CloudFlare has been one of the popular and free CDN (Content Delivery Network) service. In order to make CloudFlare a true CDN, every static resources, including HTML, should be cached by CloudFlare and served from CloudFlare global network of servers.
While using “Cache Everything” caching level in CloudFlare, CloudFlare may cache web pages and resources that the HTTP response header specifies Cache-Control and/or Pragma as no-cache, and/or Expires as invalid or expired date. In other words, CloudFlare does not respect and ignore the HTTP response header especially for Cache-Control. In addition, CloudFlare may changes and replace the Cache-Control, Pragma and/or Expires values in the HTTP response header from the origin source to public and cache-able, with Expires date and duration following the cache expiration TTL set in the CloudFlare.
The issue where CloudFlare caches content that it should not cached normally happens when Edge Cache TTL setting is configured using Page Rules. When Edge Cache TTL is set to a certain duration, CloudFlare will force the Edge Cache TTL for HTTP 200 (OK) and 301 (permanent redirect) response codes, i.e. cache the duration for the Edge Cache TTL duration, and replace the caching-related HTTP response header to the Edge Cache TTL duration. For other response codes such as 302, 303, 403, 404, CloudFlare will the content for 5 minutes.
If you’re on CloudFlare’s Enterprise Website plan, change the Edge Cache TTL setting in the page rules to Respect Existing Headers.
Otherwise, simply remove the Edge Cache TTL setting entirely from all page rules, and CloudFlare will respect the origin cache headers.