The Cache-Control header is used to define a resource’s cache policy.

Several directives under Cache-Control define the exact caching conditions of a resource.

Below are the most widely used.

1. max-age

This directive controls how long a cached resource will remain in the browser in seconds.

For example, ‘Cache-Control: max-age=1800’ means a resource can be retrieved from the cache for half an hour.

2. Private vs. Public

Responses marked ‘Private’ are typically intended for single users only, so they cannot be cached publicly (e.g., by a CDN) and can only be cached privately (by the user’s browser).

On the other hand, ‘Public’ indicates that the resource can be stored in a shared cache, even if the page requires HTTP authentication.

Usually, the ‘Public’ directive isn’t necessary because caching information such as ‘max-age’ indicate a response can be cached anyway.

3. no-store and no-cache

The ‘no-store’ response directive prevents all browsers and intermediate caches from storing the resource.

Simply put, it means never cache the response in any form.

On the other hand, ‘no-cache’ allows caching, but it forces the browser to revalidate the resource against the server on each request.

The browser will cache if a ‘304: no change’ status is returned.

4. must-revalidate

This directive prevents the use of stale resources. Stale resources must be revalidated against the origin server before being delivered to the client.


Full Stack Developer

About the Author

I’m passionate about web development and design in all its forms, helping small businesses build and improve their online presence. I spend a lot of time learning new techniques and actively helping other people learn web development through a variety of help groups and writing tutorials for my blog about advancements in web design and development.

View Articles