loading...

What Cache-Control headers do I need?

neilmadden profile image Neil Madden ・1 min read

Understanding caching is an important part of web development. From a performance point of view, you don’t want a client to be downloading the same large file again and again. But from a security point of view, you don’t want sensitive data, such as users’ personal details, cached by shared web proxies and served to other users.

There are many aspects to HTTP caching, but the one that’s always confused me the most is the Cache-Control header. There are so many options! When should I use each one? Why does no-cache not mean “disable caching”??!

To help myself remember what all the options do I made this little flowchart. Hopefully you’ll find it useful too. If you spot an error, please contribute on GitHub. And if somebody wants to make a prettier version, please do! (Just credit me).

A flowchart of Cache-Control header options

PDF version

Discussion

pic
Editor guide
Collapse
mikaelgramont profile image
Mikael Gramont

Thank you for sharing this, it's always such a pain to read the RFC.