The Cache-Control HTTP header


Cache-Control is a cache control header that specifies cache properties of the response such as:

  • enable / disable cache
  • the scope of the response (public / private)
  • the type (immutable, …)
  • and the age (ttl)


Cache in the browser only for the user

Cache-Control: private, no-transform, max-age=xxxxx'

No cache at all

Cache-Control: no-store

Cache but validate every time the freshness

Cache but validate every time the freshness.

Cache-Control: no-cache

Cache in the browser and proxy with a max-age

Cache-Control: public, maxage=[seconds]

No Cache for Proxy

Resources are not cached by proxy 1) if the Cache-Control header has one of the following value:

  • max-age=0 ors-max-age=0,
  • private,
  • no-cache, no-store
  • or an Expires header with an already expired date.

Value Description

The value description is:

Value Description Applies to
No, no
no-store Don't ever store this content
no-cache Re-validate before serving this content
no-transform Don't modify the content in transit (such as minify,…) intermediate caches
immutable Indicate that the resource if unexpired, is unchanged on the server and therefore should not send a conditional revalidation for it
Scope: Public vs Private (User)
private May be cached by the user's Browser / not by any intermediate caches (Default, Mutually exclusive with public). This content is for a single user All cache store
public Content can be cached anywhere (browser / intermediate caches) All cache store
For public cache (the Time to Live)
max-age=[seconds] Caches can store this content for n seconds All cache store
s-maxage=[seconds] Proxy Caches can store this content for n seconds Proxy cache
must-revalidate Indicates that once a resource becomes stale, caches must not use their stale copy without successful validation on the origin server. Browser
proxy-revalidate Same as must-revalidate, but only for shared caches (e.g., proxies). Ignored by private caches. Proxy cache
Stale rfc5861 - HTTP Cache-Control Extensions for Stale Content
stale-if-error allows a cache to return a stale response when an error – e.g., a 500 Internal Server Error, a network segment, or DNS failure – is encountered, rather than returning a “hard” error.
stale-while-revalidate allows a cache to immediately return a stale response while it revalidates it in the background, thereby hiding latency (both in the network and on the server) from clients.


How to set the Cache-Control header with Apache

If the mod_header is present, Apache can send the caching header.

Example in the root htaccess, max age is in second for files name that match a regular expression.

# Cache File
<IfModule mod_headers.c>
    # WEEK
    <FilesMatch "\.(jpg|jpeg|png|gif|swf)$">
        Header set Cache-Control "max-age=604800, public"

    # WEEK
    <FilesMatch "\.(js|css|swf)$">
        Header set Cache-Control "max-age=604800"

Discover More
Map Of Internet 1973
Data Cache - Time to Live (TTL) or hop limit

The TTL is the maximum timespan of data in a cache. Once the timespan has elapsed, data is discarded or revalidated. A DNS record has a TTL attached A HTTP cache with the max-age and s-max-age...
HTTP - Cache (Cache-Control Header, Bursting, )

When sending a response, several headers have an influence / control over the cache store, we call them cache control headers The cache control header are: Name Description Cache-Control Define properties...
Chrome Devtool Network 304
How to implement and check a Web / HTTP cache ?

Implementing and verifying that the HTTP cache is set and working properly is not a straightforward task. This article gives you a step by step.
Card Puncher Data Processing
The Apache htaccess file

The Apache htaccess file permits to set a configuration based on the directory layout of your website
Page Loading Key Moment
Web - Timeline of a page load (Page Speed|Page Latency)

Page load is the latency performance metrics that cumulates: TCP latency (ie how fast, the network will receive the HTTP request and send back the HTTP response ) HTTP latency (ie how fast the web...
What is an Authorization Server in Oauth?

The Authorization Server in Oauth is one of the 4 oauth roles. It's the server issuing access tokens to the client after successfully authenticating the resource owner and obtaining authorization. ...
What is the HTTP Pragma header

Pragma'' is a cache control headers that allows backwards compatibility with HTTP/1.0 caches

Share this page:
Follow us:
Task Runner