DuckDuckGo Private Browser Apps on Google Play

The no-cache request directive asks caches to validate the response with the origin server before reuse. In general, when pages are under Basic Auth or Digest Auth, the browser sends requests with the Authorization header. This means that the response is access-controlled for restricted users (who have accounts), and it’s fundamentally not shared-cacheable, even if it has max-age. The no-cache response directive indicates that the response can be stored in caches, but the response must be validated with the origin server before each reuse, even when the cache is disconnected from the origin server. Ask the origin server whether or not the stored response is still fresh. Usually, the revalidation is done through a conditional request.

In such a case, you could address the caching needs by using a specific, numbered version of the library, and including the hash of the picture in its URL. When you build static assets with versioning/hashing mechanisms, adding a version/hash to the filename or query string is a good way to manage caching. Note that the major browsers do not support requests with max-stale. If no request happened during that period, the cache became stale and the next request will revalidate normally. If a cache supports must-understand, it stores the response with an understanding of cache requirements based on its status code. For reference (for our own personal cache control, heh) that MDN page was last updated on June 1, 2022; and I pulled that quote on June 10, 2022 (archive June 8).

• By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.
• Which makes both these directives moot or at least poorly named since they can’t properly revalidate unless the request also includes other headers that then cause ‘always revalidate’ anyway.
• However, if “no-store” is in the response, the intermediate cache sever is not supposed to store the content.

See answer here: How to control web page caching, across all browsers?

The must-revalidate directive ought to be used by servers if and only if failure to validate a request on the representation could result in incorrect operation, such as a silently unexecuted financial transaction. The browser cache should not be used and when you load the page or refresh it, the content should be served from the server, not from the cache. There are different methods and if not specified, will use default. Intermediate cache servers compatible with HTTP 1.1 will obey the same no-cache and must-revalidate instructions as browser caches will.

If you don’t add a Cache-Control header because the response is not intended to be cached, that could cause an unexpected result. Cache storage is allowed to cache it heuristically — so if you have any requirements on caching, you should always indicate them explicitly, in the Cache-Control header. If you don’t want a response stored in caches, use the no-store directive. For example, a request with the header above indicates that the browser will accept a stale response from the cache that has expired within the last hour.

Part and Inventory Search

• General differences between browser history and the normal HTTP caching are described in a specific sub-section of the spec.
• There are no cache directives for clearing already-stored responses from caches on intermediate servers.
• No-store is effectively the full do not cache directive and is intended to prevent storage of the representation in any form of cache whatsoever.
• There are times when you may want to mix methods even on the same resource based on context.
• This space is certainly dominated by reality of implementations vs what happens to have been written in various RFCs.

Alright, this is due to the pain that godaddy gives me by implementing their own caching in a MANAGED WORDPRESS hosting. I looked it up and as it turns out, their flush caching facility is not available to me in the wordpress dashboard as it is a subdirectory /wp/ installation. Find centralized, trusted content and collaborate around the technologies you use most.

If a caching system correctly implements no-store, then you wouldn’t need no-cache. Additionally, some browsers implement no-cache like it was no-store. Thus, while not strictly required, it’s probably safest to include both.

Cache-Control header

The proxy-revalidate response directive is the equivalent of must-revalidate, but specifically for shared caches only. Cache storage isn’t required to remove stale responses immediately because revalidation could change the response from being stale to being fresh again. Though this directive sounds like it is instructing the browser not to cache the page, there’s a subtle difference. The “no-cache” directive, according to the RFC, tells the browser that it should revalidate with the server before serving the page from the cache. Revalidation is a neat technique that lets the application conserve band-width. If the page the browser has cached has not changed, the server just signals that to the browser and the page is displayed from the cache.

Also no-store technically means must not store to any non-volatile bqqq storage (disk) and release it from volatile storage (memory) ASAP. A client request with no-store shouldn’t write to disk or database and is meant to transient. There are times when you may want to mix methods even on the same resource based on context.

Instant Answers

It stores a single response and reuses it with multiple users — so developers should avoid storing personalized contents to be cached in the shared cache. My current understanding is that it is just for intermediate cache server. Even if “no-cache” is in response, intermediate cache server can still save the content to non-volatile storage. The intermediate cache server will decide whether using the saved content for following request. However, if “no-store” is in the response, the intermediate cache sever is not supposed to store the content.

No-transform indicates that any intermediary (regardless of whether it implements a cache) shouldn’t transform the response contents. This space is certainly dominated by reality of implementations vs what happens to have been written in various RFCs. Many proxies in particular tend to think they do a better job of “improving performance” by replacing the policy they are supposed to be following with their own. No-store should not be necessary in normal situations, and in some cases can harm speed and usability.

Disable Browser Caching with Meta HTML Tags

Clients can use this header when the user requires the response to not only be fresh, but also requires that it won’t be updated for a period of time. No-cache allows clients to request the most up-to-date response even if the cache has a fresh response. When you use a cache-busting pattern for resources and apply them to a long max-age, you can also add immutable to avoid revalidation. If a request doesn’t have an Authorization header, or you are already using s-maxage or must-revalidate in the response, then you don’t need to use public. With no-cache, it would just show the cached content, which would be probably preferred by the user (better to have something stale than nothing at all). If a server response is cacheable for 10 seconds, then must-revalidate kicks in after 10 seconds, while no-cache kicks in immediately.

HTTP 1.1 section 13.13 says that “expiration time does not apply to history mechanisms.” The no-cache header describes expiration, and so doesn’t apply to history mechanisms such as the back button. Thus, the user can navigate backward to a previous page with no-cache without the server being contacted. In fact, it means “revalidate with server” before using any cached response you may have, on every request. Use a no-cache to make sure that the HTML response itself is not cached. No-cache could cause revalidation, and the client will correctly receive a new version of the HTML response and static assets. The must-understand response directive indicates that a cache should store the response only if it understands the requirements for caching based on status code.

However, my empirical testing has shown that when ETag or modified header data is included in responses, the agents always revalidate anyway, regardless of the presence of the must-revalidate header. By just setting must-revalidate but not including either an ETag or Last-Modified, the agent can only get the content again since it has nothing to send to the server to compare. The thing is, with web services, you have to take a negative view and assume the worst for your unknown client apps. Have never looked back or had a single issue with stale content by any browser or intermediaries since. Originally we used no-cache many years ago and did run into some problems with stale content with certain browsers… For chrome, no-cache is used to reload the page on a re-visit, but it still caches it if you go back in history (back button).

The public response directive indicates that the response can be stored in a shared cache. Responses for requests with Authorization header fields must not be stored in a shared cache; however, the public directive will cause such responses to be stored in a shared cache. There are no cache directives for clearing already-stored responses from caches on intermediate servers. The stale-if-error response directive indicates that the cache can reuse a stale response when an upstream server generates an error, or when the error is generated locally. Here, an error is considered any response with a status code of 500, 502, 503, or 504. The no-store request directive allows a client to request that caches refrain from storing the request and corresponding response — even if the origin server’s response could be stored.

It does this by requiring caches to revalidate each request with the origin server. This usually means the response can be reused for subsequent requests, depending on request directives. As you identified, no-cache doesn’t mean there is never caching, but rather that the user agent has to always ask the server if it’s OK to use what it cached. By contrast, no-store says to not even keep a copy, which means there’s nothing to ask about. If you know the answer to “Can I reuse this?” is always no, you get a performance boost by skipping cache validation and saving room in the cache for other data.