HTTP Caching Headers — Cache-Control, ETag, and Expires Explained

Overview

Complete guide to HTTP caching headers including Cache-Control directives, ETag validation, Expires headers, and troubleshooting stale cache issues.

Key Details

• Cache-Control is the primary header for controlling caching behavior in HTTP/1.1+
• Common directives: max-age, no-cache, no-store, public, private, must-revalidate
• ETag provides content-based cache validation — the server returns 304 Not Modified if content unchanged
• Last-Modified/If-Modified-Since provides time-based cache validation
• Expires header is the older HTTP/1.0 approach — Cache-Control takes precedence when both are present

Common Causes

• Stale content served from cache due to overly long max-age values
• no-cache misunderstood — it means 'revalidate before using cache', not 'do not cache'
• CDN caching old content after server-side updates
• Browser serving cached responses for dynamic content that should be fresh

Steps

1. 1Set Cache-Control: no-store for sensitive data (banking, medical) to prevent any caching
2. 2Use Cache-Control: public, max-age=31536000 for static assets with content hashes in filenames
3. 3Implement ETag headers for dynamic content that changes infrequently
4. 4Use Cache-Control: no-cache for content that should always be revalidated before display
5. 5Add Vary header when response differs by Accept-Encoding, Accept-Language, or other request headers
6. 6Purge CDN cache after deployments: use your CDN's purge API or deploy with new asset URLs

Tags

Related Items

More in 2xx Success

Frequently Asked Questions