What is Cache-Control private

Question

When I visit chesseng herokuapp com I get a response header that looks like  Cache-Control private Connection keep-alive Content-Encoding gzip Content-Type text css Date Tue  16 Oct 2012 06 37 53 GMT Last-Modified Tue  16 Oct 2012 03 13 38 GMT Status 200 OK transfer-encoding chunked Vary Accept-Encoding X-Rack-Cache miss   and then I refresh the page and get  Cache-Control private Connection keep-alive Date Tue  16 Oct 2012 06 20 49 GMT Status 304 Not Modified X-Rack-Cache miss   so it seems like caching is working  If that works for caching then what is the point of Expires and Cache-Control max-age  To add to confusion  when I test the page at https   developers google com speed pagespeed insights  it tells me to  Leverage browser caching

User · Answer

The Expires entity-header field gives the date/time after which the response is considered stale.The Cache-control:maxage field gives the age value (in seconds) bigger than which response is consider stale.

Althought above header field give a mechanism to client to decide whether to send request to the server. In some condition, the client send a request to sever and the age value of response is bigger then the maxage value ,dose it means server needs to send the resource to client? Maybe the resource never changed.

In order to resolve this problem, HTTP1.1 gives last-modifided head. The server gives the last modified date of the response to client. When the client need this resource, it will send If-Modified-Since head field to server. If this date is before the modified date of the resouce, the server will sends the resource to client and gives 200 code.Otherwise,it will returns 304 code to client and this means client can use the resource it cached.

User · Answer

Cache-Control  private      Indicates that all or part of the response message is intended for a single user and MUST NOT be cached by a shared cache  such as a proxy server    From RFC2616 section 14 9 1

User · Answer

RFC 2616  section 14 9 1      Indicates that all or part of the response message is intended for a single user and MUST NOT be cached by a shared cache   A private  non-shared  cache MAY cache the response      Browsers could use this information  Of course  the current  user  may mean many things  OS user  a browser user  e g  Chrome s profiles   etc  It s not specified   For me  a more concrete example of Cache-Control  private is that proxy servers  which typically have many users  won t cache it  It is meant for the end user  and no one else     FYI  the RFC makes clear that this does not provide security  It is about showing the correct content  not securing content      This usage of the word private only controls where the response may be cached  and cannot ensure the privacy of the message content

User · Answer

To answer your question about why caching is working  even though the web-server didn t include the headers    Expires   a date  Cache-Control  max-age  seconds    The server kindly asked any intermediate proxies to not cache the contents  i e  the item should only be cached in a private cache  i e  only on your own local machine     Cache-Control  private   But the server forgot to include any sort of caching hints     they forgot to include Expires  so the browser knows to use the cached copy until that date they forgot to include Max-Age  so the browser knows how long the cached item is good for they forgot to include E-Tag  so the browser can do a conditional request   But they did include a  Last-Modified date in the response   Last-Modified  Tue  16 Oct 2012 03 13 38 GMT   Because the browser knows the date the file was modified  it can perform a conditional request  It will ask the server for the file  but instruct the server to only send the file if it has been modified since 2012 10 16 3 13 38   GET   HTTP 1 1 If-Modified-Since  Tue  16 Oct 2012 03 13 38 GMT   The server receives the request  realizes that the client has the most recent version already  Rather than sending the client 200 OK  followed by the contents of the page  instead it tells you that your cached version is good   304 Not Modified   Your browser did have to suffer the delay of sending a request to the server  and wait for a response  but it did save having to re-download the static content   Why Max-Age  Why Expires   Because Last-Modified sucks   Not everything on the server has a date associated with it  If I m building a page on the fly  there is no date associated with it - it s now  But I m perfectly willing to let the user cache the homepage for 15 seconds   200 OK Cache-Control  max-age 15   If the user hammers F5  they ll keep getting the cached version for 15 seconds  If it s a corporate proxy  then all 67198 users hitting the same page in the same 15-second window will all get the same contents - all served from close cache  Performance win for everyone   The virtue of adding Cache-Control  max-age is that the browser doesn t even have to perform a conditional request    if you specified only Last-Modified  the browser has to perform a request If-Modified-Since  and watch for a 304 Not Modified response if you specified max-age  the browser won t even have to suffer the network round-trip  the content will come right out of the caches   The difference between  Cache-Control  max-age  and  Expires   Expires is a legacy equivalent of the modern  c  1998  Cache-Control  max-age header    Expires  you specify a date  yuck  max-age  you specify seconds  goodness  And if both are specified  then the browser uses max-age   200 OK Cache-Control  max-age 60 Expires  20180403T192837     Any web-site written after 1998 should not use Expires anymore  and instead use max-age   What is ETag   ETag is similar to Last-Modified  except that it doesn t have to be a date - it just has to be a something    If I m pulling a list of products out of a database  the server can send the last rowversion as an ETag  rather than a date   200 OK ETag   247986    My ETag can be the SHA1 hash of a static resource  e g  image  js  css  font   or of the cached rendered page  i e  this is what the Mozilla MDN wiki does  they hash the final markup    200 OK ETag   33a64df551425fcc55e4d42a148795d9f25f89d4    And exactly like in the case of a conditional request based on Last-Modified   GET   HTTP 1 1 If-Modified-Since  Tue  16 Oct 2012 03 13 38 GMT  304 Not Modified   I can perform a conditional request based on the ETag   GET   HTTP 1 1 If-None-Match   33a64df551425fcc55e4d42a148795d9f25f89d4   304 Not Modified   An ETag is superior to Last-Modified because it works for things besides files  or things that have a notion of date  It just is

[http] What is Cache-Control: private?

Examples related to http

Examples related to caching

Examples related to http-headers

Examples related to browser-cache

Examples related to cache-control