Cache-Control header HTTP MDN
by admin
admin No Comments

Many browsers use this directive for reloading, as explained below. This feature is well established and works across many devices and browser versions. By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy. This page was last modified on ⁨Jul 4, 2025⁩ by MDN contributors. Must-understand should be coupled with no-store for fallback behavior.

stale-if-error

  • Many browsers use this directive for reloading, as explained below.
  • Note that s-maxage or must-revalidate also unlock that restriction.
  • This section lists directives that affect caching — both response directives and request directives.
  • Must-revalidate is a way to prevent this from happening – either the stored response is revalidated with the origin server or a 504 (Gateway Timeout) response is generated.
  • HTTP 1.1 section 13.13 says that “expiration time does not apply to history mechanisms.” The no-cache header describes expiration, and so doesn’t apply to history mechanisms such as the back button.

The stale-while-revalidate response directive indicates that the cache could reuse a stale response while it revalidates it to a cache. In general, when pages are under Basic Auth or Digest Auth, the browser sends requests with the Authorization header. This means that the response is access-controlled for restricted users (who have accounts), and it’s fundamentally not shared-cacheable, even if it has max-age. The proxy-revalidate response directive is the equivalent of must-revalidate, but specifically for shared caches only. This usually means the response can be reused for subsequent requests, depending on request directives.

When you build static assets with versioning/hashing mechanisms, adding a version/hash to the filename or query string is a good way to manage caching. If you don’t want a response stored in caches, use the no-store directive. For example, a request with the header above indicates that the browser will accept a stale response from the cache that has expired within the last hour.

Cache-Control header

The no-store response directive indicates that any caches of any kind (private or shared) should not store this response. Client would ask server if it has new version of data using those headers and if the answer is no it will serve cached data. If you don’t add a Cache-Control header because the response is not intended to be cached, that could cause an unexpected result.

When a user reloads the browser, the browser will send conditional requests for validating to the origin server. The public response directive indicates that the response can be stored in a shared cache. Responses for requests with Authorization header fields must not be stored in a shared cache; however, the public directive will cause such responses to be stored in a shared cache. The no-store request directive allows a client to request that caches refrain from storing the request and corresponding response — even if the origin server’s response could be stored. Aside from performance, there is a behavior difference with browser history.

For modern web browsers (After IE

Caching headers are unreliable in meta elements; for one,any web proxies between the site and the user will completely ignorethem. You should always use a real HTTP header for headers such asCache-Control and Pragma. The list is just examples of different techniques, it’s not for directinsertion.

  • If you want caches to always check for content updates while reusing stored content, no-cache is the directive to use.
  • Note that the major browsers do not support requests with min-fresh.
  • When you update the library or edit the picture, new content should have a new URL, and caches aren’t reused.
  • After the stale-if-error period passes, the client will receive any error generated.
  • Imagine that clients/caches store a fresh response for a path, with no request flight to the server.

Caching static assets with “cache busting”

Usually, the revalidation is done through a conditional request. As you identified, no-cache doesn’t mean there is never caching, but rather that the user agent has to always ask the server if it’s OK to use what it cached. By contrast, no-store says to not even keep a copy, which means there’s nothing to ask about. If you know the answer to “Can I reuse this?” is always no, you get a performance boost by skipping cache validation and saving room in the cache for other data. Adding no-cache to the response causes revalidation to the server, so you can serve a fresh response every time — or if the client already has a new one, just respond 304 Not Modified. The no-cache request directive asks caches to validate the response with the origin server before reuse.

The immutable response directive indicates that the response will not be updated while it’s fresh. No-cache doesn’t mean “don’t cache this” (that would be no-store). No-cache means don’t use this for normal loads unless the resource is revalidated for freshness. However, cacheing headers are unreliable in meta elements; for one, any web proxies between the site and the user will completely ignore them. You should always use a real HTTP header for headers such as Cache-Control and Pragma.

Clearing an already-stored cache

If a cache supports must-understand, it stores the response with an understanding of cache requirements based on its status code. This section lists directives that affect caching — both response directives and request directives. You can add a long max-age value and immutable because the content will never change.

Note that the major browsers do not support requests with max-stale. After the stale-if-error period passes, the client will receive any error generated. If no request happened during that period, the cache became stale and the next request will revalidate normally. Revalidation will make the cache be fresh again, so it appears to clients that it was always fresh during that period — effectively hiding the latency penalty of revalidation from them.

HTTP allows caches to reuse stale responses when they are disconnected from the origin server. Must-revalidate is a way to prevent this from happening – either the stored response is revalidated with the origin server or a 504 (Gateway Timeout) response is generated. The must-revalidate response directive indicates that the response can be stored in caches and can be reused while fresh. If the response becomes stale, it must be validated with the origin server before reuse. Cache that exists between the origin server and clients (e.g., Proxy, CDN).

What is the difference between no-cache and no-store in Cache-control?

If copied, the second would overwrite the first and thefourth would overwrite the third because of the http-equivdeclarations AND fail with the W3C validator. At most, one could haveone of each http-equiv declarations; pragma, cache-control andexpires. These are completely outdated when using modern up to Roboforex Review date browsers.After IE9 anyway. Chrome and Firefox specifically does not work with these as you would expect, if at all.

Cache storage is allowed to cache it heuristically — so if you have any requirements on caching, you should always indicate them explicitly, in the Cache-Control header. For content that’s generated dynamically, or that’s static but updated often, you want a user to always receive the most up-to-date version. Use a no-cache to make sure that the HTML response itself is not cached. No-cache could cause revalidation, and the client will correctly receive a new version of the HTML response and static assets. The React library version will change when you update the library, and hero.png will also change when you edit the picture.

Leave a Reply

Your email address will not be published. Required fields are marked *