← Lessons

quiz vs the machine

Silver1050

Networking

HTTP Cache Control Directives

How servers tell browsers and proxies what may be stored and reused.

4 min read · intro · beat Silver to climb

What cache control governs

The Cache-Control header is the modern way an HTTP response declares whether it can be stored, by whom, and for how long. It replaced the older Expires header because it is more precise and not tied to a clock that two machines might disagree on.

Common directives

  • max-age sets how many seconds the response stays fresh. After that it is stale and may need revalidation.
  • no-cache allows storage but forces a revalidation with the origin before each reuse.
  • no-store forbids storing the response anywhere, used for sensitive data.
  • private lets a browser cache the response but bars shared proxies from holding it.
  • public explicitly permits shared caches to store the response.
  • must-revalidate says a stale entry must not be served without checking the origin first.

A subtle point is the difference between private and no-store. Private still allows the user's own browser to keep a copy, while no-store removes every copy as soon as it is used. Choosing the wrong one either leaks data into shared caches or destroys performance.

Key idea

Cache-Control directives like max-age, no-cache, and private let a server precisely state who may store a response and for how long.

Check yourself

Answer to earn rating on the learn ladder.

1. What does the private directive mean?

2. How does no-cache differ from no-store?