request directive


The response should "NOT" be cached!


The response "MUST NOT" be stored!


Indicate the max time the client will accept the response. Unless "max-stale" is also included, stale response is not accepted.
"max-age=0" cache-control directive, which forces each cache along the path to the origin server to revalidate its own entry. If a request includes the no-cache directive, it SHOULD NOT include min-fresh, max-stale, or max-age.


Indicate the max time the client will accept the response which exceed the expiration time. No value means accept any stale response.


Indicate the min time the client will accept the response whose age is no greater than this value.


In poor network connectivity, a client may want a cache to return only those responses that it currently has stored, and not to reload or revalidate with the origin server. If it receives this directive, a cache SHOULD either respond using a cached entry that is consistent with the other constraints of the request, or respond with a 504 (Gateway Timeout) status.

response directive


The content could be store on shared cache used by other request.


The content could "NOT" be store on shared cache used by other request. Need to consider "Authorization" header.


if a message includes the no-transform directive, an intermediate cache or proxy MUST NOT change those headers that are listed in headers below as being subject to the no-transform directive. This implies that the cache or proxy MUST NOT change any aspect of the entity-body that is specified by these headers, including the value of the entity-body itself.

A proxy MUST NOT modfiy following fields if "no-transform" cache-control directive:

  • Content-Encoding
  • Content-Range
  • Content-Type

When the must-revalidate directive is present in a response received by a cache, that cache MUST NOT use the entry after it becomes stale to respond to a subsequent request without first revalidating it with the origin server.
If the cache cannot reach the origin server for any reason, it MUST generate a 504 (Gateway Timeout) response. Servers SHOULD send the must-revalidate directive if and only if failure to revalidate a request on the entity could result in incorrect operation, such as a silently unexecuted financial transaction.


Requiring proxies that service many users to revalidate each time (in order to make sure that each user has been authenticated). Note that such authenticated responses also need the public cache control directive in order to allow them to be cached at all.



It gives the date/time after which the response is considered stale. If an origin server wishes to force any HTTP/1.1 cache, no matter how it is configured, to validate every request, it SHOULD use the "must- revalidate" cache-control directive


A GET method with an If-Modified-Since header and no Range header requests that the identified entity be transferred only if it has been modified since the date given by the If-Modified-Since header.
The Range request-header field modifies the meaning of If-Modified-Since; see section 14.35 for full details.


If none of the entity tags match, or if "*" is given and no current entity exists, the server MUST NOT perform the requested method, and MUST return a 412 (Precondition Failed) response.


If any of the entity tags match the entity tag of the entity that would have been returned in the response to a similar GET request (without the If-None-Match header) on that resource, or if "*" is given and any current entity exists for that resource, then the server MUST NOT perform the requested method.



It indicate what other field need to be considered to check cache (all field need to be the same). A Vary field value of "*" implies that a cache cannot determine from the request headers of a subsequent request whether this response is the appropriate representation.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License