Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Access-Control-Max-Age vs Cache-Control

Tags:

What is the difference between Access-Control-Max-Age and Cache-Control within a http response header?

Access-Control-Max-Age:1728000 Cache-Control:max-age=21600, public

I have the feeling that they do not refer to the same thing, as often they appear together and sometimes with different values.

If they do both appear within a http header, but contain different values, would this be valid?

like image 824
Radderz Avatar asked Nov 21 '16 23:11

Radderz

1 Answers

What is the difference between Access-Control-Max-Age and Cache-Control within a http response header?

These headers are used in different contexts and for different purposes:

  • Cache-Control is used in a wide general context, to specify the maximum amount of time a resource will be considered fresh.

  • Access-Control-Max-Age is used in CORS preflight requests. It indicates how long the results of a preflight request can be cached. The results in this case is the content of the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers.

In other words, these values concern the freshness of different things. Cache-Control's max-age= is for the resource downloaded, Access-Control-Max-Age is for content in other header fields.

I have the feeling that they do not refer to the same thing, as often they appear together and sometimes with different values.

As explained earlier, they refer to completely different things. Seeing them together is probably just coincidence. Setting Cache-Control's max-age is generally recommended when applicable. Setting Access-Control-Max-Age doesn't seem terribly important, as browsers likely set sensible default values.

If they do both appear within a http header, but contain different values, would this be valid?

As these headers are unrelated, this is valid. However, the value Access-Control-Max-Age: 1728000 in your example is a bit strange, as browsers typically limit this to much smaller values (Firefox caps this at 24 hours (86400 seconds) and Chromium at 10 minutes (600 seconds)). Chromium also specifies a default value of 5 seconds.

Addendum by @Filippos:

Also note that Access-Control-Max-Age can only be used (meaningfully) in preflight requests, that employ HTTP OPTIONS. At the same time HTTP spec (RFC 7231) does not permit caching in HTTP OPTIONS request ("Responses to the OPTIONS method are not cacheable"), so in essence, for HTTP OPTIONS, you are left only with Access-Control-Max-Age

like image 161
janos Avatar answered Oct 29 '22 00:10

janos
Sign in to Comment

Related questions

Google Play services out of date. Requires 10084000 but found 9879470. Can't update
No colon after property name in object declaration, is it valid? [duplicate]
Complete list of JVM options [duplicate]
React Router v4 Redirect unit test
Multiple repeated `in` keyword [duplicate]
unittest installation error Could not find a version that satisfies the requirement
Is there a performance cost for not declaring the "type" attribute in the <style> tag?
Parameter vs Argument Python
How to insert QChartView in form with Qt Designer?
Why is char[][] = {{...}, {...}} not possible if explicitly given a multidimensional array?
How to print a char array in C through printf? [closed]
How to disable precompiled views in net core 2.1+ / net 5 for debugging?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!