diff --git a/Model/Layout/LayoutPlugin.php b/Model/Layout/LayoutPlugin.php
index 5506a016..abc06d44 100644
--- a/Model/Layout/LayoutPlugin.php
+++ b/Model/Layout/LayoutPlugin.php
@@ -108,7 +108,7 @@ public function afterGenerateElements(\Magento\Framework\View\Layout $subject)
     public function afterGetOutput(\Magento\Framework\View\Layout $subject, $result) // @codingStandardsIgnoreLine - unused parameter
     {
         if ($this->config->getType() === Config::FASTLY) {
-            $this->response->setHeader("Fastly-Module-Enabled", "1.2.189", true);
+            $this->response->setHeader("Fastly-Module-Enabled", "1.2.190", true);
         }
 
         return $result;
diff --git a/Release-Notes.md b/Release-Notes.md
index cae24cd4..451bca24 100644
--- a/Release-Notes.md
+++ b/Release-Notes.md
@@ -1,5 +1,10 @@
 # Fastly_Cdn Release Notes
 
+## 1.2.190
+
+- Update WAF to WAF2020 https://github.com/fastly/fastly-magento2/pull/578
+- Response Plugin fixes https://github.com/fastly/fastly-magento2/pull/577
+
 ## 1.2.189
 
 - Additional fix for rate limiting enablement errors https://github.com/fastly/fastly-magento2/pull/575
diff --git a/VERSION b/VERSION
index 3cff2901..1b38fdcf 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-1.2.189
+1.2.190
diff --git a/composer.json b/composer.json
index 926dbe22..719c4245 100644
--- a/composer.json
+++ b/composer.json
@@ -11,7 +11,7 @@
         "zordius/lightncandy": "^1.2"
     },
     "type": "magento2-module",
-    "version": "1.2.189",
+    "version": "1.2.190",
     "license": "BSD-3-Clause",
     "autoload": {
         "files": [ "registration.php" ],
diff --git a/etc/vcl_snippets/deliver.vcl b/etc/vcl_snippets/deliver.vcl
index 25b38eec..4cf49555 100644
--- a/etc/vcl_snippets/deliver.vcl
+++ b/etc/vcl_snippets/deliver.vcl
@@ -3,6 +3,16 @@
         return(deliver);
     }
 
+    if ( fastly.ff.visits_this_service == 0 ) {
+      if ( req.http.Cookie:deploy_version != req.http.Platformsh-Version && req.http.Platformsh-Version != table.lookup(magentomodule_config, "current_version", "DEFAULT") ) {
+        set beresp.http.Set-Cookie:deploy_version = req.http.Platformsh-Version;
+      }
+      # Tell the browser to delete the deploy_version cookie if the requested_version is current version
+      if ( req.http.Cookie:deploy_version != "" &&  req.http.Platformsh-Version == table.lookup(magentomodule_config, "current_version", DEFAULT ) ) {
+        add beresp.http.Set-Cookie = "deploy_version=DEFAULT; Expires=Wed Jun 01 2022 00:00:00 GMT"; 
+      }
+    }
+
     # Send no cache headers to end users for non-static content created by Magento
     if (resp.http.X-Magento-Tags && fastly.ff.visits_this_service == 0 ) {
         set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, max-age=0";
@@ -39,7 +49,7 @@
 
     # Add an easy way to see whether custom Fastly VCL has been uploaded
     if ( req.http.Fastly-Debug ) {
-        set resp.http.Fastly-Magento-VCL-Uploaded = "1.2.189";
+        set resp.http.Fastly-Magento-VCL-Uploaded = "1.2.190";
     } else {
         remove resp.http.Fastly-Module-Enabled;
         remove resp.http.fastly-page-cacheable;
diff --git a/etc/vcl_snippets/fetch.vcl b/etc/vcl_snippets/fetch.vcl
index 307a2d79..f2eb2765 100644
--- a/etc/vcl_snippets/fetch.vcl
+++ b/etc/vcl_snippets/fetch.vcl
@@ -72,6 +72,7 @@
         return (pass);
     }
 
+    # We are extending the default Fastly behavior to include no-cache/no-store in addition to private
     if (beresp.http.Cache-Control ~ "private|no-cache|no-store") {
         set req.http.Fastly-Cachetype = "PRIVATE";
         return (pass);
@@ -88,6 +89,9 @@
 
     if (beresp.http.x-amz-request-id) {
         # If assets are coming from Amazon they may have no Cache-Control headers which may make them uncacheable
+
+        # If the object is coming with no Expires, Surrogate-Control or Cache-Control headers we assume it's a misconfiguration
+        # and we will not cache it. This is to prevent inadventently caching private data
     } else if (!beresp.http.Expires && !beresp.http.Surrogate-Control ~ "max-age" && !beresp.http.Cache-Control ~ "(s-maxage|max-age)") {
         # Varnish sets default TTL if none of the headers above are present. If not set we want to make sure we don't cache it
         set beresp.ttl = 0s;
@@ -101,14 +105,14 @@
 
