Avoid caching of the http responses

by

Server-side cache control headers should look like:

Expires: Tue, 03 Jul 2001 06:00:00 GMT
Last-Modified: {now} GMT
Cache-Control: max-age=0, no-cache, must-revalidate, proxy-revalidate

Avoid rewriting URLs on the client because it pollutes caches, and causes other weird semantic issues. Furthermore:

  • Use one Cache-Control header (see rfc 2616) because behaviour with multiple entries is undefined. Also the MSIE specific entries in the second cache-control are at best redundant.

  • no-store is about data security. (it only means don’t write this to disk – caches are still allowed to store the response in memory).

  • Pragma: no-cache is meaningless in a server response – it’s a request header meaning that any caches receiving the request must forward it to the origin.

  • Using both Expires (http/1.0) and cache-control (http/1.1) is not redundant since proxies exist that only speak http/1.0, or will downgrade the protocol.

  • Technically, the last modified header is redundant in light of no-cache, but it’s a good idea to leave it in there.

  • Some browsers will ignore subsequent directives in a cache-control header after they come across one they don’t recognise – so put the important stuff first.

More Related Contents:

  1. What’s the difference between Cache-Control: max-age=0 and no-cache?
  2. What is Cache-Control: private?
  3. Ideal HTTP cache control headers for different types of resources
  4. HTTP Headers: Controlling Cache and History Mechanism
  5. Are HTTP headers case-sensitive?
  6. Custom HTTP headers : naming conventions
  7. Uses of content-disposition in an HTTP response header
  8. How to set HTTP headers (for cache-control)?
  9. ‘Refresh’ HTTP header
  10. Difference between Pragma and Cache-Control headers?
  11. Is there a practical HTTP Header length limit?
  12. What are all the possible values for HTTP “Content-Type” header?
  13. Remove http referer
  14. Why both no-cache and no-store should be used in HTTP response?
  15. Why is Cache-Control attribute sent in request header (client to server)?
  16. How to forward headers on HTTP redirect
  17. Difference between Content-Range and Range headers?
  18. What is q=0.5 in Accept* HTTP headers?
  19. What is a full specification of X-Forwarded-Proto HTTP header?
  20. What HTTP response headers are required
  21. what characters are allowed in HTTP header values?
  22. Does the HTTP Protocol support multiple content types in response headers?
  23. Difference between no-cache and must-revalidate for Cache-Control?
  24. What is the http-header “X-XSS-Protection”?
  25. What does HTTP/1.1 302 mean exactly?
  26. HTTP Cache Control max-age, must-revalidate
  27. Is the Content-Length header required for a HTTP/1.0 response?
  28. Is REST DELETE really idempotent?
  29. Keep-alive header clarification
  30. S3: How to do a partial read / seek without downloading the complete file?

Leave a Comment