Summary of Cache-Related HTTP Headers

Long ago (long before the first post in this blog!) I’ve composed a list of cache-related HTTP headers, so I would not need to go through the trial-and-error process of guessing the right combination more than once. Recently I got another question about caching and it took me a lot of time to recall where I saw this list last time. So now I’m placing it here.

Please treat the explanations below as quick and incomplete summary. For full specification of “Pragma”, “Cache-Control” and “Expires” headers refer to HTTP/1.1 specification.

Caching in HTTP 1.1

Following directive does not prevent caching despite its name. It allows caching of the page, but specifies that the cache must ask the originating web server if the page is up-to-date before serving the cached version. So the cached page can still be served up if the originating web server says so. Applies to all caches.

Cache-Control: no-cache

Following directive tells the browser that the page has expired and must be treated as stale. Should be good news as long as the caches obey.

Expires: Thu, 01 Jan 1970 00:00:00 GMT

Following directive specifies that the page contains information intended for a single user only and must not be cached by a shared cache (e.g. a proxy server).

Cache-Control: private

Following directive specifies that a cache must not store any part of the response or the request that elicited it.

Cache-Control: no-store

Following directive tells the cache that the maximum acceptable staleness of a page is 0 seconds.

Cache-Control: max-stale=0

Caching in HTTP 1.0

Following directive is the only cache control directive for HTTP 1.0, so use it in addition to any HTTP 1.1 cache control headers you include.

Pragma: no-cache

Downloads over HTTPS in IE

There is a known implementation problems in Internet Explorer (both pre-IE9 and IE9), that prevents IE to download documents over HTTPS when they are sent with some no-cache directives (like “Cache-Control: no-store” or “Cache-Control: no-cache”). Possible solutions include sending either different cache headers or no cache control headers at all.
Following headers are known to work in IE for file download over HTTPS:

Cache-Control: max-stale=0
Cache-Control: max-age=0

Usage sample: Java

The following mix is recommended for use in order to disable caching on specific pages:

response.setHeader("Pragma", "no-cache");
response.setDateHeader ("Expires", 0);
response.setHeader("Cache-Control", "no-cache");
response.addHeader("Cache-Control", "private");
response.addHeader("Cache-Control", "no-store");
response.addHeader("Cache-Control", "max-stale=0");

See also: Microsoft KB: How to prevent caching in Internet Explorer

Leave a Reply