What is cache-control header

The cache-control header was introduced in HTTP 1.1 to replace Expires header, it lets you define the time for which a resource is cachable in seconds from the time response was generated. But cache-control is more complex, it has set of keywords that you can use to control different aspects of resource cachability

Following are the cache-control directives that can appear in the HTTP response

  • max-age: This directive is used to specify time in seconds for which the response is fresh. I.e. if you set value of max-age to say 3600, then browser can reuse the resource without validating for next 1 hr. Same thing with caching proxy it will tell caching proxy to cache resource for 1 hr.

  • private: The private directive gives the browser permission to store a response but prevent shared caching proxies from doing so. This directive is useful if the response contains content customized for particular user

  • public: The public directive means this response can be cached by both caching proxies and browsers. Also response cached by proxies for one user can be reused for other user. If you specify only max-age and don't add private header it will be considered public by default

  • s-maxage: The s-maxage is same as that of the max-age but with difference that it applies to the shared cache. Ex. if you set max-age equal to 3 hr and s-maxage equal to 1 hr. Then browser will consider the resource as fresh for 3 hours. But the caching proxy will consider it fresh for 1 hr.

  • must-validate: The HTTP allows caches to take liberties with the freshness of objects; by specifying this header, you're telling the cache that you want it to strictly follow your rules.

  • proxy-validate: The HTTP allows caches to take liberties with the freshness of objects; by specifying this header, you're telling the cache proxies that you want it to strictly follow your rules

  • no-cache: Tells the browser and cache that they cant reuse the content without checking with the originating server first. Ex. If you send no-cache then the resource will be cached, but next time when cache gets request for the cache it will send conditional GET request to check if the resource is changed. If yes then server will send HTTP 200 response, if the resource is not changed it will send HTTP 304 response

  • no-store: Means the response cannot be written to the cache cache at all. Ex. If you send no-store for a response then cache wont store it at all and next time when it gets request for that resource it will send that request to the originating server, which will send the full response with HTTP 200 status