The Cache-Control header is used to define a resource’s cache policy.
Several directives under Cache-Control define the exact caching conditions of a resource.
Below are the most widely used.
1. max-age
This directive controls how long a cached resource will remain in the browser in seconds.
For example, ‘Cache-Control: max-age=1800’ means a resource can be retrieved from the cache for half an hour.
2. Private vs. Public
Responses marked ‘Private’ are typically intended for single users only, so they cannot be cached publicly (e.g., by a CDN) and can only be cached privately (by the user’s browser).
On the other hand, ‘Public’ indicates that the resource can be stored in a shared cache, even if the page requires HTTP authentication.
Usually, the ‘Public’ directive isn’t necessary because caching information such as ‘max-age’ indicate a response can be cached anyway.
3. no-store and no-cache
The ‘no-store’ response directive prevents all browsers and intermediate caches from storing the resource.
Simply put, it means never cache the response in any form.
On the other hand, ‘no-cache’ allows caching, but it forces the browser to revalidate the resource against the server on each request.
The browser will cache if a ‘304: no change’ status is returned.
4. must-revalidate
This directive prevents the use of stale resources. Stale resources must be revalidated against the origin server before being delivered to the client.