- Private browser caches
- store content in user's browser
- no requiring an additional trip to the server
- improves offline browsing
- Shared proxy caches
- store content on the proxy server itself
- reducing network traffic and latency
Common forms of caching entries:
- GET 200 (OK)
- 301 (Moved Permanently)
- 404 (Not Found)
- 206 (Partial Content)
Not store anything
Cache-Control: no-store
Cache-Control: no-cache
Note that no-cache does not mean "don't cache". no-cache allows caches to store a response, but requires them to revalidate it before reuse.
Allow/disallow storing by a shared cache proxy
Cache-Control: private
Cache-Control: public
- Maximum amount of time(seconds) in which a resource will be considered fresh
- Overrides the
Expires
Cache-Control: max-age=31536000
Must verify the status of stale resources before using them
Cache-Control: must-revalidate
-
must-revalidate means:
- Once the cache expires, refuse to return stale responses to the user even if they say that stale responses are acceptable.
-
Whereas no-cache implies:
must-revalidate
plus the fact the response becomes stale right away.
-
max-age=0, must-revalidate
≈no-cache
- Chrome has the same behavior in implementation
Used for backwards compatibility with HTTP/1.0
Pragma: no-cache
first check whether the cache is fresh
Cache-Control: max-age=100
Expires: Wed, 21 Oct 2025 07:28:00 GMT
(ignored if Cache-Control present)
is fresh
- use cache
found outdated and send
If-None-Match: <etag_value>
If-None-Match: W/"67ab43
then
- ETag matching
- 304 Not Modified
- use cache
or
- ETag not matching
- return new resource (200)
Cache-Control/Expires
not set- Look for
Last-Modified
In practise most browsers use the following algorithm
freshnessLifetime = (now() - Last-modified) / 10
expirationTime = responseTime + freshnessLifetime - currentAge
*responseTime: the time when response was received
- Browser estimate a plausible expiration time itself
- There's no way to evict them from the cache, once your assets are cached by browsers
- The requests won't reach the server before expirationTime
- Duration for which files are cached will be different for every user
- When a cached resource's expiration time has been reached or set
Cache-Control: must-revalidate/no-cache
- Validation can only occur if the server provided either a strong validator or a weak validator.
- used as a strong validator
used as a weak validator
- has 1-second resolution
Vary: User-Agent, Accept-Encoding
- javascript
location.reload(true)
- html meta
<meta http-equiv="cache-control" content="no-store">