Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Make IE cache the resources but always revalidate

The cache control header "no-cache, must-revalidate, private" allows browsers to cache the resource but forces a revalidate with conditional requests. This works as expected in FF, Safari, and Chrome.

However, IE7+8 does not send a conditional request, that is, "If-Modified-Since" is missing in the request header and hence the server responds with HTTP/200 instead of HTTP/304.

Here are the full server response headers:

Last-Modified: Wed, 16 Feb 2011 13:52:26 GMT Content-type: text/html;charset=utf-8 Content-Length: 10835 Date: Wed, 16 Feb 2011 13:52:26 GMT Connection: keep-alive Cache-Control: no-cache, must-revalidate, private 

This seems like an IE bug, but I haven't found anything related on the web, so I wonder whether maybe the absence or existence of another header makes IE behave strangely?

A good discussion of the difference between no-cache and max-age: What's the difference between Cache-Control: max-age=0 and no-cache?

like image 479
alienhard Avatar asked Feb 16 '11 14:02

alienhard


People also ask

What does cache-control must revalidate mean?

The must-revalidate response directive indicates that the response can be stored in caches and can be reused while fresh. If the response becomes stale, it must be validated with the origin server before reuse. Typically, must-revalidate is used with max-age .

How to set cache-control no-cache?

To use cache-control in HTML, you use the meta tag, e.g. The value in the content field is defined as one of the four values below. HTTP 1.1. Allowed values = PUBLIC | PRIVATE | NO-CACHE | NO-STORE.

What is cache-control max-age 0?

The header Cache-Control: max-age=0 implies that the content is considered stale (and must be re-fetched) immediately, which is in effect the same thing as Cache-Control: no-cache .

What does cache-control no-cache do?

Cache-Control: No-Cache The no-cache directive means that a browser may cache a response, but must first submit a validation request to an origin server.


1 Answers

I've eventually figured it out. Here is an explanation and a tested solution.

The following site confirms my observation: http://blog.httpwatch.com/2008/10/15/two-important-differences-between-firefox-and-ie-caching/

It says that IE does not locally store pages with the 'no-cache' directive and hence always sends an unconditional request.

There's also a MS support article - https://support.microsoft.com/help/234067/ - which confirms this:

"Internet Explorer supports the HTTP 1.1 Cache-Control header, which prevents all caching of a particular Web resource when the no-cache value is specified..."

This behavior is not entirely wrong -- but it is not what RFC 2616 (sec. 14.9.1) intended. About 'no-cache' it says "... a cache MUST NOT use the response to satisfy a subsequent request without successful revalidation with the origin server." So the response CAN be cached but MUST revalidate it. The major browsers, except for IE, do cache the response and revalidate it. To prevent storing the request, there's the 'no-store' Cache-Control directive.

In summary, IE treats 'no-cache' as 'no-store'.

And here's the solution to enable conditional requests for IE and the other browsers in a consistent way:

Don't use no-cache, but instead set the Expires header to the past (or -1, which has the same effect). IE, as well as the other major browsers, will then send conditional requests. (Note, you should also be aware of the IE Vary header bug, which prevents caching.)

These are the critical header fields:

Last-Modified: Wed, 16 Feb 2011 13:52:26 GMT Expires: -1 Cache-Control: must-revalidate, private 
  • Last-Modified (or ETag) is needed as a validator
  • Expires -1 tells that the resource is stale and must be revalidated
  • Cache-Control must not include no-cache or no-store
like image 175
alienhard Avatar answered Oct 06 '22 13:10

alienhard