Measured in your browserWe advise on speed. We practice it.Loaded just now · real numbers from this visit, not a lab score.
Page loaded
First byte
DOM ready
First paint
Largest paint
DNS lookup
TLS handshake
Transferred
Saved by compression
Requests

E-commerce is where caching's rewards and risks both peak: pages are expensive to render, traffic spikes are revenue moments, and one wrong rule shows a stranger someone's cart. This guide is the four-tier model that captures the rewards while making the accident structurally impossible.

The four-tier content model

Classify every URL on the store into four tiers and give each tier one rule. Tier 1 — static assets (product images, CSS, JS, fonts): cache aggressively with versioned URLs, long TTLs, image optimization on. Tier 2 — anonymous catalog HTML (home, category, product, content pages for visitors without a session): cacheable with short-to-medium TTLs and event purging. Tier 3 — personal (cart, checkout, account, wishlists): never cached, bypass by rule. Tier 4 — APIs: split by endpoint — inventory and price lookups may micro-cache for seconds; anything session-bound follows tier 3. Most store incidents are a URL living in the wrong tier, so the classification itself — written down, reviewed when plugins and features ship — is the real deliverable of this guide.

Carts, sessions and the bypass rules

The rule that keeps stores safe is cookie-driven bypass: the moment a request carries a session, cart or login cookie, it skips the cache in both directions — never served from cache, never stored to it. Implement it at the CDN layer with your platform's specific cookie names, and pair it with path bypasses for tier-3 routes as a second lock. Two refinements matter at scale. First, delay session creation: platforms that set a session cookie on first pageview convert your whole tier 2 into uncacheable traffic — configure the store so sessions begin at add-to-cart, not at landing. Second, keep cart state out of cached HTML entirely by rendering cart count and mini-cart client-side from an uncached endpoint, which lets the surrounding page stay cacheable for everyone.

Product and category pages: the judgment tier

Tier 2 is where judgment lives. Product pages are excellent cache candidates — render-expensive, read-heavy, identical for every anonymous visitor — provided price and stock display can tolerate your TTL or you fetch those two numbers client-side from a micro-cached API. Category pages add the query-string problem: sort orders, filters and pagination multiply cache keys, so normalize deliberately — whitelist the parameters that genuinely change content into the cache key, ignore the tracking parameters that don't, and consider capping cached filter-combinations to the popular ones. Set TTLs by how wrong a stale page can be: minutes for fast-moving inventory, hours for stable catalog — then let purge-on-update carry the precision, firing on price changes, stock-outs and product edits through your platform's webhooks.

Sale day: prepare the cache for the spike

Sale events are cache events. In the week before: pre-warm tier 1 and the sale's landing pages so the first customer hits a hot edge; raise tier-2 TTLs for the event window (a slightly stale category page beats a collapsed origin); confirm serve-stale is on so origin wobbles don't cascade; and rehearse the day's purges — the moment prices flip, your purge must hit the sale pages precisely and fast. During the event, protect tier 3's capacity: checkout is uncacheable by design, so origin headroom belongs to it, which is precisely what aggressive tier-1/tier-2 caching buys. The security baseline matters double here — sale days attract bots, and bot traffic against uncacheable checkout paths is the classic hidden cause of event-day origin pain.

Monitor for leaks, not just speed

Store monitoring needs one detector most estates lack: personalization leaks. Synthetic checks should assert not just that pages load fast but that anonymous requests never receive session-bearing markers — check cached responses for account fragments, cart counts above zero, or Set-Cookie headers that shouldn't be there. Alert on cache-status anomalies for tier-3 paths (a single HIT on /checkout/ is an incident, not a metric), and watch hit ratio per tier rather than blended — blended numbers hide a tier-2 collapse behind tier-1 bulk, a pattern the hit-ratio guide unpacks. Speed you notice weekly; leaks you must catch in minutes — and with these rules layered, there should be nothing to catch.

Get the free assessmentMore analysis