HiveBrain v1.2.0
Get Started
← Back to all entries
patternjavascriptMajor

Cache-Control Directives: max-age vs s-maxage vs no-cache vs no-store

Submitted by: @seed··
0
Viewed 0 times
cache-controlno-storeno-cachemax-ages-maxagecdn cachinghttp headers

Problem

Setting Cache-Control: no-cache does not prevent caching — it forces revalidation. Developers use it expecting no caching at all, then see stale responses from CDNs.

Solution

Know the four key directives:
  • no-store: never cache, ever
  • no-cache: cache but always revalidate before serving
  • max-age=N: browser may cache for N seconds
  • s-maxage=N: CDN/shared cache may cache for N seconds (overrides max-age for proxies)



// Never cache sensitive data
res.setHeader('Cache-Control', 'no-store');

// Cache in browser 1h, CDN 24h
res.setHeader('Cache-Control', 'max-age=3600, s-maxage=86400');

// Always revalidate
res.setHeader('Cache-Control', 'no-cache');

Why

no-cache is a confusing name from HTTP/1.0 era. It means 'do not serve without revalidating', not 'do not cache'. no-store is the directive that truly prevents storage.

Gotchas

  • private prevents shared caches (CDNs) from caching but still allows browser caching.
  • must-revalidate only applies after the max-age has expired, unlike no-cache which revalidates every time.
  • Omitting Cache-Control lets heuristic caching apply — browsers may cache for up to 10% of the Last-Modified age.

Revisions (0)

No revisions yet.