Cache-control replaced by "no cache" by using CloudFront

Question

Our web application generator output headers in a sample as shown below.  
  
We return a cache-control header with a large value, but it is replaced by no-cache.  
  
I don't get why?  
  
The direct GET direct URL is:

and returns headers:  
  
* cache-control: max-age2592000,s-max-age=2592001,public  
* content-encoding: gzip  
* content-length: 1463  
* content-type: text/html  
* date: Sat 05 Sep 2020 18:26:54 GMT  
* etag: 656f9fc7f168eb9ef72a9ba0047340dc  
* server: Microsoft-IIS/10.0  
* status: 200  
* strict-transport-security: max-age=2592000  
* vary: Accept-Encoding  
  
When CloudFront is inserted, the URL is  and the headers are:  
  
* cache-control: no-cache  
* content-encoding: gzip  
* content-length: 1498  
* content-type: text/html  
* date: Sat, 05 Sep 2020 18:29:51 GMT  
* etag: 656f9fc7f168eb9ef72a9ba0047340dc  
* expires: -1  
* pragma: no-cache  
* server: Microsoft-IIS/10.0  
* status: 304  
* strict-transport-security: max-age=2592000  
* vary: Accept-Encoding  
* via: 1.1 32e4d419823b7f8df8417a8b18c9602d.cloudfront.net (CloudFront)  
* x-amz-cf-id: odc8jGb0jtxwZpalNEAhG7J4HeFQANvgqdJtSBYVm3HzTXjBJpfGGg==  
* x-amz-cf-pop: FRA50-C1  
* x-cache: Miss from cloudfront  
  
The cloudfront behavior has no Lambda@Edge, cache based on selected request headers "None", object caching: use origin cache headers, no forwarding of cookies, no query stirng forwarding.  
  
Origin has HTTPS only and adds a fixed authorization header/value.  
  
Edited by: Guido Leenders on Sep 5, 2020 8:48 PM

Answer

Found solution.  
  
The (public) website is run as part of a .net core web application. That one uses the default response cache settings. However, to set up an asp.net core session, a cookie is exchanged. This cookie never reached the client (browser) due to the cache policies.  
  
First test was to replace the cache-control on origin-response using Lambda@edge:  
  
'use strict';  
  
exports.handler = (event, context, callback) => {  
    const response = event.Records\[0].cf.response;  
  
    if(response.headers\['cache-control'])  
    {  
        response.headers\['cache-control'] = \[{   
            key:   'Cache-Control',   
            value: 'public, max-age=604800, no-cache="Set-Cookie"'  
        }];  
    }  
  
    callback(null, response);  
};  
  
When applying this code in combination with forwarding of the .AspNetCore.Session cookie, the response times on subsequent GETs dropped from say 150 ms to 20 ms. And when served from client cache to 1 ms. Works fine. Note that both the setting of cache control as well as forwarding the ASP.Net cookie is necessary.  
  
We tweaked the response cache on asp.net core by something like:  
  
_CacheControlHeaderValue cc = new CacheControlHeaderValue()_  
                                    _{ Public = true_  
                                    _, NoCache = true_  
                                    _, MaxAge = TimeSpan.FromSeconds(ControllerUtility.Public1DayCacheProfileDuration)_  
                                    _, NoCacheHeaders = { new StringSegment("Set-Cookie") }_  
                                    _};_  
  
_context.HttpContext.Response.GetTypedHeaders().CacheControl = cc;_  
  
After this change, and WITH forwarding of the ASP.Net cookie enabled, the first user will load the public website pages into CloudFront from where next users will be served.  
  
For more details: see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Cookies.html

Cache-control replaced by "no cache" by using CloudFront

관련 콘텐츠