βΉοΈ Skipped - page is already crawled
| Filter | Status | Condition | Details |
|---|---|---|---|
| HTTP status | PASS | download_http_code = 200 | HTTP 200 |
| Age cutoff | PASS | download_stamp > now() - 6 MONTH | 0 months ago |
| History drop | PASS | isNull(history_drop_reason) | No drop reason |
| Spam/ban | PASS | fh_dont_index != 1 AND ml_spam_score = 0 | ml_spam_score=0 |
| Canonical | PASS | meta_canonical IS NULL OR = '' OR = src_unparsed | Not set |
| Property | Value |
|---|---|
| URL | https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control |
| Last Crawled | 2026-04-11 10:50:13 (15 hours ago) |
| First Indexed | 2025-03-14 01:07:15 (1 year ago) |
| HTTP Status Code | 200 |
| Meta Title | Cache-Control header - HTTP | MDN |
| Meta Description | The HTTP Cache-Control header holds directives (instructions) in both requests and responses that control caching in browsers and shared caches (e.g., Proxies, CDNs). |
| Meta Canonical | null |
| Boilerpipe Text | Syntax
http
Cache-Control: <directive>, <directive>, ...
Cache directives follow these rules:
Caching directives are case-insensitive. However, lowercase is recommended because some implementations do not recognize uppercase directives.
Multiple directives are permitted and must be comma-separated (e.g.,
Cache-control: max-age=180, public
).
Some directives have an optional argument. When an argument is provided, it is separated from the directive name by an equals symbol (
=
). Typically, arguments for the directives are integers and are therefore not enclosed in quote characters (e.g.,
Cache-control: max-age=12
).
Cache directives
The following table lists the standard
Cache-Control
directives:
Request
Response
max-age
max-age
max-stale
-
min-fresh
-
-
s-maxage
no-cache
no-cache
no-store
no-store
no-transform
no-transform
only-if-cached
-
-
must-revalidate
-
proxy-revalidate
-
must-understand
-
private
-
public
-
immutable
-
stale-while-revalidate
stale-if-error
stale-if-error
Note: Check the
compatibility table
for their support; user agents that don't recognize them should ignore them.
Vocabulary
This section defines the terms used in this document, some of which are from the specification.
(HTTP) cache
Implementation that holds requests and responses for reusing in subsequent requests. It can be either a shared cache or a private cache.
Shared cache
Cache that exists between the origin server and clients (e.g., Proxy, CDN). It stores a single response and reuses it with multiple users β so developers should avoid storing personalized contents to be cached in the shared cache.
Private cache
Cache that exists in the client. It is also called
local cache
or
browser cache
. It can store and reuse personalized content for a single user.
Store response
Store a response in caches when the response is cacheable. However, the cached response is not always reused as-is. (Usually, "cache" means storing a response.)
Reuse response
Reuse cached responses for subsequent requests.
Revalidate response
Ask the origin server whether or not the stored response is still
fresh
. Usually, the revalidation is done through a conditional request.
Fresh response
Indicates that the response is
fresh
. This usually means the response can be reused for subsequent requests, depending on request directives.
Stale response
Indicates that the response is a
stale response
. This usually means the response can't be reused as-is. Cache storage isn't required to remove stale responses immediately because revalidation could change the response from being stale to being
fresh
again.
Age
The time since a response was generated. It is a criterion for whether a response is
fresh or stale
.
Directives
This section lists directives that affect caching β both response directives and request directives.
Response Directives
max-age
The
max-age=N
response directive indicates that the response remains
fresh
until
N
seconds after the response is generated.
http
Cache-Control: max-age=604800
Indicates that caches can store this response and reuse it for subsequent requests while it's
fresh
.
Note that
max-age
is not the elapsed time since the response was received; it is the elapsed time since the response was generated on the origin server.
So if the other cache(s) β on the network route taken by the response β store the response for 100 seconds (indicated using the
Age
response header field), the browser cache would deduct 100 seconds from its
freshness lifetime
.
If the
max-age
value is negative (for example,
-1
) or isn't an integer (for example,
3599.99
), then the caching behavior is unspecified. Caches are encouraged to treat the value as if it were
0
(this is noted in the
Calculating Freshness Lifetime
section of the HTTP specification).
http
Cache-Control: max-age=604800
Age: 100
s-maxage
The
s-maxage
response directive indicates how long the response remains
fresh
in a shared cache.
The
s-maxage
directive is ignored by private caches, and overrides the value specified by the
max-age
directive or the
Expires
header for shared caches, if they are present.
http
Cache-Control: s-maxage=604800
no-cache
The
no-cache
response directive indicates that the response can be stored in caches, but the response must be validated with the origin server before each reuse, even when the cache is disconnected from the origin server.
http
Cache-Control: no-cache
If you want caches to always check for content updates while reusing stored content,
no-cache
is the directive to use. It does this by requiring caches to revalidate each request with the origin server.
Note that
no-cache
does not mean "don't cache".
no-cache
allows caches to store a response but requires them to revalidate it before reuse. If the sense of "don't cache" that you want is actually "don't store", then
no-store
is the directive to use.
must-revalidate
The
must-revalidate
response directive indicates that the response can be stored in caches and can be reused while
fresh
. If the response becomes
stale
, it must be validated with the origin server before reuse.
Typically,
must-revalidate
is used with
max-age
.
http
Cache-Control: max-age=604800, must-revalidate
HTTP allows caches to reuse
stale responses
when they are disconnected from the origin server.
must-revalidate
is a way to prevent this from happening - either the stored response is revalidated with the origin server or a 504 (Gateway Timeout) response is generated.
proxy-revalidate
The
proxy-revalidate
response directive is the equivalent of
must-revalidate
, but specifically for shared caches only.
no-store
The
no-store
response directive indicates that any caches of any kind (private or shared) should not store this response.
http
Cache-Control: no-store
private
The
private
response directive indicates that the response can be stored only in a private cache (e.g., local caches in browsers).
http
Cache-Control: private
You should add the
private
directive for user-personalized content, especially for responses received after login and for sessions managed via cookies.
If you forget to add
private
to a response with personalized content, then that response can be stored in a shared cache and end up being reused for multiple users, which can cause personal information to leak.
public
The
public
response directive indicates that the response can be stored in a shared cache. Responses for requests with
Authorization
header fields must not be stored in a shared cache; however, the
public
directive will cause such responses to be stored in a shared cache.
http
Cache-Control: public
In general, when pages are under Basic Auth or Digest Auth, the browser sends requests with the
Authorization
header. This means that the response is access-controlled for restricted users (who have accounts), and it's fundamentally not shared-cacheable, even if it has
max-age
.
You can use the
public
directive to unlock that restriction.
http
Cache-Control: public, max-age=604800
Note that
s-maxage
or
must-revalidate
also unlock that restriction.
If a request doesn't have an
Authorization
header, or you are already using
s-maxage
or
must-revalidate
in the response, then you don't need to use
public
.
must-understand
The
must-understand
response directive indicates that a cache should store the response only if it understands the requirements for caching based on status code.
must-understand
should be coupled with
no-store
for fallback behavior.
http
Cache-Control: must-understand, no-store
If a cache doesn't support
must-understand
, it will be ignored. If
no-store
is also present, the response isn't stored.
If a cache supports
must-understand
, it stores the response with an understanding of cache requirements based on its status code.
no-transform
Some intermediaries transform content for various reasons. For example, some convert images to reduce transfer size. In some cases, this is undesirable for the content provider.
no-transform
indicates that any intermediary (regardless of whether it implements a cache) shouldn't transform the response contents.
immutable
The
immutable
response directive indicates that the response will not be updated while it's
fresh
.
http
Cache-Control: public, max-age=604800, immutable
A modern best practice for static resources is to include version/hashes in their URLs, while never modifying the resources β but instead, when necessary,
updating
the resources with newer versions that have new version-numbers/hashes, so that their URLs are different. That's called the
cache-busting
pattern.
html
<script src="https://example.com/react.0.0.0.js"></script>
When a user reloads the browser, the browser will send conditional requests for validating to the origin server. But it's not necessary to revalidate those kinds of static resources even when a user reloads the browser, because they're never modified.
immutable
tells a cache that the response is immutable while it's
fresh
and avoids those kinds of unnecessary conditional requests to the server.
When you use a cache-busting pattern for resources and apply them to a long
max-age
, you can also add
immutable
to avoid revalidation.
stale-while-revalidate
The
stale-while-revalidate
response directive indicates that the cache could reuse a stale response while it revalidates it to a cache.
http
Cache-Control: max-age=604800, stale-while-revalidate=86400
In the example above, the response is
fresh
for 7 days (604800s).
After 7 days it becomes
stale
, but the cache is allowed to reuse it for any requests that are made in the following day (86400s), provided that they revalidate the response in the background.
Revalidation will make the cache be
fresh
again, so it appears to clients that it was always
fresh
during that period β effectively hiding the latency penalty of revalidation from them.
If no request happened during that period, the cache became
stale
and the next request will revalidate normally.
stale-if-error
The
stale-if-error
response directive indicates that the cache can reuse a
stale response
when an upstream server generates an error, or when the error is generated locally. Here, an error is considered any response with a status code of 500, 502, 503, or 504.
http
Cache-Control: max-age=604800, stale-if-error=86400
In the example above, the response is
fresh
for 7 days (604800s). Afterwards, it becomes
stale
, but can be used for an extra 1 day (86400s) when an error is encountered.
After the stale-if-error period passes, the client will receive any error generated.
Request Directives
no-cache
The
no-cache
request directive asks caches to validate the response with the origin server before reuse.
http
Cache-Control: no-cache
no-cache
allows clients to request the most up-to-date response even if the cache has a
fresh
response.
Browsers usually add
no-cache
to requests when users are
force reloading
a page.
no-store
The
no-store
request directive allows a client to request that caches refrain from storing the request and corresponding response β even if the origin server's response could be stored.
http
Cache-Control: no-store
max-age
The
max-age=N
request directive indicates that the client allows a stored response that is generated on the origin server within
N
seconds β where
N
may be any non-negative integer (including
0
).
http
Cache-Control: max-age=10800
In the case above, if the response with
Cache-Control: max-age=10800
was generated more than 3 hours ago (calculated from
max-age
and the
Age
header), the cache couldn't reuse that response.
Many browsers use this directive for
reloading
, as explained below.
http
Cache-Control: max-age=0
max-age=0
is a workaround for
no-cache
, because many old (HTTP/1.0) cache implementations don't support
no-cache
. Recently browsers are still using
max-age=0
in "reloading" β for backward compatibility β and alternatively using
no-cache
to cause a "force reloading".
If the
max-age
value is negative (for example,
-1
) or isn't an integer (for example,
3599.99
), then the caching behavior is unspecified. Caches are encouraged to treat the value as if it were
0
.
max-stale
The
max-stale=N
request directive indicates that the client allows a stored response that is
stale
within
N
seconds.
If no
N
value is specified, the client will accept a stale response of any age.
http
Cache-Control: max-stale=3600
For example, a request with the header above indicates that the browser will accept a stale response from the cache that has expired within the last hour.
Clients can use this header when the origin server is down or too slow and can accept cached responses from caches even if they are a bit old.
Note that the major browsers do not support requests with
max-stale
.
min-fresh
The
min-fresh=N
request directive indicates that the client allows a stored response that is
fresh
for at least
N
seconds.
http
Cache-Control: min-fresh=600
In the case above, if the response with
Cache-Control: max-age=3600
was stored in caches 51 minutes ago, the cache couldn't reuse that response.
Clients can use this header when the user requires the response to not only be
fresh
, but also requires that it won't be updated for a period of time.
Note that the major browsers do not support requests with
min-fresh
.
no-transform
Same meaning that
no-transform
has for a response, but for a request instead.
only-if-cached
The client indicates that an already-cached response should be returned. If a cache has a stored response, even a stale one, it will be returned. If no cached response is available, a
504 Gateway Timeout
response will be returned.
stale-if-error
The
stale-if-error
request directive indicates that the browser is interested in receiving stale content on error from any intermediate server for a particular origin.
This is not supported by any browser (see
Browser compatibility
).
Use Cases
Preventing storing
If you don't want a response stored in caches, use the
no-store
directive.
http
Cache-Control: no-store
Note that
no-cache
means "it can be stored but don't reuse before validating" β so it's not for preventing a response from being stored.
http
Cache-Control: no-cache
In theory, if directives are conflicted, the most restrictive directive should be honored. So the example below is basically meaningless because
private
,
no-cache
,
max-age=0
and
must-revalidate
conflict with
no-store
.
http
# conflicted
Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate
# equivalent to
Cache-Control: no-store
Caching static assets with "cache busting"
When you build static assets with versioning/hashing mechanisms, adding a version/hash to the filename or query string is a good way to manage caching.
For example:
html
<!-- index.html -->
<script src="/assets/react.min.js"></script>
<img src="/assets/hero.png" width="900" height="400" />
The React library version will change when you update the library, and
hero.png
will also change when you edit the picture. So those are hard to store in a cache with
max-age
.
In such a case, you could address the caching needs by using a specific, numbered version of the library, and including the hash of the picture in its URL.
html
<!-- index.html -->
<script src="/assets/react.0.0.0min.js"></script>
<img src="/assets/hero.png?hash=deadbeef" width="900" height="400" />
You can add a long
max-age
value and
immutable
because the content will never change.
http
# /assets/*
Cache-Control: max-age=31536000, immutable
When you update the library or edit the picture, new content should have a new URL, and caches aren't reused. That is called the "cache busting" pattern.
Use a
no-cache
to make sure that the HTML response itself is not cached.
no-cache
could cause revalidation, and the client will correctly receive a new version of the HTML response and static assets.
http
# /index.html
Cache-Control: no-cache
Note: If
index.html
is controlled under Basic Authentication or Digest Authentication, files under
/assets
are not stored in the shared cache. If
/assets/
files are suitable for storing in a shared cache, you also need one of
public
,
s-maxage
or
must-revalidate
.
Up-to-date contents always
For content that's generated dynamically, or that's static but updated often, you want a user to always receive the most up-to-date version.
If you don't add a
Cache-Control
header because the response is not intended to be cached, that could cause an unexpected result. Cache storage is allowed to cache it heuristically β so if you have any requirements on caching, you should always indicate them explicitly, in the
Cache-Control
header.
Adding
no-cache
to the response causes revalidation to the server, so you can serve a
fresh
response every time β or if the client already has a new one, just respond
304 Not Modified
.
http
Cache-Control: no-cache
Most HTTP/1.0 caches don't support
no-cache
directives, so historically
max-age=0
was used as a workaround. But only
max-age=0
could cause a
stale response
to be reused when caches disconnected from the origin server.
must-revalidate
addresses that. That's why the example below is equivalent to
no-cache
.
http
Cache-Control: max-age=0, must-revalidate
But for now, you can simply use
no-cache
instead.
Clearing an already-stored cache
There are no cache directives for clearing already-stored responses from caches on
intermediate
servers.
Imagine that clients/caches store a
fresh
response for a path, with no request flight to the server. There is nothing a server could do to that path.
Clear-Site-Data: cache
can be used to clear every stored response for a site in the browser cache, so use this with care.
Note that this will not affect shared or intermediate caches.
Specifications
Specification
HTTP Caching
# field.cache-control
HTTP Immutable Responses
# the-immutable-cache-control-extension
Browser compatibility
See also
HTTP caching
Caching Tutorial for Web Authors and Webmasters
Caching best practices & max-age gotchas
Cache-Control for Civilians
RFC 9111 β HTTP Caching
RFC 5861 β HTTP Cache-Control Extensions for Stale Content
RFC 8246 β HTTP Immutable Responses |
| Markdown | - [Skip to main content](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#content)
- [Skip to search](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#search)
HTML
[HTML: Markup language](https://developer.mozilla.org/en-US/docs/Web/HTML)
HTML reference
- [Elements](https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements)
- [Global attributes](https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Global_attributes)
- [Attributes](https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Attributes)
- [See allβ¦](https://developer.mozilla.org/en-US/docs/Web/HTML/Reference "See all HTML references")
HTML guides
- [Responsive images](https://developer.mozilla.org/en-US/docs/Web/HTML/Guides/Responsive_images)
- [HTML cheatsheet](https://developer.mozilla.org/en-US/docs/Web/HTML/Guides/Cheatsheet)
- [Date & time formats](https://developer.mozilla.org/en-US/docs/Web/HTML/Guides/Date_and_time_formats)
- [See allβ¦](https://developer.mozilla.org/en-US/docs/Web/HTML/Guides "See all HTML guides")
Markup languages
- [SVG](https://developer.mozilla.org/en-US/docs/Web/SVG)
- [MathML](https://developer.mozilla.org/en-US/docs/Web/MathML)
- [XML](https://developer.mozilla.org/en-US/docs/Web/XML)
CSS
[CSS: Styling language](https://developer.mozilla.org/en-US/docs/Web/CSS)
CSS reference
- [Properties](https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Properties)
- [Selectors](https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Selectors)
- [At-rules](https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/At-rules)
- [Values](https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Values)
- [See allβ¦](https://developer.mozilla.org/en-US/docs/Web/CSS/Reference "See all CSS references")
CSS guides
- [Box model](https://developer.mozilla.org/en-US/docs/Web/CSS/Guides/Box_model/Introduction)
- [Animations](https://developer.mozilla.org/en-US/docs/Web/CSS/Guides/Animations/Using)
- [Flexbox](https://developer.mozilla.org/en-US/docs/Web/CSS/Guides/Flexible_box_layout/Basic_concepts)
- [Colors](https://developer.mozilla.org/en-US/docs/Web/CSS/Guides/Colors/Applying_color)
- [See allβ¦](https://developer.mozilla.org/en-US/docs/Web/CSS/Guides "See all CSS guides")
Layout cookbook
- [Column layouts](https://developer.mozilla.org/en-US/docs/Web/CSS/How_to/Layout_cookbook/Column_layouts)
- [Centering an element](https://developer.mozilla.org/en-US/docs/Web/CSS/How_to/Layout_cookbook/Center_an_element)
- [Card component](https://developer.mozilla.org/en-US/docs/Web/CSS/How_to/Layout_cookbook/Card)
- [See allβ¦](https://developer.mozilla.org/en-US/docs/Web/CSS/How_to/Layout_cookbook)
JavaScriptJS
[JavaScript: Scripting language](https://developer.mozilla.org/en-US/docs/Web/JavaScript)
JS reference
- [Standard built-in objects](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects)
- [Expressions & operators](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators)
- [Statements & declarations](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements)
- [Functions](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Functions)
- [See allβ¦](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference "See all JavaScript references")
JS guides
- [Control flow & error handing](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Control_flow_and_error_handling)
- [Loops and iteration](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Loops_and_iteration)
- [Working with objects](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Working_with_objects)
- [Using classes](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Using_classes)
- [See allβ¦](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide "See all JavaScript guides")
Web APIs
[Web APIs: Programming interfaces](https://developer.mozilla.org/en-US/docs/Web/API)
Web API reference
- [File system API](https://developer.mozilla.org/en-US/docs/Web/API/File_System_API)
- [Fetch API](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API)
- [Geolocation API](https://developer.mozilla.org/en-US/docs/Web/API/Geolocation_API)
- [HTML DOM API](https://developer.mozilla.org/en-US/docs/Web/API/HTML_DOM_API)
- [Push API](https://developer.mozilla.org/en-US/docs/Web/API/Push_API)
- [Service worker API](https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API)
- [See allβ¦](https://developer.mozilla.org/en-US/docs/Web/API "See all Web API guides")
Web API guides
- [Using the Web animation API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Animations_API/Using_the_Web_Animations_API)
- [Using the Fetch API](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch)
- [Working with the History API](https://developer.mozilla.org/en-US/docs/Web/API/History_API/Working_with_the_History_API)
- [Using the Web speech API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API/Using_the_Web_Speech_API)
- [Using web workers](https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Using_web_workers)
All
[All web technology](https://developer.mozilla.org/en-US/docs/Web)
Technologies
- [Accessibility](https://developer.mozilla.org/en-US/docs/Web/Accessibility)
- [HTTP](https://developer.mozilla.org/en-US/docs/Web/HTTP)
- [URI](https://developer.mozilla.org/en-US/docs/Web/URI)
- [Web extensions](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions)
- [WebAssembly](https://developer.mozilla.org/en-US/docs/WebAssembly)
- [WebDriver](https://developer.mozilla.org/en-US/docs/Web/WebDriver)
- [See allβ¦](https://developer.mozilla.org/en-US/docs/Web "See all web technology references")
Topics
- [Media](https://developer.mozilla.org/en-US/docs/Web/Media)
- [Performance](https://developer.mozilla.org/en-US/docs/Web/Performance)
- [Privacy](https://developer.mozilla.org/en-US/docs/Web/Privacy)
- [Security](https://developer.mozilla.org/en-US/docs/Web/Security)
- [Progressive web apps](https://developer.mozilla.org/en-US/docs/Web/Progressive_web_apps)
Learn
[Learn web development](https://developer.mozilla.org/en-US/docs/Learn_web_development)
Frontend developer course
- [Getting started modules](https://developer.mozilla.org/en-US/docs/Learn_web_development/Getting_started)
- [Core modules](https://developer.mozilla.org/en-US/docs/Learn_web_development/Core)
- [MDN Curriculum](https://developer.mozilla.org/en-US/curriculum/)
- [Check out the video course from Scrimba, our partner](https://scrimba.com/frontend-path-c0j?via=mdn-learn-navbar)
Learn HTML
- [Structuring content with HTML module](https://developer.mozilla.org/en-US/docs/Learn_web_development/Core/Structuring_content)
Learn CSS
- [CSS styling basics module](https://developer.mozilla.org/en-US/docs/Learn_web_development/Core/Styling_basics)
- [CSS layout module](https://developer.mozilla.org/en-US/docs/Learn_web_development/Core/CSS_layout)
Learn JavaScript
- [Dynamic scripting with JavaScript module](https://developer.mozilla.org/en-US/docs/Learn_web_development/Core/Scripting)
Tools
Discover our tools
- [Playground](https://developer.mozilla.org/en-US/play)
- [HTTP Observatory](https://developer.mozilla.org/en-US/observatory)
- [Border-image generator](https://developer.mozilla.org/en-US/docs/Web/CSS/Guides/Backgrounds_and_borders/Border-image_generator)
- [Border-radius generator](https://developer.mozilla.org/en-US/docs/Web/CSS/Guides/Backgrounds_and_borders/Border-radius_generator)
- [Box-shadow generator](https://developer.mozilla.org/en-US/docs/Web/CSS/Guides/Backgrounds_and_borders/Box-shadow_generator)
- [Color format converter](https://developer.mozilla.org/en-US/docs/Web/CSS/Guides/Colors/Color_format_converter)
- [Color mixer](https://developer.mozilla.org/en-US/docs/Web/CSS/Guides/Colors/Color_mixer)
- [Shape generator](https://developer.mozilla.org/en-US/docs/Web/CSS/Guides/Shapes/Shape_generator)
About
Get to know MDN better
- [About MDN](https://developer.mozilla.org/en-US/about)
- [Advertise with us](https://developer.mozilla.org/en-US/advertising)
- [Community](https://developer.mozilla.org/en-US/community)
- [MDN on GitHub](https://github.com/mdn)
[Blog](https://developer.mozilla.org/en-US/blog/)
1. [Web](https://developer.mozilla.org/en-US/docs/Web)
2. [HTTP](https://developer.mozilla.org/en-US/docs/Web/HTTP)
3. [Reference](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference)
4. [Headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers)
5. [Cache-Control](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control)
# Cache-Control header
Baseline Widely available
This feature is well established and works across many devices and browser versions. Itβs been available across browsers since July 2015.
- [Learn more](https://developer.mozilla.org/en-US/docs/Glossary/Baseline/Compatibility)
- [See full compatibility](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#browser_compatibility)
- [Report feedback](https://survey.alchemer.com/s3/7634825/MDN-baseline-feedback?page=%2Fen-US%2Fdocs%2FWeb%2FHTTP%2FReference%2FHeaders%2FCache-Control&level=high)
The HTTP **`Cache-Control`** header holds *directives* (instructions) in both requests and responses that control [caching](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching) in browsers and shared caches (e.g., Proxies, CDNs).
| | |
|---|---|
| Header type | [Request header](https://developer.mozilla.org/en-US/docs/Glossary/Request_header), [Response header](https://developer.mozilla.org/en-US/docs/Glossary/Response_header) |
| [Forbidden request header](https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_request_header) | No |
| [CORS-safelisted response header](https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_response_header) | Yes |
## In this article
- [Syntax](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#syntax)
- [Vocabulary](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#vocabulary)
- [Directives](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#directives)
- [Use Cases](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#use_cases)
- [Specifications](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#specifications)
- [Browser compatibility](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#browser_compatibility)
- [See also](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#see_also)
## [Syntax](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#syntax)
http
```
Cache-Control: <directive>, <directive>, ...
```
Cache directives follow these rules:
- Caching directives are case-insensitive. However, lowercase is recommended because some implementations do not recognize uppercase directives.
- Multiple directives are permitted and must be comma-separated (e.g., `Cache-control: max-age=180, public`).
- Some directives have an optional argument. When an argument is provided, it is separated from the directive name by an equals symbol (`=`). Typically, arguments for the directives are integers and are therefore not enclosed in quote characters (e.g., `Cache-control: max-age=12`).
### [Cache directives](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#cache_directives)
The following table lists the standard `Cache-Control` directives:
| Request | Response |
|---|---|
| `max-age` | `max-age` |
| `max-stale` | \- |
| `min-fresh` | \- |
| \- | `s-maxage` |
| `no-cache` | `no-cache` |
| `no-store` | `no-store` |
| `no-transform` | `no-transform` |
| `only-if-cached` | \- |
| \- | `must-revalidate` |
| \- | `proxy-revalidate` |
| \- | `must-understand` |
| \- | `private` |
| \- | `public` |
| \- | `immutable` |
| \- | `stale-while-revalidate` |
| `stale-if-error` | `stale-if-error` |
Note: Check the [compatibility table](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#browser_compatibility) for their support; user agents that don't recognize them should ignore them.
## [Vocabulary](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#vocabulary)
This section defines the terms used in this document, some of which are from the specification.
[(HTTP) cache](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#http_cache)
Implementation that holds requests and responses for reusing in subsequent requests. It can be either a shared cache or a private cache.
[Shared cache](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#shared_cache)
Cache that exists between the origin server and clients (e.g., Proxy, CDN). It stores a single response and reuses it with multiple users β so developers should avoid storing personalized contents to be cached in the shared cache.
[Private cache](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#private_cache)
Cache that exists in the client. It is also called *local cache* or *browser cache*. It can store and reuse personalized content for a single user.
[Store response](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#store_response)
Store a response in caches when the response is cacheable. However, the cached response is not always reused as-is. (Usually, "cache" means storing a response.)
[Reuse response](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#reuse_response)
Reuse cached responses for subsequent requests.
[Revalidate response](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#revalidate_response)
Ask the origin server whether or not the stored response is still [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age). Usually, the revalidation is done through a conditional request.
[Fresh response](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#fresh_response)
Indicates that the response is [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age). This usually means the response can be reused for subsequent requests, depending on request directives.
[Stale response](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#stale_response)
Indicates that the response is a [stale response](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age). This usually means the response can't be reused as-is. Cache storage isn't required to remove stale responses immediately because revalidation could change the response from being stale to being [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) again.
[Age](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#age)
The time since a response was generated. It is a criterion for whether a response is [fresh or stale](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age).
## [Directives](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#directives)
This section lists directives that affect caching β both response directives and request directives.
### [Response Directives](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#response_directives)
#### `max-age`
The `max-age=N` response directive indicates that the response remains [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) until *N* seconds after the response is generated.
http
```
Cache-Control: max-age=604800
```
Indicates that caches can store this response and reuse it for subsequent requests while it's [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age).
Note that `max-age` is not the elapsed time since the response was received; it is the elapsed time since the response was generated on the origin server. So if the other cache(s) β on the network route taken by the response β store the response for 100 seconds (indicated using the `Age` response header field), the browser cache would deduct 100 seconds from its [freshness lifetime](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age).
If the `max-age` value is negative (for example, `-1`) or isn't an integer (for example, `3599.99`), then the caching behavior is unspecified. Caches are encouraged to treat the value as if it were `0` (this is noted in the [Calculating Freshness Lifetime](https://httpwg.org/specs/rfc9111.html#calculating.freshness.lifetime) section of the HTTP specification).
http
```
Cache-Control: max-age=604800
Age: 100
```
#### `s-maxage`
The `s-maxage` response directive indicates how long the response remains [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) in a shared cache. The `s-maxage` directive is ignored by private caches, and overrides the value specified by the `max-age` directive or the `Expires` header for shared caches, if they are present.
http
```
Cache-Control: s-maxage=604800
```
#### `no-cache`
The `no-cache` response directive indicates that the response can be stored in caches, but the response must be validated with the origin server before each reuse, even when the cache is disconnected from the origin server.
http
```
Cache-Control: no-cache
```
If you want caches to always check for content updates while reusing stored content, `no-cache` is the directive to use. It does this by requiring caches to revalidate each request with the origin server.
Note that `no-cache` does not mean "don't cache". `no-cache` allows caches to store a response but requires them to revalidate it before reuse. If the sense of "don't cache" that you want is actually "don't store", then `no-store` is the directive to use.
#### `must-revalidate`
The `must-revalidate` response directive indicates that the response can be stored in caches and can be reused while [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age). If the response becomes [stale](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age), it must be validated with the origin server before reuse.
Typically, `must-revalidate` is used with `max-age`.
http
```
Cache-Control: max-age=604800, must-revalidate
```
HTTP allows caches to reuse [stale responses](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) when they are disconnected from the origin server. `must-revalidate` is a way to prevent this from happening - either the stored response is revalidated with the origin server or a 504 (Gateway Timeout) response is generated.
#### `proxy-revalidate`
The `proxy-revalidate` response directive is the equivalent of `must-revalidate`, but specifically for shared caches only.
#### `no-store`
The `no-store` response directive indicates that any caches of any kind (private or shared) should not store this response.
http
```
Cache-Control: no-store
```
#### `private`
The `private` response directive indicates that the response can be stored only in a private cache (e.g., local caches in browsers).
http
```
Cache-Control: private
```
You should add the `private` directive for user-personalized content, especially for responses received after login and for sessions managed via cookies.
If you forget to add `private` to a response with personalized content, then that response can be stored in a shared cache and end up being reused for multiple users, which can cause personal information to leak.
#### `public`
The `public` response directive indicates that the response can be stored in a shared cache. Responses for requests with `Authorization` header fields must not be stored in a shared cache; however, the `public` directive will cause such responses to be stored in a shared cache.
http
```
Cache-Control: public
```
In general, when pages are under Basic Auth or Digest Auth, the browser sends requests with the `Authorization` header. This means that the response is access-controlled for restricted users (who have accounts), and it's fundamentally not shared-cacheable, even if it has `max-age`.
You can use the `public` directive to unlock that restriction.
http
```
Cache-Control: public, max-age=604800
```
Note that `s-maxage` or `must-revalidate` also unlock that restriction.
If a request doesn't have an `Authorization` header, or you are already using `s-maxage` or `must-revalidate` in the response, then you don't need to use `public`.
#### `must-understand`
The `must-understand` response directive indicates that a cache should store the response only if it understands the requirements for caching based on status code.
`must-understand` should be coupled with `no-store` for fallback behavior.
http
```
Cache-Control: must-understand, no-store
```
If a cache doesn't support `must-understand`, it will be ignored. If `no-store` is also present, the response isn't stored.
If a cache supports `must-understand`, it stores the response with an understanding of cache requirements based on its status code.
#### `no-transform`
Some intermediaries transform content for various reasons. For example, some convert images to reduce transfer size. In some cases, this is undesirable for the content provider.
`no-transform` indicates that any intermediary (regardless of whether it implements a cache) shouldn't transform the response contents.
#### `immutable`
The `immutable` response directive indicates that the response will not be updated while it's [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age).
http
```
Cache-Control: public, max-age=604800, immutable
```
A modern best practice for static resources is to include version/hashes in their URLs, while never modifying the resources β but instead, when necessary, *updating* the resources with newer versions that have new version-numbers/hashes, so that their URLs are different. That's called the **cache-busting** pattern.
html
```
<script src="https://example.com/react.0.0.0.js"></script>
```
When a user reloads the browser, the browser will send conditional requests for validating to the origin server. But it's not necessary to revalidate those kinds of static resources even when a user reloads the browser, because they're never modified. `immutable` tells a cache that the response is immutable while it's [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) and avoids those kinds of unnecessary conditional requests to the server.
When you use a cache-busting pattern for resources and apply them to a long `max-age`, you can also add `immutable` to avoid revalidation.
#### `stale-while-revalidate`
The `stale-while-revalidate` response directive indicates that the cache could reuse a stale response while it revalidates it to a cache.
http
```
Cache-Control: max-age=604800, stale-while-revalidate=86400
```
In the example above, the response is [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) for 7 days (604800s). After 7 days it becomes [stale](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age), but the cache is allowed to reuse it for any requests that are made in the following day (86400s), provided that they revalidate the response in the background.
Revalidation will make the cache be [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) again, so it appears to clients that it was always [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) during that period β effectively hiding the latency penalty of revalidation from them.
If no request happened during that period, the cache became [stale](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) and the next request will revalidate normally.
#### `stale-if-error`
The `stale-if-error` response directive indicates that the cache can reuse a [stale response](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) when an upstream server generates an error, or when the error is generated locally. Here, an error is considered any response with a status code of 500, 502, 503, or 504.
http
```
Cache-Control: max-age=604800, stale-if-error=86400
```
In the example above, the response is [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) for 7 days (604800s). Afterwards, it becomes [stale](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age), but can be used for an extra 1 day (86400s) when an error is encountered.
After the stale-if-error period passes, the client will receive any error generated.
### [Request Directives](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#request_directives)
#### `no-cache`
The `no-cache` request directive asks caches to validate the response with the origin server before reuse.
http
```
Cache-Control: no-cache
```
`no-cache` allows clients to request the most up-to-date response even if the cache has a [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) response.
Browsers usually add `no-cache` to requests when users are **force reloading** a page.
#### `no-store`
The `no-store` request directive allows a client to request that caches refrain from storing the request and corresponding response β even if the origin server's response could be stored.
http
```
Cache-Control: no-store
```
#### `max-age`
The `max-age=N` request directive indicates that the client allows a stored response that is generated on the origin server within *N* seconds β where *N* may be any non-negative integer (including `0`).
http
```
Cache-Control: max-age=10800
```
In the case above, if the response with `Cache-Control: max-age=10800` was generated more than 3 hours ago (calculated from `max-age` and the `Age` header), the cache couldn't reuse that response.
Many browsers use this directive for **reloading**, as explained below.
http
```
Cache-Control: max-age=0
```
`max-age=0` is a workaround for `no-cache`, because many old (HTTP/1.0) cache implementations don't support `no-cache`. Recently browsers are still using `max-age=0` in "reloading" β for backward compatibility β and alternatively using `no-cache` to cause a "force reloading".
If the `max-age` value is negative (for example, `-1`) or isn't an integer (for example, `3599.99`), then the caching behavior is unspecified. Caches are encouraged to treat the value as if it were `0`.
#### `max-stale`
The `max-stale=N` request directive indicates that the client allows a stored response that is [stale](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) within *N* seconds. If no *N* value is specified, the client will accept a stale response of any age.
http
```
Cache-Control: max-stale=3600
```
For example, a request with the header above indicates that the browser will accept a stale response from the cache that has expired within the last hour.
Clients can use this header when the origin server is down or too slow and can accept cached responses from caches even if they are a bit old.
Note that the major browsers do not support requests with `max-stale`.
#### `min-fresh`
The `min-fresh=N` request directive indicates that the client allows a stored response that is [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) for at least *N* seconds.
http
```
Cache-Control: min-fresh=600
```
In the case above, if the response with `Cache-Control: max-age=3600` was stored in caches 51 minutes ago, the cache couldn't reuse that response.
Clients can use this header when the user requires the response to not only be [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age), but also requires that it won't be updated for a period of time.
Note that the major browsers do not support requests with `min-fresh`.
#### `no-transform`
Same meaning that `no-transform` has for a response, but for a request instead.
#### `only-if-cached`
The client indicates that an already-cached response should be returned. If a cache has a stored response, even a stale one, it will be returned. If no cached response is available, a [504 Gateway Timeout](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/504) response will be returned.
#### `stale-if-error`
The `stale-if-error` request directive indicates that the browser is interested in receiving stale content on error from any intermediate server for a particular origin. This is not supported by any browser (see [Browser compatibility](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#browser_compatibility)).
## [Use Cases](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#use_cases)
### [Preventing storing](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#preventing_storing)
If you don't want a response stored in caches, use the `no-store` directive.
http
```
Cache-Control: no-store
```
Note that `no-cache` means "it can be stored but don't reuse before validating" β so it's not for preventing a response from being stored.
http
```
Cache-Control: no-cache
```
In theory, if directives are conflicted, the most restrictive directive should be honored. So the example below is basically meaningless because `private`, `no-cache`, `max-age=0` and `must-revalidate` conflict with `no-store`.
http
```
# conflicted
Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate
# equivalent to
Cache-Control: no-store
```
### [Caching static assets with "cache busting"](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#caching_static_assets_with_cache_busting)
When you build static assets with versioning/hashing mechanisms, adding a version/hash to the filename or query string is a good way to manage caching.
For example:
html
```
<!-- index.html -->
<script src="/assets/react.min.js"></script>
<img src="/assets/hero.png" width="900" height="400" />
```
The React library version will change when you update the library, and `hero.png` will also change when you edit the picture. So those are hard to store in a cache with `max-age`.
In such a case, you could address the caching needs by using a specific, numbered version of the library, and including the hash of the picture in its URL.
html
```
<!-- index.html -->
<script src="/assets/react.0.0.0min.js"></script>
<img src="/assets/hero.png?hash=deadbeef" width="900" height="400" />
```
You can add a long `max-age` value and `immutable` because the content will never change.
http
```
# /assets/*
Cache-Control: max-age=31536000, immutable
```
When you update the library or edit the picture, new content should have a new URL, and caches aren't reused. That is called the "cache busting" pattern.
Use a `no-cache` to make sure that the HTML response itself is not cached. `no-cache` could cause revalidation, and the client will correctly receive a new version of the HTML response and static assets.
http
```
# /index.html
Cache-Control: no-cache
```
Note: If `index.html` is controlled under Basic Authentication or Digest Authentication, files under `/assets` are not stored in the shared cache. If `/assets/` files are suitable for storing in a shared cache, you also need one of `public`, `s-maxage` or `must-revalidate`.
### [Up-to-date contents always](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#up-to-date_contents_always)
For content that's generated dynamically, or that's static but updated often, you want a user to always receive the most up-to-date version.
If you don't add a `Cache-Control` header because the response is not intended to be cached, that could cause an unexpected result. Cache storage is allowed to cache it heuristically β so if you have any requirements on caching, you should always indicate them explicitly, in the `Cache-Control` header.
Adding `no-cache` to the response causes revalidation to the server, so you can serve a [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) response every time β or if the client already has a new one, just respond `304 Not Modified`.
http
```
Cache-Control: no-cache
```
Most HTTP/1.0 caches don't support `no-cache` directives, so historically `max-age=0` was used as a workaround. But only `max-age=0` could cause a [stale response](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) to be reused when caches disconnected from the origin server. `must-revalidate` addresses that. That's why the example below is equivalent to `no-cache`.
http
```
Cache-Control: max-age=0, must-revalidate
```
But for now, you can simply use `no-cache` instead.
### [Clearing an already-stored cache](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#clearing_an_already-stored_cache)
There are no cache directives for clearing already-stored responses from caches on *intermediate* servers.
Imagine that clients/caches store a [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) response for a path, with no request flight to the server. There is nothing a server could do to that path.
[`Clear-Site-Data: cache`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Clear-Site-Data#cache) can be used to clear every stored response for a site in the browser cache, so use this with care. Note that this will not affect shared or intermediate caches.
## [Specifications](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#specifications)
| Specification |
|---|
| [HTTP Caching \# field.cache-control](https://httpwg.org/specs/rfc9111.html#field.cache-control) |
| [HTTP Immutable Responses \# the-immutable-cache-control-extension](https://httpwg.org/specs/rfc8246.html#the-immutable-cache-control-extension) |
## [Browser compatibility](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#browser_compatibility)
## [See also](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#see_also)
- [HTTP caching](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching)
- [Caching Tutorial for Web Authors and Webmasters](https://www.mnot.net/cache_docs/)
- [Caching best practices & max-age gotchas](https://jakearchibald.com/2016/caching-best-practices/)
- [Cache-Control for Civilians](https://csswizardry.com/2019/03/cache-control-for-civilians/)
- [RFC 9111 β HTTP Caching](https://httpwg.org/specs/rfc9111.html)
- [RFC 5861 β HTTP Cache-Control Extensions for Stale Content](https://httpwg.org/specs/rfc5861.html)
- [RFC 8246 β HTTP Immutable Responses](https://httpwg.org/specs/rfc8246.html)
## Help improve MDN
[Learn how to contribute](https://developer.mozilla.org/en-US/docs/MDN/Community/Getting_started)
This page was last modified on Nov 16, 2025 by [MDN contributors](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control/contributors.txt).
