1

I've read this excellent article about Cache-Control HTTP Headers: https://www.mnot.net/cache_docs/#CACHE-CONTROL

I was wondering what would happen with the following header:

Cache-Control: no-store, public

Would the public header take precedence over the no-store header, or vice versa?

Would the header that takes precedence vary from one browser to another?

I understand that to have both no-store and public Cache-Control headers may not be advisable, but for arguments sake what would happen if they were both present.

Thanks in advance for any guidance.

Improve this question

3 Answers 3

Reset to default
2

Find some of the main code regarding this question from Google Chrome Browser below.

isPubliclyCacheable: function(resource)
{
    if (this._isExplicitlyNonCacheable(resource))
        return false;

    if (this.responseHeaderMatch(resource, "Cache-Control", "public"))
        return true;

    return resource.url.indexOf("?") == -1 && !this.responseHeaderMatch(resource, "Cache-Control", "private");
}


_isExplicitlyNonCacheable: function(resource)
{
    var hasExplicitExp = this.hasExplicitExpiration(resource);
    return this.responseHeaderMatch(resource, "Cache-Control", "(no-cache|no-store|must-revalidate)") ||
        this.responseHeaderMatch(resource, "Pragma", "no-cache") ||
        (hasExplicitExp && !this.freshnessLifetimeGreaterThan(resource, 0)) ||
        (!hasExplicitExp && resource.url && resource.url.indexOf("?") >= 0) ||
        (!hasExplicitExp && !this.isCacheableResource(resource));
}

According to the code some of the directives have more priority than the other and "no-store" is among them so in your case (Cache-Control: "public, no-store" or "no-store, public") no-store will get higher priority.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Via the RFC 7234. Given:

Cache-Control: no-store, public

no-store is the Response Cache-Control Directive (RFC 7234, Section 5.2.2). It states that the response should not be stored.

public is an extension.

The Cache-Control header field can be extended through the use of one or more cache-extension tokens, each with an optional value. A cache MUST ignore unrecognized cache directives.

Since public isn't a known extension to no-store, it is ignored.

Improve this answer

1 Comment

Although it is true no-store takes precedence (see my answer), it is false that the public directive is a cache-control extension. immutable, stale-while-revalidate and stale-if-error, those are extensions.
0

I've shortened down the section of the HTTP Caching specification that relates to your use case (See https://www.rfc-editor.org/rfc/rfc7234#section-3):

A cache MUST NOT store a response to any request, unless:

the "no-store" cache directive (see Section 5.2) does not appear in request or response header fields, and

the response either:

contains a Cache Control Extension (see Section 5.2.3) that allows it to be cached, or contains a public response directive (see Section 5.2.2.5).

contains a public response directive (see Section 5.2.2.5).

In short, no-store takes precedence over public.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.