A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More.
AI OnAI Off
Cloudflare Edge Caching with Anonymous ID Middleware
Don’t set the anonymous cookie on "content-only" pages and make the anonymous ID lazy: only issue the cookie when the visitor does something Commerce-related (add-to-cart, view cart, checkout, pricing calls, etc.).
So instead of app.UseAnonymousId() globally, wrap/replace it so it only runs on specific paths (or when certain endpoints are hit). This keeps "static" CMS pages free of Set-Cookie, making them cacheable at the CDN.
Dec 23, 2025 8:48
I would typically avoid edge caching in most situations. If you can make the site code go faster, by performance optimization, then that is almost always better. There is almost always something that can be optimized.
I know the code can never be fast enough for a real DDoS attempt. But Cloudflare can provide burst protection on request. So that you won't have to cater so much for obviously "bad" traffic.
Dec 30, 2025 8:47
Our site uses CMS 12 and Commerce 14, and we have the AnonymousIdMiddleware in place. This sets a cookie `EPiServer_Commerce_AnonymousId` in order to allow logged out users to access their carts, etc.
The knock-on effect of this is that Cloudflare cannot fully cache pages due to there being a `Set-Cookie` header present. We have a large number of pages where the content is static and could be offloaded to the CDN, but as it stands we're limited to caching media and static assets due to this.
Has anyone managed to get `Cf-Cache-Status: HIT` on a Commerce site page, or is this a non-starter?
Any insights or workarounds anyone has used would be much appreciated!