Surrogate-Control
The HTTP Surrogate-Control response header is an unofficial header used to control caching behavior at CDN and reverse proxy (surrogate) layers, separately from Cache-Control directives aimed at browsers and end clients.
Usage
Origin servers often need different caching rules for CDN edge nodes and for browsers. The Surrogate-Control header addresses this by providing cache directives specifically for surrogates: reverse proxies and CDN nodes sitting between the origin and the client. The origin sets Surrogate-Control for the CDN layer and Cache-Control for the browser, allowing independent freshness lifetimes at each tier.
The header was defined in a W3C technical note on Edge Architecture (2001) and adopted by CDN providers including Akamai, Fastly, and Varnish-based infrastructure. Surrogates strip the header from the response before forwarding to the client, so browsers never see the directive. This separation makes the header effective for setting aggressive edge caching without affecting browser behavior.
Fastly also supports a vendor-specific variant,
Fastly-Surrogate-Control, processed identically but
scoped exclusively to Fastly nodes.
Directives
max-age
The max-age directive sets the freshness lifetime in
seconds for the surrogate cache. The surrogate stores
the response and serves cached copies until the
specified duration expires.
Surrogate-Control: max-age=86400
no-store
The no-store directive instructs the surrogate to
never cache the response. The surrogate forwards the
request to the origin for every client request.
Surrogate-Control: no-store
content
The content directive declares surrogate-specific
capabilities the origin expects the intermediary to
support, such as Edge Side Includes (ESI). The value
follows the format content="ESI/1.0", signaling
the surrogate to process ESI markup within the
response body.
Surrogate-Control: content="ESI/1.0"
no-store-remote
The no-store-remote directive instructs surrogates
considering themselves remote (typically more than one or
two hops from the origin server) not to cache the
response. Surrogates closer to the origin are not
affected.
Example
An origin server setting a 12-hour cache lifetime at the CDN layer. The surrogate stores the response for 43,200 seconds (12 hours) and serves cached copies during this window. This is the most common pattern observed in production.
Surrogate-Control: max-age=43200
A longer cache lifetime of five days (432,000 seconds) is common for static assets and content pages where the origin controls cache invalidation through purging rather than time-based expiration.
Surrogate-Control: max-age=432000
Some origins declare ESI support using the content
directive. This tells the surrogate to process ESI
markup within the HTML response, assembling fragments
from different backend sources before delivering the
final page to the client.
Surrogate-Control: content="ESI/1.0"
Dynamic or personalized responses use no-store to
prevent the surrogate from Caching the response
entirely. Each request passes through to the origin.
Surrogate-Control: no-store
Takeaway
The Surrogate-Control header provides cache directives for CDN and reverse proxy layers, independent of browser-facing Cache-Control settings. Surrogates consume and strip the header before forwarding the response to clients.