In my understanding, both of the two directives mean the cache server will ask the original server to revalidate the request from the client browser. What is the difference between these two directives?
The "proxy-revalidate" response directive has the same meaning as the must-revalidate response directive, except that it does not apply to private caches. (Emphasis added.)
As above, i think max-age=0, must-revalidate is identical to no-cache, at least in implementation. max-age=0, must-revalidate and no-cache aren't exactly identical. With no-cache, it would just show the cached content, which would be probably preferred by the user (better to have something stale than nothing at all).
When the must-revalidate directive is present in a response received by a cache, that cache MUST NOT use the entry after it becomes stale to respond to a subsequent request without first revalidating it with the origin server. So it directs agents to revalidate stale responses.
By just setting must-revalidate but not including either an ETag or Last-Modified, the agent can only get the content again since it has nothing to send to the server to compare.
RFC 7234, section 5.2.2.7, explains:
The "proxy-revalidate" response directive has the same meaning as the must-revalidate response directive, except that it does not apply to private caches.
(Emphasis added.) An earlier version of the spec went on to describe how that might be used:
It can be used on a response to an authenticated request to permit the user's cache to store and later return the response without needing to revalidate it (since it has already been authenticated once by that user), while still requiring proxies that service many users to revalidate each time (in order to make sure that each user has been authenticated). Note that such authenticated responses also need the public cache control directive in order to allow them to be cached at all.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With