How response caching works

Response caching is where a browser or CDN stores a copy of a response to improve performance. When a response is cached, future requests for the same resources can use the cached response rather than needing to request the resource again.

Response caching can be risky when used incorrectly. For example, if an application shows user-specific content to logged-in users, then incorrectly configured response caching can lead to security and privacy issues such as CDNs sending responses that contain sensitive account information to the wrong user.

Note

ServerPilot does not configure servers to cache responses on the server.

Expires headers

The Expires response header tells browsers the date at which the content of the response should stop being cached.

Expires: Thu, 05 Apr 2063 12:00:00 GMT

It is easier to set cache expiration using a Cache-Control header with a max-age directive because no date calculation or date formatting is required for the max-age directive.

Note

If a response contains both an Expires header and a Cache-Control header with either a max-age or s-maxage directive, the Expires header is ignored.

Cache-Control headers

The Cache-Control response header tells browsers and CDNs whether the response can be cached and, if so, for how long.

max-age — cache expiration

The max-age=N directive indicates the response can be cached for up to N seconds.

Cache-Control: max-age=86400

s-maxage — CDN cache expiration

The s-maxage=N directive indicates the response can be cached in a shared cache such as a CDN’s cache for up to N seconds. The s-maxage directive is ignored by browsers.

Cache-Control: s-maxage=3600

A response can indicate different cache expirations for browsers and CDNs by using both max-age=N and s-maxage=N directives.

Cache-Control: max-age=86400, s-maxage=3600

no-cache does not mean “don’t cache”

The no-cache directive does not prevent content from being cached. Rather, the no-cache directive indicates cached content should not be used without first checking to see if there is a newer version of the content such as by using an If-Modified-Since request header.

Cache-Control: no-cache

no-store means “don’t cache”

The no-store directive indicates the response should not be cached by browsers or CDNs.

Cache-Control: no-store

Use multiple directives

Multiple directives can be separated by commas or split across multiple Cache-Control headers.

For example:

Cache-Control: max-age=86400, s-maxage=3600

is equivalent to:

Cache-Control: max-age=86400
Cache-Control: s-maxage=3600

Last-Modified headers

When a Last-Modified response header exists, browsers and CDNs will include an If-Modified-Since header in future requests for the same resource to indicate the version of the resource they already have. If the content has not changed on the server, the server can respond with a 304 Not Modified status to indicate the client has the latest version of the resource.

For static content, ServerPilot configures your server to include a Last-Modified response header and to check for If-Modified-Since headers in requests.

For dynamic content, an app’s code may include Last-Modified headers in responses and check for If-Modified-Since headers in requests.