Configuring Cloudflare cache rules to speed up the site

Updated Jun 29, 2026 · 2 min read

Set up Cloudflare cache rules so static assets are served from the edge instead of round-tripping to the OVH server on every request.

Why cache at the edge

Without edge caching, every request for a JavaScript bundle, font, or image travels all the way to the OVH origin server, gets served, and travels back. This is slow for users far from the server and wastes origin bandwidth. Cloudflare sits in front of the origin and can serve static assets directly from its global edge network — the request never reaches OVH at all after the first hit. The goal is to cache everything that is safe to cache (immutable static assets) while never caching anything user-specific.

Cache Rule 1: Next.js static assets

In the Cloudflare dashboard, go to Caching > Cache Rules and create a new rule. Set the matcher to: URI Path starts with "/_next/static/". For the action, choose "Eligible for cache", then set Edge TTL to 1 year and Browser TTL to 1 year. This is safe because Next.js fingerprints every file in /_next/static/ with a content hash — when the content changes, the filename changes, so a stale cached copy can never be served by mistake. These files are effectively immutable.

Cache Rule 2: static file extensions

Create a second rule to cover other static assets that are not under /_next/static/. Match on the URI path using the regex:

\.(js|css|woff2|woff|ttf|svg|png|jpg|jpeg|gif|ico|webp)$

Set the action to "Eligible for cache" with an Edge TTL of 1 month. These assets are not content-hashed, so a shorter (but still long) TTL of one month balances cache efficiency against the ability to push updates.

Cache Rule 3: the CRITICAL bypass rule

This rule MUST be set to the HIGHEST priority so it is evaluated before the two caching rules above. Create a bypass rule that matches when any of the following is true:

  • URI Path starts with "/api/"
  • URI Path starts with "/admin"
  • URI Path starts with "/dashboard"
  • URI Path starts with "/settings"
  • the request Cookie contains "__session" (the Clerk session cookie)

Set the action to "Bypass cache". Without this rule, Cloudflare could cache a logged-in user's personalised page (their dashboard, their settings) and then serve that exact page to a different user. The Clerk cookie check is the catch-all: any authenticated request carries __session, so it is never cached regardless of path.

Enable Brotli and Tiered Cache

Two final optimisations in the Cloudflare dashboard:

  • Brotli — go to Speed > Optimization and enable Brotli compression. Brotli compresses text assets (JS, CSS, HTML) more efficiently than gzip.
  • Tiered Cache — go to Caching > Tiered Cache and enable it. Tiered Cache uses Cloudflare's larger regional data centres as an upper tier, so a cache miss in a small edge location is filled from a nearby Cloudflare tier rather than going all the way back to OVH. This dramatically reduces origin load.

Was this helpful?