Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

IIS/ASP.NET responds with cache-control: private for all requests

Why does all responses from ASP.NET contain Cache-Control: private? Even a 404 response? Is there something in IIS that sets this default value, and is there a way to configure it? Or is there something in ASP.NET that sets this?

For dynamic content (that is, all MVC results) I would not like it to be cached by the browser, since it is dynamic and can change at any time. Static content is hosted on a CDN, so is not served by IIS.

Edit:

To clarify, I understand very well what Cache-Control: private is, the difference between private, public, no-store, etc and how/when to use them. The question I have is why Cache-Control: private is added by default by IIS/ASP.NET and how to prevent it from being added by default. I understand that it can be useful to cache dynamic pages, but in my application I don't want to cache dynamic pages/responses. For example, I don't want XHR JSON responses to be cached, since they contain dynamic content. Unfortunately the server adds Cache-Control: private to all responses automatically, so I have to manually override it everywhere.

How to reproduce: Open visual studio and create a new ASP.NET Framework (yes, framework, no not Core. We are not able to migrate our system to core yet) solution with an MVC project. Now start the project in IIS Express (just press the play button), and use F12 devtools in the browser to look at the http response. You will see that it contains Cache-Control: private. My question is, what adds this header, and how can I prevent it from being added by default?

enter image description here

like image 972
Marius Avatar asked Nov 10 '17 14:11

Marius


People also ask

What is Cache-Control private?

Cache-Control: PrivateThe private response directive indicates that a resource is user specific—it can still be cached, but only on a client device. For example, a web page response marked as private can be cached by a desktop browser, but not a content delivery network (CDN).

How can set Cache-Control no store in asp net?

The first line sets Cache-control to no-cache , and the second line adds the other attributes no-store, must-revalidate . This may not be the only way, but does provide an alternative method if the more straightforward Response. AppendHeader("Cache-control", "no-cache, no-store, must-revalidate"); fails.


Video Answer


1 Answers

Adding my bit to the great answers, given by community;

1. http caching header attrubute Cache-Control: private is added by default by IIS/ASP.NET ?

Cache request directives

Standard Cache-Control directives that can be used by the client in an HTTP request.

    Cache-Control: max-age=<seconds>
    Cache-Control: max-stale[=<seconds>]
    Cache-Control: min-fresh=<seconds>
    Cache-Control: no-cache 
    Cache-Control: no-store
    Cache-Control: no-transform
    Cache-Control: only-if-cached

Cache response directives

Standard Cache-Control directives that can be used by the server in an HTTP response.

    Cache-Control: must-revalidate
    Cache-Control: no-cache
    Cache-Control: no-store
    Cache-Control: no-transform
    Cache-Control: public
    Cache-Control: private
    Cache-Control: proxy-revalidate
    Cache-Control: max-age=<seconds>
    Cache-Control: s-maxage=<seconds>

IIS uses the secure and more obvious/useful one for default, which happens to be private

2. how to prevent it from being added by default?

IIS/asp.net allows this to be configured from the day it was introduced like this, ref1, ref2, ref3, ref4 and

System.Web Namespace

The System.Web namespace supplies classes and interfaces that enable browser-server communication. This namespace includes the System.Web.HttpRequest class, which provides extensive information about the current HTTP request; the System.Web.HttpResponse class, which manages HTTP output to the client; and the System.Web.HttpServerUtility class, which provides access to server-side utilities and processes. System.Web also includes classes for cookie manipulation, file transfer, exception information, and output cache control.

protected void Application_BeginRequest()
{
  Context.Response.Cache.SetCacheability(HttpCacheability.NoCache);
}
like image 103
Anil Avatar answered Nov 13 '22 19:11

Anil