This guide outlines the required HTTP caching configuration for websites protected by Imperva WAF. Correct header configuration is required for Imperva caching to function properly and to prevent incorrect content from being delivered to users.
Overview
Imperva caching follows standard HTTP caching behaviour. Content will only be cached when the origin server returns valid caching headers.
Caching policies are typically controlled using HTTP response headers such as:
Cache-ControlExpiresVary
For a detailed explanation of HTTP caching directives, refer to the MDN documentation:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control
For Silverstripe applications, caching headers are typically managed using the Silverstripe HTTP caching middleware:
https://docs.silverstripe.org/en/6/developer_guides/performance/http_cache_headers/
Mandatory Vary Header Configuration
For Imperva caching to work correctly, the Vary header must be configured exactly as follows:
Vary: Accept-Encoding
Important
If the Vary header contains any additional parameters, Imperva will not cache the resource.
Example of an unsupported configuration:
Vary: Accept-Language, User-Agent
The Vary header determines which request headers must match for a cached response to be reused.
⚠ Warning
If additional Vary values are present, Imperva will bypass caching for that resource.
Silverstripe Considerations
Silverstripe may automatically add additional Vary headers by default.
Since Imperva requires the header to be strictly:
Vary: Accept-Encoding
developers may need to modify the default behaviour when enabling Imperva caching.
Silverstripe documentation:
https://docs.silverstripe.org/en/6/developer_guides/performance/http_cache_headers/#vary
Cache-Control Headers
Caching behaviour is controlled using the standard HTTP Cache-Control header.
This header determines:
Whether content can be cached
Where it can be cached
How long cached content remains valid (TTL)
Developers should configure appropriate caching directives based on the content type and application requirements.
For a full explanation of supported Cache-Control directives, refer to the MDN documentation:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control
Silverstripe Cloud Asset Headers
Silverstripe Cloud serves static assets (such as images, CSS, and JavaScript files) with default caching headers.
If custom headers are required for assets, the web server configuration must be modified so that assets are served via Apache.
⚠ Note
Changing the asset serving configuration may have performance implications.
More information:
https://servicedesk.silverstripe.cloud/support/solutions/articles/75000013059-web-server-configuration
Debugging Imperva Caching
If caching behaviour needs to be investigated, Imperva provides an Xray debugging tool that allows request and caching behaviour to be analysed.
An Xray debug link can be generated by the Service Desk team to help troubleshoot caching issues.
⚠ Important
- Xray debug links expire after 10 minutes.
- It is recommended to coordinate an exact testing time with the Service Desk when requesting a link.
To request an Xray debug link, please contact the Service Desk by raising a ticket.
Documentation for the more information:
https://docs-cybersec.thalesgroup.com/bundle/cloud-application-security/page/settings/xray-debug-headers.htm
Configuration Checklist
Before enabling Imperva caching, confirm the following:
- Correct HTTP caching instructions are returned by the origin server
-
Vary: Accept-Encodingis set - No additional
Varyparameters exist - Appropriate
Cache-Controldirectives are applied - Cache lifetime (TTL) is defined using
max-ageorExpires
Incorrect or incomplete header configuration may prevent Imperva from caching website resources.