Are both "Cache request directives" and "Cache response directives" needed?

Question

If I already have "Cache request directives," what is the point of "Cache response directives." Do they add anything? Will my application run the same without them?

I looking for proof whether "Cache response directives" are redundant. If they are redundant, I will not bother with them.

GC_

Answer 1

I assume you are asking as an application developer and if so, you should not bother with any Cache-Control header your application receives in a request.

Why? Because that Cache-Control header is intended for caches before the request reaches your application. It is not for your application.

This is explained in RFC7234 Section 5.2 (emphasis mine):

The "Cache-Control" header field is used to specify directives for caches along the request/response chain.

The purpose of the header is to tell caches what to do with the request. Your application receives the header because it is attached to a request. But just because you receive it, it doesn't mean it is for you.

Bottom line: ignore any Cache-Control header in a request.

Cache-Control in a response comes from your application and it is also intended for caches. You use it to tell caches what to do with the response. Basically, you use the header to specify whether the response is cacheable and if it is, for how long. It is not merely a copy of the Cache-Control header received in a request.

Do they add anything?

Yes, they do. Cache-Control in a response tells caches whether the response is cacheable and if it is, it allows caches to serve an equivalent request immediately with a cached response. This reduces your application's load and improves response times from a client's point of view.

RFC7234 Section 4.2 states:

When a response is "fresh" in the cache, it can be used to satisfy subsequent requests without contacting the origin server, thereby improving efficiency.

Your next question:

Will my application run the same without them?

It depends. If your application doesn't add appropriate Cache-Control header for responses that must not be cached, future requests may receive stale responses. So, I recommend that at the very least, add Cache-Control: no-cache to responses that must not be cached.

Additional explanation for your question in the comment section

The header should generally come from your backend, not your frontend. This allows caches to accurately accelerates requests to your backend and keeps your frontend request code simple. There is one exception: if the backend isn't yours and its response freshness policy doesn't match your requirement.

An example scenario may be in order:

Let's say, that in addition to sending requests to your own backend, your frontend also sends requests to someone else's backend. This particular backend specifies that its responses are cacheable for at most 5 minutes, by either sending Cache-Control: max-age=300 or appropriate Expires header.

Let's also say, that you want the responses to be no more than 10 seconds stale, because 5 minutes is too stale for you.

Since the backend isn't yours, you can't change the 5-minutes directive, but you can send your requests with Cache-Control: max-age=10 thereby forcing the caches to fetch a fresh response if a cached response is older than 10 seconds, despite the 5-minutes directive from the backend.

That is the appropriate situation to send Cache-Control header from your frontend: the backend isn't yours and its response freshness policy doesn't match your requirement.

Answer 2

Are both "Cache request directives" and "Cache response directives" needed?

Yes. Cache-Control in request header and Cache-Control in response header are both needed. Even if you already have Cache-Control in request header, Cache-Control in response is not redundant. They are 2 different things. According to RFC7234:

cache directives are unidirectional in that the presence of a directive in a request does not imply that the same directive is to be given in the response.

Generally speaking, Cache-Control in response header controls the cache behaviour from resource provider's point of view. -- should the resource stored in cache? How long would it be valid? When requested, does it need to be revalidated? etc. As response headers can be configured for all HTTP requests, "Cache response directives" provides a way to define cache policy for all resources.

Cache-Control in request header, however, controls the cache behaviour from resource consumer's point of view. It's more like defining exceptional case where the cache policy of specific resource should be adjusted. If you check RFC7234, most of the "Request Cache-Control Directives" indicates that the client is willing to... or indicates that the client is unwilling to...

Also, as request headers can only be configured in some cases (e.g. Ajax), "Cache request directives" doesn't exist for many HTTP requests. For example, after HTML file is parsed, many HTTP requests will be created to fetch static resources (image files, css files etc.), there is no way to configure Cache-Control header for these requests manually in program.

If I already have "Cache request directives", what is the point of "Cache response directives"?

If you only have "Cache request directives" and never get Cache-Control response header, some problems will happen:

1. Without Cache-Control response header, the cache behaviour of all resources are decided by browser (e.g. calculate valid-time through LM-Factor algorithm). In the worst case, there would be no cache at all.
2. For static resources (e.g. image files, css files), as you can't configure Cache-Control in request, you lost cache control ability.