Get Free Audit

Cache-Control Header

Feb 1, 2012

5213 Pavel Novitsky

One of the most flexible caching tools is the Cache-Control header. It supports a number of directives that can be specified by commas. For example,

Below we mention acceptable directives for the header response.

Directive Description
max-age=n Sets the expiration date of the response equal to n seconds after the request. As opposed to Expires, it eliminates concerns about time synchronization and the expiration date update.
s-maxage=n The same as max-age, but is applicable to shared (proxy) cache.
Public Enables caching of requests, secured with authentication, which by default are not cacheable.
Private Enables caching only in single-user caches (i.e., browsers), forbidding it in shared ones. It is applied, for example, when different users are given different versions of the page. However, this method does not guarantee the data confidentiality. To ensure the latter, it is recommended to use the encrypted protocol HTTPS, which generally is not cacheable at all.
no-cache Requires the cache to send all requests to the source server for verifying the recency of the response, stored in the cache. It is used when it’s necessary to maintain semantic transparency without losing benefits of conditional caching.
no-store Forbids caching the response under any conditions. As well as private, it is not a reliable instrument for protecting information from third parties.
must-revalidate Requires the cache to precisely follow the information about the recency of the stored response. Typically, under certain circumstances (e.g., no internet connection) HTTP allows using the expired cache. Indicating this header, you report a strong need to follow the established rules.
proxy-revalidate The same as must-revalidate, but is applicable to shared cache.
no-transform Some proxy servers can convert headers and even the body of the response (change picture format, append headers, revise their order, etc.). This directive forbids any actions of that kind.

In case of designating conflicting directives, more transparent ones are in priority (they provide the recency of data supplied to clients). In its turn, max-age directive is in higher priority than Expires header.

With that said, to return required HTTP headers of Cache-Control, it’s necessary to add in one of the above-mentioned configuration files the following lines:

Igor Dragun
Partner With Us Let's discuss how to grow your business. Get a Free Quote.
Talk to Igor

This fragment of Apache web server’s configuration file checks the mod_headers presence. If the mod_headers module is available, it activates Cache-Control Http-header response: private for all files with .css and .js extensions and public for all files with the .gif, .jpg and .png extensions.


Along with Expires and Cache-Control headers the web server sends the ETag header – a unique ID for each version of the file. When the server forwards the file to the browser, it marks it at the same time. Later the browser checks whether the newest version is available by sending the HTTP request that includes the If-None-Match header with the last saved ETag value for the requested file. If the content is changed, the server will send a new version of the file. Otherwise, the browser will receive 304 Not modified status and load the file version, already existing in cache. Thus, there is a saving of Web server resources and bandwidth and reducing the page loading total time.

As far as web server nginx finds more use, I will give an example of header configurations for it:

Expect to read caching recommendations and cache proxies’ tricks on February, 8.

Igor Dragun
Partner With Us Looking for a partner to grow your business? We are the right company to bring your webstore to success. Talk to Igor


  1. Thank you for the good post!

    Looks like few lines in the first code example are missing,

    I am seeing only two lines there:

    Header set Cache-control: private
    Header set Cache-control: public

Post a new comment

BelVG Newsletter
Subscribe to our mailing list and get interesting stuff and updates to your email inbox.
Email *