If
Cache-Control: max-ageis present, it takes priority overExpires. If no cache headers are defined, PowerWAF may fall back toLast-Modified.
Examples of behavior:
Cache-Control: public→ ✅ Cached.Cache-Control: no-store→ ❌ Never cached.Cache-Control: no-cache→ ⚠️ Cached, but must revalidate with origin.Cache-Control: private→ ❌ Not cached by shared caches like PowerWAF’s CDN.Cache-Control: max-age=3600→ ✅ Cached for 1 hour.Cache-Control: must-revalidate→ ⚠️ Cached, but revalidation is mandatory after expiration.
If none of these headers are set, PowerWAF will apply default caching rules based on file type (see next section).
Default Behavior in PowerWAF
When no cache headers are present, PowerWAF applies a smart default strategy:
- Files with specific extensions are considered safe to cache and will be cached automatically.
- Static files with query ?v= parameter (e.g.
style.css?v=2) are treated as immutable and safe to cache. - For files with a
Last-Modifieddate but no explicit cache policy, PowerWAF uses a fallback heuristic based on the modification date.
Extensions cached by default:
avif, bmp, css, doc, docx, ejs, eot,
eps, gif, ico, jar, jpeg, jpg, js, mid,
midi, otf, pdf, pict, pls, png, ppt, pptx,
ps, svg, svgz, swf, tif, tiff, ttf, webp,
woff, woff2, xls, xlsx
Common Cache Settings
Cache-Control Directive | Cache Allowed? | Explanation |
|---|---|---|
public | ✅ Yes | Can be cached by browsers and shared caches (e.g. CDNs). |
private | ⚠️ Limited | Cached only by the user's browser. |
no-cache | ⚠️ With check | Must revalidate with server before reuse. |
no-store | ❌ No | Prevents any caching at all. Recommended for sensitive data. |
max-age=SECONDS | ✅ Yes | Defines how long the file can be cached without revalidation. |
must-revalidate | ⚠️ Yes, strict | Requires validation once expired. |
immutable | ✅ Yes | Indicates the file won’t change, allowing long-term caching. |
Allowing Caching
Why allow caching?
Enabling caching for static assets improves website performance and reduces load on your server. When caching is enabled, both the browser and PowerWAF’s integrated CDN can serve cached copies of files, reducing repeated requests to the origin.
This is especially useful for files that change infrequently (e.g. images, CSS, or versioned JS files like app.v3.js). It also improves scores on tools like Google PageSpeed.
✅ Recommended for: Images, fonts, stylesheets, and JavaScript files that change rarely.
Apache (.htaccess)
<FilesMatch "\.(jpg|jpeg|png|css|js|woff2?)$">
Header set Cache-Control "public, max-age=31536000, immutable"
</FilesMatch>
Nginx
location ~* \.(jpg|jpeg|png|css|js|woff2?)$ {
add_header Cache-Control "public, max-age=31536000, immutable";
}
IIS (web.config)
<configuration>
<system.webServer>
<staticContent>
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="365.00:00:00" />
</staticContent>
<staticContent>
<mimeMap fileExtension=".css" mimeType="text/css" />
<mimeMap fileExtension=".png" mimeType="image/png" />
<mimeMap fileExtension=".jpg" mimeType="image/jpeg" />
</staticContent>
</system.webServer>
</configuration>
Preventing Caching
Why prevent caching?
In some cases, you want to ensure that browsers and PowerWAF’s CDN always fetch the latest version of a file. This is important when:
- Files change often but retain the same name
- Files contain personalized or sensitive data
- You need full control over each request
❌ Recommended for: Dynamic files, sensitive data, or unversioned frequently-updated files.
