Skip to content

ESI Support (Edge Side Includes)

Cache pages that contain per-user nonces by replacing them with ESI tags that Varnish processes at the edge.

The Problem

WordPress nonces (wp_nonce_field(), wp_create_nonce()) change per user and per session. Any page containing a nonce cannot be cached because each user needs a different nonce value.

This affects forms, comment forms, and any plugin that outputs nonces on frontend pages.

The Solution

Cacheability Pro replaces nonce output with <esi:include> tags. Varnish processes these tags at the edge, fetching the correct nonce value for each user while keeping the rest of the page cached.

<!-- Before ESI: page is uncacheable -->
<input type="hidden" name="_wpnonce" value="a1b2c3d4e5" />

<!-- After ESI: page is cacheable, nonce is fetched per-user -->
<esi:include src="/wp-json/cacheability-pro/v1/nonce/comment_form" />

Setup

  1. Enable ESI in Cacheability Pro > Cache Controls > ESI Settings
  2. Copy the mu-plugin snippet from the settings page
  3. Place it in wp-content/mu-plugins/ on your server
  4. Ensure your Varnish VCL is configured to process ESI tags

Varnish Configuration

Your VCL needs ESI processing enabled for the backend:

sub vcl_backend_response {
    set beresp.do_esi = true;
}

What Gets Replaced

  • wp_nonce_field() output in forms
  • Comment form nonces
  • Any nonce output detected during page rendering

Limitations

  • Requires Varnish with ESI support (not available with Nginx or most CDNs)
  • Each ESI include adds a sub-request to Varnish, so pages with many nonces may see slightly increased edge processing time