Understand HTTP caching and validation
Follow the decisions a cache makes from storage through freshness and validator-based reuse.
- caching
- freshness
- validation
Caching is a sequence of decisions
A cache first decides whether it can store a response. For a later request, it decides whether a stored response matches, whether it is fresh, and whether it can be reused directly, reused while stale under an explicit allowance, or validated with the origin.
“Cached” is therefore incomplete evidence. Record which cache acted and which decision it made.
HTTP/1.1 200 OK
Cache-Control: max-age=300
ETag: "manual-v4"
Vary: Accept-Encoding
Content-Type: text/html
Expected result: an eligible cache can treat the response as fresh for 300
seconds, match stored variants using Accept-Encoding, and later use the entity
tag for validation. These fields do not prove that every cache stored it.
Freshness allows reuse without contacting the origin
An explicit freshness lifetime can come from s-maxage, max-age, or Expires
according to cache type and precedence. A fresh stored response can usually be
reused without validation. Its current age includes time across upstream caches,
not merely time since the browser received it.
A stale response is not automatically deleted or wrong. It normally needs validation before reuse unless a request, response, disconnected operation, or cache extension permits stale reuse.
Validation asks whether the selected representation changed
Validators include entity tags and modification dates. A client sends a
precondition such as If-None-Match with a stored validator. If the condition
allows reuse for GET or HEAD, the server can return 304 Not Modified without
response content, and the cache updates applicable stored metadata.
Validation is a network exchange. It can save representation transfer but still has request latency. Freshness and validation solve different parts of reuse.
no-cache is not no-store
no-cache permits storage but requires successful validation before reuse. The
no-store directive tells caches not to store the request or response under its
defined scope. Neither directive is a substitute for transport security or a
complete privacy design.
Find the responsible cache
Browsers, service workers, forward proxies, reverse proxies, and CDNs can each
cache. Compare Age, standard cache fields, relevant vendor fields, and controlled
requests. A purge can remove evidence; identify the layer and key before changing
policy.