Apache (.htaccess)
<FilesMatch "\.(jpg|jpeg|png|css|js)$">
Header set Cache-Control "no-store, no-cache, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "0"
</FilesMatch>
Nginx
location ~* \.(jpg|jpeg|png|css|js)$ {
add_header Cache-Control "no-store, no-cache, must-revalidate";
add_header Pragma "no-cache";
add_header Expires "0";
}
IIS (web.config)
Create a web.confg file in the folder where the files are located and add the following code:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<staticContent>
<clientCache cacheControlMode="DisableCache" />
<!-- Override MIME types to disable cache -->
<remove fileExtension=".pdf" />
<mimeMap fileExtension=".pdf" mimeType="application/pdf" />
<remove fileExtension=".jpg" />
<mimeMap fileExtension=".jpg" mimeType="image/jpeg" />
</staticContent>
</system.webServer>
</configuration>
Practical Examples
| File | Goal | Recommended Header Configuration |
|---|---|---|
logo.jpg | Cache for 1 year | public, max-age=31536000, immutable |
style.css?v=2 | Versioned static | Automatically cacheable by PowerWAF |
main.css | Prevent caching | no-store, no-cache, must-revalidate |
private-doc.pdf | Sensitive document | no-store |
custom.js no header | Depends on type | Cached by default if extension is .js |
After making any changes to the cache policy on the origin server, it is necessary to clear PowerWAF’s cache to ensure the updates are reflected correctly.
Best Practices
- If a file never changes, cache it with
max-ageandimmutable. - If it changes without a filename change, disable caching.
- If possible, version the file (e.g.
?v=3) to allow long-term caching with control. - PowerWAF will cache many file types by default. If you need different behavior, define headers explicitly.
Configuring Cache from the PowerWAF Panel
In addition to HTTP headers, you can configure cache behavior directly from the PowerWAF panel under Site Optimization > Cache.
Cache TTL
Override how long cached content remains valid across all edge servers.
- Auto (default): Respects the origin server's
Cache-Controlheaders. If the origin provides a very low or missing TTL, a heuristic formula based on the resource's last modification date is applied to calculate an optimal cache duration. - Custom value: Set a fixed TTL in seconds (e.g.,
3600for 1 hour,86400for 1 day).
Stale-While-Revalidate
Controls what happens when a cached resource expires:
- Enabled (recommended: 86400): When content expires, the stale version is served immediately to the visitor while fresh content is fetched from the origin in the background. This eliminates latency spikes after cache expiration.
- Disabled (0): Every request for expired content blocks until the origin server responds. This increases load times for visitors and is not recommended.
We recommend setting Stale-While-Revalidate to 86400 seconds (1 day) for optimal performance. This ensures visitors always get an instant response, even when cached content has expired.
Purging Cache from the Panel
When you update content on your origin server and need changes to reflect immediately, you can purge the cache from the PowerWAF panel under Site Optimization > Cache.
- Purge All: Removes all cached static content from edge servers. The next requests will fetch fresh content from your origin.
- Purge by URL: Target specific resources using URL patterns. Use
*as a wildcard (e.g.,/blog/*to purge all blog assets, or/images/logo.pngfor a specific file).
Changing asset optimization settings (JavaScript minification, CSS minification, or WebP optimization) automatically purges the entire static cache, since previously cached resources would have the old optimization applied.
Asset Optimization
PowerWAF can optimize your static assets on the fly at the edge, reducing file sizes and improving load times without requiring any changes to your source code. Configure these settings from the panel under Site Optimization > Optimization.
JavaScript Minification
Automatically optimizes JavaScript files in real time as they pass through the edge, typically achieving 35–65% file size reduction. Optimizations include:
- Removal of whitespace, comments, and superfluous semicolons
- Renaming of local variables and functions to shorter names (global scope is never modified)
- Rewriting constants like
true,false, andundefinedto shorter equivalents - Merging sequential expression statements
- Collapsing if/else statements into expressions
- Optimizing number representations (binary, octal, decimal, hexadecimal)
All transformations are production-safe and do not alter code behavior. Default: disabled.
CSS Minification
Automatically optimizes CSS files at the edge. Optimizations include:
- Removal of comments and unnecessary whitespace (preserving
/*! */license blocks) - Shortening numbers by removing unnecessary zeros and signs
- Removing units from zero values (e.g.,
0px→0) - Converting hex colors to shorter representations or color names when possible
- Converting properties to shorthand notation (e.g.,
background,font) - Removing quotes from URLs where safe
Only proven, non-breaking optimizations are applied — risky structural changes like rule merging or selector reordering are intentionally avoided. Default: disabled.
WebP Image Optimization
Automatically converts images to WebP format for browsers that support it. WebP provides superior compression with no visible quality loss, typically reducing image file sizes by 25–35% compared to JPEG and PNG. Default: enabled.
Changing any optimization setting will automatically purge the entire static cache. Previously cached resources with the old optimization settings will be invalidated and re-cached with the new settings on the next request.