Frequently Asked Questions


Will Luhnar work for my website?

While Luhnar's defaults work well for many small business websites, in some cases you may need to adjust a few settings in the Luhnar dashboard. For this reason, we always recommend thoroughly testing newly-added sites via our test domain, before going live and switching over the primary domain. This gives you a chance to identify any potential issues and adjust site settings accordingly.

How does Luhnar improve SEO?

Because the SEO benefits of performance and security are often overlooked by web professionals, Google's site speed and HTTPS bonuses can give you the edge you need. Google believes that a faster, more secure website provides a better user experience, which is why they have become important ranking factors in recent years.

What happens when I go over the data transfer limit?

The monthly price of each plan includes a certain amount of data transfer. Additional data transfer is billed at 10¢/GiB. You can visit the Luhnar dashboard at any time to see how much data your website is using.

Will I still be able to log in to my CMS admin area? 

For many content management systems, such as WordPress, the admin area will continue to function normally using Luhnar's default settings. However, if you are using a custom system or have modified the default admin URL for your CMS, you may need to add a URL prefix for the admin portion of your site to the Never Cache site setting under Optimizations in the Luhnar dashboard. This will prevent Luhnar from caching any admin pages, as they may contain sensitive information.

If your CMS login page simply refreshes after you attempt to log in, your CMS may be trying to associate your login session with a particular client IP address. To work around this, configure your web server to use the X-Forwarded-For header, set by Luhnar, to pass on the correct IP address to the CMS. Alternatively, you can log into your CMS directly, using the origin domain name you created when setting up Luhnar for the site.

Can I still access email, cpanel, FTP, etc with luhnar enabled?

Absolutely. However, it is important to note that in order to prevent abuse and ensure quality-of-service, Luhnar only forwards HTTPS traffic on the standard port (443). Therefore, to access additional services that may be running on your server on different ports, such as FTP, SSH, cPanel, WHM, or email (POP/IMAP), you will need to use the origin domain name that you created when adding the site to Luhnar.


How long does Luhnar cache pages, images, and other asset?

For cacheable pages and assets, Luhnar first checks for any Cache-Control headers returned by the origin web server that hosts the site. If the origin server specifies a cache duration of at least a few hours, Luhnar will cache the item for that same duration. Otherwise, Luhnar uses a default duration that is tuned to balance site performance with content freshness.

Note that you can always manually refresh Luhnar's cache from the site settings page in the Luhnar dashboard.

What if I have an image, JS file, or other asset that I don't want optimized?

By default, Luhnar optimizes all CSS, JS, and image files. If you have an image that you need to provide at studio quality to your visitors (e.g., for professional editing or printing), simply add "x-original=yes" to the query string in the image URL to disable optimizations. Similarly, in the rare case that a particular JavaScript or CSS file is not working correctly after being minified, simply add "x-original=yes" to the query string for the asset's URL. Adding this parameter will disable Luhnar's minifier.

How does Luhnar determine whether something is cacheable?

Luhnar automatically optimizes and caches static assets, such as CSS, JavaScript, PDFs, and fonts. When it comes to HTML, however, Luhnar will only consider a page cacheable if it matches one of the path prefixes or full paths listed under "Always cache" in the site settings.

Also, if the Automatically Cache HTML setting is enabled for the site, a page will be considered cacheable if Luhnar determines that it is static (the HTML is not personalized for different visitors).

Luhnar will always disable caching for "view cart", "checkout", and "control panel" pages for common CMS and site builder platforms. Luhnar will also detect and disable caching for any requests that set cookies.


Do I have to set up HTTPS on my web server to use Luhnar?

If your web server does not currently have an SSL certificate installed, Luhnar can still talk to it over regular HTTP. However, we still recommend enabling HTTPS on your server if possible, to ensure that all communications are protected end-to-end.

Does my website really need HTTPS?

Although many informational sites still use HTTP today, we join industry experts in highly recommending that you switch to serving all of your content over a secure HTTPS connection. Doing so not only helps prevent hackers from hijacking your JavaScript libraries and other sensitive assets, but also speeds up your website and improves your SEO. This is why we offer FREE SSL certificates and automatic HTTPS with every plan.

How does Luhnar handle forms and other POST requests?

Luhnar simply forwards POST and PUT requests to the origin web server that hosts the site. This means that form submissions, AJAX requests, and REST API calls will continue to work as expected. Note, however, that all request bodies are limited to 250 MiB.

How can I get the visitor's IP address or User-Agent string?

Luhnar sets both the X-Forwarded-For and Forwarded headers for requests that are passed on to the origin server. Luhnar will also forward the User-Agent string from the browser when requesting pages, but we recommend not configuring your origin server to return different content based on that string, as doing so may result in sub-optimal caching.

Is Luhnar PCI compliant?

While we take security seriously at Luhnar, we do not currently offer PCI compliance for our standard CDN plans. We do not recommend passing card data or personally identifiable information (PII) through your site directly (which would require completing PCI-DSS SAQ C or D), but rather using hosted pages or iframe-based solutions instead (which only requires SAQ A). See also: