Difference between no-cache and must-revalidate

Question

From the RFC 2616  http   www w3 org Protocols rfc2616 rfc2616-sec14 html sec14 9 1     no-cache      If the no-cache directive does not specify a field-name  then a cache   MUST NOT use the response to satisfy a subsequent request without   successful revalidation with the origin server  This allows an origin   server to prevent caching even by caches that have been configured to   return stale responses to client requests    So it directs agents to revalidate all responses   Compared this to     must-revalidate      When the must-revalidate directive is present in a response received   by a cache  that cache MUST NOT use the entry after it becomes stale   to respond to a subsequent request without first revalidating it with   the origin server   So it directs agents to revalidate stale responses   Particularly with regard to no-cache  is this how user agents actually  empirically treat this directive   What s the point of no-cache if there s must-revalidate and max-age   See this comment   http   palpapers plynt com issues 2008Jul cache-control-attributes      no-cache      Though this directive sounds like it is instructing the browser not to   cache the page  there   s a subtle difference  The    no-cache    directive    according to the RFC  tells the browser that it should revalidate with   the server before serving the page from the cache  Revalidation is a   neat technique that lets the application conserve band-width  If the   page the browser has cached has not changed  the server just signals   that to the browser and the page is displayed from the cache  Hence    the browser  in theory  at least   stores the page in its cache  but   displays it only after revalidating with the server  In practice  IE   and Firefox have started treating the no-cache directive as if it   instructs the browser not to even cache the page  We started observing   this behavior about a year ago  We suspect that this change was   prompted by the widespread  and incorrect  use of this directive to   prevent caching    Has anyone got anything more official on this   Update     The must-revalidate directive ought to be used by servers if and only if failure to validate a request on the representation could result in incorrect operation  such as a silently unexecuted financial transaction    That s something I ve never taken to heart until now  The RFC is saying not to use must-revalidate lightly  The thing is  with web services  you have to take a negative view and assume the worst for your unknown client apps  Any stale resource has the potential to cause a problem   And something else I ve just considered  without Last-Modified or ETags  the browser can only fetch the whole resource again  However with ETags  I ve observed that Chrome at least seems to revalidate on every request  Which makes both these directives moot or at least poorly named since they can t properly revalidate unless the request also includes other headers that then cause  always revalidate  anyway   I just want to make that last point clearer  By just setting must-revalidate but not including either an ETag or Last-Modified  the agent can only get the content again since it has nothing to send to the server to compare   However  my empirical testing has shown that when ETag or modified header data is included in responses  the agents always revalidate anyway  regardless of the presence of the must-revalidate header   So the point of must-revalidate is to force a  bypass cache  when it goes stale  which can only happen when you have set a lifetime age  thus if must-revalidate is set on a response with no age or other headers  it effectively becomes equivalent to no-cache since the response will be considered immediately stale   -- So I m going to finally mark Gili s answer

User · Accepted Answer

I believe that must-revalidate means       Once the cache expires  refuse to return stale responses to the user   even if they say that stale responses are acceptable    Whereas no-cache implies       must-revalidate plus the fact the response becomes stale right away    If a response is cacheable for 10 seconds  then must-revalidate kicks in after 10 seconds  whereas no-cache implies must-revalidate after 0 seconds   At least  that s my interpretation

User · Answer

With Jeffrey Fox s interpretation about no-cache  i ve tested under chrome 52 0 2743 116 m  the result shows that no-cache has the same behavior as must-revalidate  they all will NOT use local cache when server is unreachable  and  they all will use cache while tap browser s Back Forward button when server is unreachable  As above  i think max-age 0  must-revalidate is identical to no-cache  at least in implementation

User · Answer

Agreed with part of  Jeffrey Fox s answer   max-age 0  must-revalidate and no-cache aren t exactly identical   Not agreed with this part   With no-cache  it would just show the cached content  which would be probably preferred by the user  better to have something stale than nothing at all    What should implementations do when cache-control  no-cache revalidation failed is just not specified in the RFC document  It s all up to implementations  They may throw a 504 error like cache-control  must-revalidate or just serve a stale copy from cache

User · Answer

max-age 0  must-revalidate and no-cache aren t exactly identical  With must-revalidate  if the server doesn t respond to a revalidation request  the browser proxy is supposed to return a 504 error  With no-cache  it would just show the cached content  which would be probably preferred by the user  better to have something stale than nothing at all   This is why must-revalidate is intended for critical transactions only

User · Answer

I think there is a difference between max-age 0  must-revalidate and no-cache    In the must-revalidate case the client is allowed to send a If-Modified-Since request and serve the response from cache if 304 Not Modified is returned    In the no-cache case  the client must not cache the response  so should not use If-Modified-Since

[http] Difference between no-cache and must-revalidate

Examples related to http

Examples related to cache-control