Skip to content

Instantly share code, notes, and snippets.

@thunderrun

thunderrun/HTTP caching.md

Last active May 7, 2023 19:24
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save thunderrun/8aaf158a0dc1eed606d641e6b67cada5 to your computer and use it in GitHub Desktop.
Save thunderrun/8aaf158a0dc1eed606d641e6b67cada5 to your computer and use it in GitHub Desktop.
Download ZIP
HTTP caching cheatsheet
Raw
HTTP caching.md

HTTP caching

Types of caches

  • Private browser caches
    • store content in user's browser
    • no requiring an additional trip to the server
    • improves offline browsing
  • Shared proxy caches
    • store content on the proxy server itself
    • reducing network traffic and latency

Targets of caching operations

Common forms of caching entries:

  • GET 200 (OK)
  • 301 (Moved Permanently)
  • 404 (Not Found)
  • 206 (Partial Content)

Controlling caching

Cache-Control

No caching

Not store anything

Cache-Control: no-store

Cache but revalidate

Cache-Control: no-cache

Note that no-cache does not mean "don't cache". no-cache allows caches to store a response, but requires them to revalidate it before reuse.

Private and public caches

Allow/disallow storing by a shared cache proxy

Cache-Control: private
Cache-Control: public

Expiration

  • Maximum amount of time(seconds) in which a resource will be considered fresh
  • Overrides the Expires
Cache-Control: max-age=31536000

Validation

Must verify the status of stale resources before using them

Cache-Control: must-revalidate
Difference Difference between no-cache and must-revalidate

  • must-revalidate means:

    • Once the cache expires, refuse to return stale responses to the user even if they say that stale responses are acceptable.

  • Whereas no-cache implies:

    • must-revalidate plus the fact the response becomes stale right away.

  • max-age=0, must-revalidateno-cache

    • Chrome has the same behavior in implementation

Pragma

Used for backwards compatibility with HTTP/1.0

Pragma: no-cache

Freshness

first check whether the cache is fresh

  • Cache-Control: max-age=100
  • Expires: Wed, 21 Oct 2025 07:28:00 GMT (ignored if Cache-Control present)

is fresh

  • use cache

found outdated and send

  • If-None-Match: <etag_value>
    • If-None-Match: W/"67ab43

then

  • ETag matching
    • 304 Not Modified
    • use cache

or

  • ETag not matching
    • return new resource (200)

Heuristic freshness checking

  • Cache-Control/Expires not set
  • Look for Last-Modified

In practise most browsers use the following algorithm

freshnessLifetime = (now() - Last-modified) / 10

expirationTime = responseTime + freshnessLifetime - currentAge
*responseTime: the time when response was received
  • Browser estimate a plausible expiration time itself
  • There's no way to evict them from the cache, once your assets are cached by browsers
    • The requests won't reach the server before expirationTime
  • Duration for which files are cached will be different for every user

Cache validation

  • When a cached resource's expiration time has been reached or set Cache-Control: must-revalidate/no-cache
  • Validation can only occur if the server provided either a strong validator or a weak validator.

ETags

  • used as a strong validator

Last-Modified

used as a weak validator

  • has 1-second resolution

Varying responses

Vary: User-Agent, Accept-Encoding

Tips: force reload in HTML file

  • javascript
location.reload(true)
  • html meta
<meta http-equiv="cache-control" content="no-store">
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment