patternjavascriptMajor
Cache-Control Directives: max-age vs s-maxage vs no-cache vs no-store
Viewed 0 times
cache-controlno-storeno-cachemax-ages-maxagecdn cachinghttp headers
Problem
Setting
Cache-Control: no-cache does not prevent caching — it forces revalidation. Developers use it expecting no caching at all, then see stale responses from CDNs.Solution
Know the four key directives:
no-store: never cache, everno-cache: cache but always revalidate before servingmax-age=N: browser may cache for N secondss-maxage=N: CDN/shared cache may cache for N seconds (overrides max-age for proxies)
// Never cache sensitive data
res.setHeader('Cache-Control', 'no-store');
// Cache in browser 1h, CDN 24h
res.setHeader('Cache-Control', 'max-age=3600, s-maxage=86400');
// Always revalidate
res.setHeader('Cache-Control', 'no-cache');Why
no-cache is a confusing name from HTTP/1.0 era. It means 'do not serve without revalidating', not 'do not cache'. no-store is the directive that truly prevents storage.Gotchas
privateprevents shared caches (CDNs) from caching but still allows browser caching.must-revalidateonly applies after the max-age has expired, unlikeno-cachewhich revalidates every time.- Omitting Cache-Control lets heuristic caching apply — browsers may cache for up to 10% of the Last-Modified age.
Revisions (0)
No revisions yet.