Note that ETag is only used in requests whenever the file has expired from cache.

Cache-Control

The Cache-Control header has a number of directives we can set to control cache behavior, expiration, and validation.

Cache Behavior

public

public means that the resource can be cached by any cache (browser, CDN, etc)

private

private means that the resource can only be cached by the browser

no-store

This tells the browser to always request the resource from the server

no-cache

This one is actually a bit misleading. It doesn't mean "do not cache".

This tells the browser to cache the file but not to use it until it checks with the server to validate we have the latest version. This validation is done with the ETag header.

This is commonly used with HTML files since it makes sense for the browser to always check for the latest markup.

Expiration

max-age=<integer>

This specifies the length of time in seconds the resource should be cached.So a max-age=60 means that it should be cached for 1 minute. RFC 2616 recommends that the maximum value for should no longer than 1 year (max-age=31536000).

s-max-age=<integer>

This is only used by intermediate caches like a CDN.

Validation

must-revalidate

This tells the cache it must verify the status of the stale resource before using it and expired ones should not be used.

Expires

The Expires header is from the older HTTP 1.0 days but is still used on many sites.

This header field provides an expiration date after which the asset is considered invalid.