What is the Cache-Control Header

From Brian Nelson Ramblings
Jump to: navigation, search

What is the Cache-Control Header

Cache-control is an HTTP header used to specify browser caching policies in both client requests and server responses.

Policies include how a resource is cached, where it’s cached and its maximum age before expiring (i.e., time to live).

The cache-control header is broken up into directives, the most common of which are detailed below:

Cache-Control: Max-Age

The max-age request directive defines, in seconds, the amount of time it takes for a cached copy of a resource to expire. After expiring, a browser must refresh its version of the resource by sending another request to a server.

For example, cache-control: max-age=120 means that the returned resource is valid for 120 seconds, after which the browser has to request a newer version.

===Cache-Control: No-Cache The no-cache directive mea===ns that a browser may cache a response, but must first submit a validation request to an origin server.

Cache-Control: No-Store

The no-store directive means browsers aren’t allowed to cache a response and must pull it from the server each time it’s requested. This setting is usually used for sensitive data, such as personal banking details.

Cache-Control: Public

The public response directive indicates that a resource can be cached by any cache.

Cache-Control: Private

The private response directive indicates that a resource is user specific—it can still be cached, but only on a client device. For example, a web page response marked as private can be cached by a desktop browser, but not a content delivery network (CDN).

Additional HTTP Cache Headers

In addition to cache-control, notable HTTP cache headers include:

  • Expires – This header specifies a fixed date/time for the expiration of a cached resource. For example, Expires: Sat, 13 May 2017 07:00:00 GMT signals that the cached resource expires on May 13, 2017 at 7:00 am GMT. The expires header is ignored when a cache-control header containing a max-age directive is present.
  • ETag – A response header that identifies the version of served content according to a token – a string of characters in quotes, e.g., "675af34563dc-tr34" – that changes after a resource is modified. If a token is unchanged before a request is made, the browser continues to use its local version.
  • Vary – A header that determines the responses that must match a cached resource for it to be considered valid. For example, the header Vary: Accept-Language, User-Agent specifies that a cached version must exist for each combination of user agent and language.

CDNs and Cache-Control

The variety of caching headers can make manual cache management overwhelming. CDNs allow for granular cache policy management through a user-friendly dashboard, relieving you of the need to manually tweak individual headers.

In addition to simplifying cache management, CDNs augment the browser caching process using proxies. Proxy caching brings content closer to site visitors, accelerating the delivery of locally stored resources. This is especially beneficial for first-time visitors whose browsers have yet to cache site content.

Finally, more advanced CDNs use advanced automation techniques, including machine learning, to cache dynamically generated content and resources. This optimizes your caching policies and further speeds up content delivery.

Tool to check your Headers

SecurityHeaders - Checking Googles Headers