         # init surrogate keys
         if (beresp.http.X-Magento-Tags) {
-            set beresp.http.Surrogate-Key = beresp.http.X-Magento-Tags " text";
+            set beresp.http.Surrogate-Key = beresp.http.X-Magento-Tags + " text text-" + table.lookup(magentomodule_config, "current_version", "DEFAULT") ;
         } else {
-            set beresp.http.Surrogate-Key = "text";
+            set beresp.http.Surrogate-Key = "text text-" + table.lookup(magentomodule_config, "current_version", "DEFAULT");
         }
 
         # set surrogate keys by content type if they are image/script or CSS
         if (beresp.http.Content-Type ~ "(image|script|css)") {
-            set beresp.http.Surrogate-Key = re.group.1;
+            set beresp.http.Surrogate-Key = re.group + " " + re.group.1 + "-" + table.lookup(magentomodule_config, "current_version", "DEFAULT");
         }
     }
 
diff --git a/etc/vcl_snippets/hash.vcl b/etc/vcl_snippets/hash.vcl
index da416ba7..a5c28fe9 100644
--- a/etc/vcl_snippets/hash.vcl
+++ b/etc/vcl_snippets/hash.vcl
@@ -1,3 +1,6 @@
+    # Add support for versions of the cache depending on the blue/green model. If not specified default to DEFAULT
+    set req.hash += req.http.Platformsh-Version;
+
     if (req.http.graphql) {
         # GraphQL should cache on X-Magento-Cache-Id if available, which has a bunch of variations so it should be part of the key and not a Vary factor
         if (req.http.X-Magento-Cache-Id) {
diff --git a/etc/vcl_snippets/miss.vcl b/etc/vcl_snippets/miss.vcl
index 1bb8a15f..a51e4628 100644
--- a/etc/vcl_snippets/miss.vcl
+++ b/etc/vcl_snippets/miss.vcl
@@ -3,4 +3,4 @@
     unset bereq.http.Accept-Encoding;
 
     # Send VCL version uploaded to the backend
-    set bereq.http.Fastly-Magento-VCL-Uploaded = "1.2.189";
+    set bereq.http.Fastly-Magento-VCL-Uploaded = "1.2.190";
diff --git a/etc/vcl_snippets/pass.vcl b/etc/vcl_snippets/pass.vcl
index e3fe20d2..2939ca2d 100644
--- a/etc/vcl_snippets/pass.vcl
+++ b/etc/vcl_snippets/pass.vcl
@@ -12,4 +12,4 @@
     }
 
     # Send VCL version uploaded to the backend
-    set bereq.http.Fastly-Magento-VCL-Uploaded = "1.2.189";
+    set bereq.http.Fastly-Magento-VCL-Uploaded = "1.2.190";
diff --git a/etc/vcl_snippets/recv.vcl b/etc/vcl_snippets/recv.vcl
index 41092b31..33a8626d 100644
--- a/etc/vcl_snippets/recv.vcl
+++ b/etc/vcl_snippets/recv.vcl
@@ -1,3 +1,26 @@
+    # Don't allow clients to force a pass, mess with rate limiting or admin path
+    if (req.restarts == 0) {
+        unset req.http.x-pass;
+        unset req.http.Rate-Limit;
+        unset req.http.magento-admin-path;
+    }
+    unset req.http.x-long-cache;
+
+    if ( table.lookup(magentomodule_config, "current_version", "DEFAULT") != table.lookup(magentomodule_config, "next_version", "DEFAULT") ) {
+      # Check if user has the deploy version
+      if ( req.http.Cookie:deploy_version !=  table.lookup(magentomodule_config, "current_version", "DEFAULT")
+          && req.http.Cookie:deploy_version != table.lookup(magentomodule_config, "next_version", "DEFAULT") ) {
+        # Next Version differs from Current Version. Let's roll out a percentage of traffic
+        if (randombool(std.atoi(table.lookup(magentomodule_config, "rollout_percentage", "0")), 100)) {
+          set req.http.Platformsh-Version = table.lookup(magentomodule_config, "next_version");
+        }
+    }
+    
+    # If request version has not been set by rollout percentage set to current version
+    if ( !req.http.Platformsh-Version ) {
+      set req.http.Platformsh-Version = table.lookup(magentomodule_config, "current_version", "DEFAULT");
+    }
+
     # When using Magento tester to test whether your site is configured properly
     # this uses a bypass secret. By default we will use service ID as the bypass secret
     # however user can override this by defining a bypass_secret key in the
@@ -44,8 +67,6 @@
         }
     }
 
-    unset req.http.x-long-cache;
-
     # We want to force long cache times on any of the versioned assets
     if (req.url.path ~ "^/static/version\d*/") {
        set req.http.x-long-cache = "1";
@@ -129,15 +150,6 @@
         set req.url = querystring.regfilter(req.url, "^(####QUERY_PARAMETERS####)$");
     }
 
-    # Don't allow clients to force a pass
-    if (req.restarts == 0) {
-        if ( !req.http.bypass-secret ) {
-            unset req.http.x-pass;
-        }
-        unset req.http.Rate-Limit;
-        unset req.http.magento-admin-path;
-    }
-
     # Pass on checkout URLs. Because it's a snippet we want to execute this after backend selection so we handle it
     # in the request condition
     if (!req.http.x-long-cache && req.url ~ "/(checkout|customer/section/load)") {