Cache-Control Header

The Cache-Control HTTP header is used to specify cache conditions and duration for both requests and responses. Resources can define their own caching policy via the Cache-Control HTTP header.

Cache-Control Header Syntax

The Cache-Control header is broken up into directives. Directives are responsible for cache conditions and duration and may have an optional argument. Multiple directives must be separated by a comma.

Cache-Control: directive1, directive2, directive3

Or you may add each directive in a separate line.

Cache-Control: directive1
Cache-Control: directive2
Cache-Control: directive3

An example of a request with 'Cache-Control: no-cache, no-store, must-revalidate' header that requires a fresh version of the resource (prevents caching) and works across all servers and proxies.

Prevent Caching Live Example
GET / HTTP/1.0
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0

Cache-Control Header Examples

Preventing Caching
Cache-Control: no-store

The 'no-store' directive applies to both private and shared caches. This directive indicates that no part of the request or response must be stored and the information must be removed as soon as possible after being forwarded.

Caching Static Assets
Cache-Control: public, max-age=31536000

The 'public' response directive indicates that a resource is available for any cache; that it may be cached by any cache, even if it would normally be non-cacheable or cacheable only within a non-shared cache.

Private Directive
Cache-Control: private, max-age=600

This response can be cached by the client’s browser only for up to 10 minutes (max-age=600). The private response directive indicates that the resource depends on the user - it can still be cached, but only on the client device. For example, a webpage response marked as private may be cached by the browser on the desktop, but not by the content delivery network (CDN).

Request Revalidation
Cache-Control: no-cache
Cache-Control: max-age=0

Specifying 'no-cache' and 'max-age=0' points out the possibility of caching a resource. The stored response must be validated first with the origin server before using it.

Revalidating Stale Responses
Cache-Control: must-revalidate

When the 'must-revalidate' directive is present in a response the client must revalidate the response after it becomes stale.