diff --git a/haproxy/haproxy.cfg b/haproxy/haproxy.cfg
index f855a69..6e611b9 100644
--- a/haproxy/haproxy.cfg
+++ b/haproxy/haproxy.cfg
@@ -17,7 +17,6 @@ program api
     no option start-on-reload
 
 frontend http-in
-	option httplog
 	bind *:80
 
 	acl is_existing_vhost hdr(host),lower,map_str(/etc/haproxy/hosts.map) -m found
@@ -53,13 +52,29 @@ frontend http-in
 	http-request lua.pow-check          if !is_excluded !on_captcha_url validate_pow OR !is_excluded !on_captcha_url ddos_mode_enabled_override
 	http-request redirect location /bot-check?%[capture.req.uri] code 302 if validate_captcha !captcha_passed !on_captcha_url ddos_mode_enabled !is_excluded OR validate_pow !pow_passed !on_captcha_url ddos_mode_enabled !is_excluded OR !pow_passed ddos_mode_enabled_override !on_captcha_url !is_excluded
 
+	##### X-Cache-Status header (may be sent in some non-cache responses because NOSRV can happen for other reasons, but should always be present in responses served by cache-use)
+	http-response set-header X-Cache-Status HIT if !{ srv_id -m found }
+	http-response set-header X-Cache-Status MISS if { srv_id -m found }
+
 	default_backend servers
 
+cache basic_cache
+	total-max-size 2500
+	max-object-size 31457280
+	max-age 86400
+
 backend servers
-	mode http
+
+	# simple example cache for files
+	http-request set-var(txn.path) path
+	acl can_cache var(txn.path) -i -m end .png .jpg .jpeg .jpe .ico .webmanifest .xml .apng .bmp .webp .pjpeg .jfif .gif .mp4 .webm .mov .mkv .svg .m4a .aac .flac .mp3 .ogg .wav .opus .txt .pdf .sid
+	http-request cache-use basic_cache if can_cache
+	http-response cache-store basic_cache if can_cache
+
+	# placeholder servers, activated by LUA or the control panel
     server-template websrv 1-100 0.0.0.0:80 check disabled
+	# use server based on hostname
 	use-server %[req.hdr(host),lower,map(/etc/haproxy/backends.map)] if TRUE
-	#server  default 127.0.0.1:80
 
 backend hcaptcha
 	mode http