Cloudfront is returning cache hits for HEAD responses which don't have corresponding cached content.
A normal example looks like this...
This is fine, and what we expected. It means we can estimate if a user is likely to hit the cache or will have to wait for content to be generated by the origin.
However, we are also observing this.
Which is a problem because we aren't able to differentiate between HEAD responses which were cached in their own right and HEAD responses which are linked to corresponding GET responses.
Is there a way we stop Cloudfront from returning cache hits on HEAD requests for content which isn't actually cached?
Disabling cache headers on HEAD responses at your origin will prevent Cloudfront caching the HEAD response itself. So if you issue a HEAD request to the CDN it will look for a matching object in the cache and return a cache hit if it is present. If the content is missing it will forward the HEAD request to your origin, but will not cache the response.