The Super Page Cache for Cloudflare plugin has recently added the feature for using the Cache Everything pagerule withing the ?swcfpc=1 cache buster query paramater. This opens up so many new doors where users previously had to use the Cloudflare Workers to remove the cache buster.
With this new option now users are able to take advantage of Cloudflare Cache Everything page rule and take it to the next level by using the new Rulesets released by Cloudflare. Basically this is achived by taking advantage of the all new Cache Rules feature implemented by Cloudflare.
The first thing that you need to do is, log-in to your Cloudflare Dahsbord and go to the domain/zone doe which you are setting up the Super Page Cache for Cloudflare plugin. Then from the left hand side menus, go to Caching > Cache Rules.
Then inside the Cache Rules page, click on the Create Cache Rule button. Then finally on the Create new Cache Rule page, click on the Edit Expression link.
Now it's time to create all the Cache Rules we need... So, let's get started...
 |
|---|
| You CANNOT use the cache rule mentioned below along with the Cache Everything page rule. Bedore adding this Cache Rule in your Cloudflare dashbaord, please make sure you have DISABLED the Cache Everything Page Rule automatically added by the plugin inside your Cloudflare dashboard > Rules > Page Rules section. |
| This one Cache Rule cacn handle everything and you do not need any other page rules. |
 |
|---|
Make sure you replace example.com with your actual website hostname e.g. something.com or www.something.com etc. in the code given below before copy/pasting it. |
Rule Name: Add the following in the Rule Name section
SPCFC Cache Rule ➜ Cache Eligible Requests
Rule Expression: Add the following expression inside the expression builder section.
(http.host eq "example.com" and not starts_with(http.request.uri.path, "/wp-admin") and not starts_with(http.request.uri.path, "/wp-login") and not starts_with(http.request.uri.path, "/wp-json/") and not starts_with(http.request.uri.path, "/wc-api/") and not starts_with(http.request.uri.path, "/edd-api/") and not starts_with(http.request.uri.path, "/mepr/") and not http.request.uri.path contains "/register/" and not http.request.uri.path contains "/dashboard/" and not http.request.uri.path contains "/members-area/" and not http.request.uri.path contains "/wishlist-member/" and not http.request.uri.path contains "phs_downloads-mbr" and not http.request.uri.path contains "/checkout/" and not http.request.uri.path contains ".xsl" and not http.request.uri.path contains ".xml" and not http.request.uri.path contains ".php" and not starts_with(http.request.uri.query, "s=") and not starts_with(http.request.uri.query, "p=") and not http.request.uri.query contains "nocache" and not http.request.uri.query contains "nowprocket" and not http.cookie contains "wordpress_logged_in_" and http.cookie ne "comment_" and not http.cookie contains "woocommerce_" and not http.cookie contains "wordpressuser_" and not http.cookie contains "wordpresspass_" and not http.cookie contains "wordpress_sec_" and not http.cookie contains "yith_wcwl_products" and not http.cookie contains "edd_items_in_cart" and not http.cookie contains "it_exchange_session_" and not http.cookie contains "comment_author" and not http.cookie contains "dshack_level" and not http.cookie contains "auth_" and not http.cookie contains "noaffiliate_" and not http.cookie contains "mp_session" and not http.cookie contains "xf_" and not http.cookie contains "mp_globalcart_" and not http.cookie contains "wp-resetpass-" and not http.cookie contains "upsell_customer" and not http.cookie contains "wlmapi" and not http.cookie contains "wishlist_reg")
Cache Status: Set it to Eligible for cache.
Cache Key:
In this section you can enable the following options:
- Cache deception armor (Always Enable This Option) ✅
- Ignore query string (Enabling This Option Might Break Your Site — So, Test Thoroughly Before Enabling)
⚠️ - Enable query string sort (Do Not Enable This Option if you are Using WooCommerce, Easy Digital Download or any Membership platform)
⚠️
Finally the cache rule should look something like this ☟
 |
|---|
Once you add the Ignore query string option inside the cache rule, Cloudflare will simply ignore the unnecessary query strings (except for the one excluded inside the rule) when checking the cached contents of your website. |
If you check the above cache rule, you will see that the s, p, nospcfc, nowprocket query params which are commonly used in WordPress websites for search and other functionalities have already been whitelisted so that Cloudflare system does not ignore that query parameter. |
So, if you provide an URL e.g. https://example.com/some-page/?s=some+search+phrase in this case Cloudflare system will NOT ignore the s query param so that your search functionality works properly. |
| If you have more query params on which your website is dependent on and you do not want Cloudflare to ignore them, then you can check the above screenshot and add new query params below the whitelisted query params to whitelist them exactly the same way I have whitelisted those query params. |
Alternatively if you enter https://example.com/some-page/?fbcid=123&foo=bar&something=test, Cloudflare will simply ignote the ?fbcid=123&foo=bar&something=test part and check if https://example.com/some-page/ is cached, if so, return the cached content. |
| This will help increasing the Cache HIT ratio of your website as most unnecesarry and marketing query params will be ignored by Cloudflare. |
Once you have added this Cache Rule and disabled the Cache Everything Page Rule in your Cloudflare dashboard, you can proceed to the Step 2 below.
Step 2 — Enabling Remove Cache Buster Query Parameter option in the plugin settings & Purge the whole Cloudflare Cache
Inside the Super Page Cache for Cloudflare plugin settings, go to the Other tab and scroll down. You will see an option named Remove Cache Buster Query Parameter.
Enable that option and save the plugin settings. Then all you need to do is to make sure that you have force purged everything from the Cloudflare Cache.
That's it. Now you have the Cloudflare CDN Level Page Caching with the Cache Everything Page Rule without any cache buster query parameter (e.g. ?swcfpc=1). Also if you have added the fourth Cache Rule then your cache HIT ratio will also increase dramatically as Cloudflare will now ignore the query strings when checking if the URL is already cached. Enjoy... 🥂🍾🥳🎉
P.S.: Make sure you have enabled Smart Tiered Cache inside your Cloudflare Dashboard for the highest cache HIT ratio.
Aha! By creating a brand new key with full permissions for that particular domain name (from the Cloudflare Dashboard: Account > Manage Account > Account API Tokens, and using the "Read all resources" template, I managed to get a new error code:
Fortunately, that one is well-known and documented:
https://wordpress.org/support/topic/unauthorized-to-access-requested-resource-err-code-9109/
Soooo back to my key, and to change permissions. This time, I gave everything Edit access. It takes half an eternity on the Cloudflare dashboard, but I finally managed to toggle everything I could change (some I cannot change — they're really read-only by default):
Long list with all given permissions
Workers R2 Data Catalog:Edit, Zero Trust Resilience:Edit, Secrets Store:Edit, Account Waiting Room:Read, Magic WAN:Edit, AutoRAG:Edit, Trust and Safety:Edit, Browser Rendering:Edit, DNS Views:Edit, Radar:Read, Load Balancing: Account Load Balancers:Edit, Cloudflare CDS Compute Account:Edit, DNS Settings:Edit, Workers Builds Configuration:Edit, Workers Pipelines:Edit, Cloudforce One:Edit, Zero Trust: PII:Read, Email Security:Edit, AI Gateway:Edit, DDoS Botnet Feed:Edit, Queues:Edit, Cloudflare Calls:Edit, Address Maps:Edit, Workers AI:Edit, Vectorize:Edit, Cloudflare One Networks:Edit, Cloudflare One Connectors:Edit, Cloudflare One Connector: WARP:Edit, Cloudflare One Connector: cloudflared:Edit, Hyperdrive:Edit, Cloudchamber:Edit, API Gateway:Edit, Notifications:Edit, URL Scanner:Edit, Access: SSH Auditing:Edit, Access: Custom Pages:Edit, Constellation:Edit, Cloudflare DEX:Edit, IOT:Edit, Account: SSL and Certificates:Edit, Allow Request Tracer:Read, Disable ESC:Edit, Account Custom Pages:Edit, Magic Network Monitoring:Edit, HTTP Applications:Edit, China Network Steering:Edit, D1:Edit, Pub/Sub:Edit, Turnstile:Edit, Intel:Edit, Email Routing Addresses:Edit, Cloudflare Pages:Edit, Bulk URL Redirects:Edit, Magic Firewall:Edit, L3/4 DDoS Managed Ruleset:Edit, Transform Rules:Edit, Select Configuration:Edit, Account WAF:Edit, Magic Firewall Packet Captures:Edit, Workers R2 Storage:Edit, Magic Transit:Edit, Cloudflare Images:Edit, DDoS Protection:Edit, Account Rulesets:Edit, IP Prefixes:Edit, Workers Tail:Read, Account Analytics:Read, Cloudflare Tunnel:Edit, Access: Mutual TLS Certificates:Edit, Access: Device Posture:Edit, Access: Service Tokens:Edit, Access: Audit Logs:Read, Logs:Edit, Rule Policies:Edit, Account Filter Lists:Edit, IP Prefixes: BGP On Demand:Edit, Zero Trust:Edit, Access: Organizations, Identity Providers, and Groups:Edit, Workers KV Storage:Edit, Workers Scripts:Edit, Load Balancing: Monitors And Pools:Edit, Account Firewall Access Rules:Edit, DNS Firewall:Edit, Stream:Edit, Billing:Edit, Account Settings:Edit, Access: Apps and Policies:Edit
my.domain.name - Page Shield:Edit, AI Audit:Edit, DNS Settings:Edit, Cloud Connector:Edit, Fraud Detection:Edit, Response Compression:Edit, Bot Management Feedback:Edit, Snippets:Edit, Dmarc Management:Edit, Zone Versioning:Edit, Disable ESC:Edit, Custom Pages:Edit, Config Rules:Edit, Single Redirect:Edit, API Gateway:Edit, Cache Rules:Edit, Custom Error Rules:Edit, Zaraz:Edit and Publish, Email Routing Rules:Edit, Origin Rules:Edit, Managed Headers:Edit, Web3 Hostnames:Edit, Transform Rules:Edit, HTTP DDoS Managed Ruleset:Edit, Sanitize:Edit, Bot Management:Edit, Zone WAF:Edit, Health Checks:Edit, Waiting Room:Edit, Access: Apps and Policies:Edit, Zone Settings:Edit, Zone:Edit, DNS:Edit, Workers Routes:Edit, SSL and Certificates:Edit, Logs:Edit, Page Rules:Edit, Load Balancers:Edit, Firewall Services:Edit, Analytics:Read
Aaaaaaaand back to Error 10000!...
What did I miss?!
Oh well, it was worth a try. Also, I can/should always try after a few minutes, since allegedly Cloudflare may take "a few minutes" to generate/modify the token and distribute it across all possible edge servers...