[View this page on GitHub](https://github.com/mdn/content/blob/main/files/en-us/web/http/reference/headers/cache-control/index.md?plain=1 "Folder: en-us/web/http/reference/headers/cache-control (Opens in a new tab)") β’ [Report a problem with this content](https://github.com/mdn/content/issues/new?template=page-report.yml&mdn-url=https%3A%2F%2Fdeveloper.mozilla.org%2Fen-US%2Fdocs%2FWeb%2FHTTP%2FReference%2FHeaders%2FCache-Control&metadata=%3C%21--+Do+not+make+changes+below+this+line+--%3E%0A%3Cdetails%3E%0A%3Csummary%3EPage+report+details%3C%2Fsummary%3E%0A%0A*+Folder%3A+%60en-us%2Fweb%2Fhttp%2Freference%2Fheaders%2Fcache-control%60%0A*+MDN+URL%3A+https%3A%2F%2Fdeveloper.mozilla.org%2Fen-US%2Fdocs%2FWeb%2FHTTP%2FReference%2FHeaders%2FCache-Control%0A*+GitHub+URL%3A+https%3A%2F%2Fgithub.com%2Fmdn%2Fcontent%2Fblob%2Fmain%2Ffiles%2Fen-us%2Fweb%2Fhttp%2Freference%2Fheaders%2Fcache-control%2Findex.md%0A*+Last+commit%3A+https%3A%2F%2Fgithub.com%2Fmdn%2Fcontent%2Fcommit%2Ffd4cf672d03417a8a391a74db10dfda3cb1e8443%0A*+Document+last+modified%3A+2025-11-16T23%3A18%3A00.000Z%0A%0A%3C%2Fdetails%3E "This will take you to GitHub to file a new issue.")
1. [HTTP](https://developer.mozilla.org/en-US/docs/Web/HTTP)
2. [Guides](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides)
3. [Overview of HTTP](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Overview)
4. [Evolution of HTTP](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Evolution_of_HTTP)
5. [A typical HTTP session](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Session)
6. [HTTP messages](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Messages)
7. [Media types](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/MIME_types)
1. [Common types](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/MIME_types/Common_types)
8. [Compression in HTTP](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Compression)
9. [HTTP caching](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching)
10. [HTTP authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Authentication)
11. [Using HTTP cookies](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies)
12. [Redirections in HTTP](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Redirections)
13. [Conditional requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Conditional_requests)
14. [Range requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Range_requests)
15. [Client hints](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Client_hints)
16. [User-Agent reduction](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/User-agent_reduction)
17. [Compression Dictionary Transport](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Compression_dictionary_transport)
Experimental
18. [Network Error Logging](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Network_Error_Logging)
Experimental
19. [Content negotiation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Content_negotiation)
1. [Default Accept values](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Content_negotiation/List_of_default_Accept_values)
20. [Browser detection using the UA string](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Browser_detection_using_the_user_agent)
21. [Connection management in HTTP/1.x](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Connection_management_in_HTTP_1.x)
22. [Protocol upgrade mechanism](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Protocol_upgrade_mechanism)
23. [Proxy servers and tunneling](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Proxy_servers_and_tunneling)
1. [Proxy Auto-Configuration (PAC) file](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_PAC_file)
24. Security and privacy
1. [HTTP Observatory](https://developer.mozilla.org/en-US/observatory)
2. [Practical implementation guides](https://developer.mozilla.org/en-US/docs/Web/Security/Practical_implementation_guides)
3. [Permissions Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Permissions_Policy)
Experimental
4. [Cross-Origin Resource Policy (CORP)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cross-Origin_Resource_Policy)
5. [IFrame credentialless](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/IFrame_credentialless)
Experimental
6. [Fetch metadata](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Fetch_metadata)
7. [Cross-Origin Resource Sharing (CORS)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS)
8. [CORS errors](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS/Errors)
1. [`Reason: CORS disabled`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS/Errors/CORSDisabled)
2. [`Reason: CORS header 'Access-Control-Allow-Origin' does not match 'xyz'`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS/Errors/CORSAllowOriginNotMatchingOrigin)
3. [`Reason: CORS header 'Access-Control-Allow-Origin' missing`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS/Errors/CORSMissingAllowOrigin)
4. [`Reason: CORS header 'Origin' cannot be added`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS/Errors/CORSOriginHeaderNotAdded)
5. [`Reason: CORS preflight channel did not succeed`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS/Errors/CORSPreflightDidNotSucceed)
6. [`Reason: CORS request did not succeed`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS/Errors/CORSDidNotSucceed)
7. [`Reason: CORS request external redirect not allowed`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS/Errors/CORSExternalRedirectNotAllowed)
8. [`Reason: CORS request not HTTP`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS/Errors/CORSRequestNotHttp)
9. [`Reason: Credential is not supported if the CORS header 'Access-Control-Allow-Origin' is '*'`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS/Errors/CORSNotSupportingCredentials)
10. [`Reason: Did not find method in CORS header 'Access-Control-Allow-Methods'`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS/Errors/CORSMethodNotFound)
11. [`Reason: expected 'true' in CORS header 'Access-Control-Allow-Credentials'`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS/Errors/CORSMIssingAllowCredentials)
12. [`Reason: invalid token 'xyz' in CORS header 'Access-Control-Allow-Headers'`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS/Errors/CORSInvalidAllowHeader)
13. [`Reason: invalid token 'xyz' in CORS header 'Access-Control-Allow-Methods'`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS/Errors/CORSInvalidAllowMethod)
14. [`Reason: missing token 'xyz' in CORS header 'Access-Control-Allow-Headers' from CORS preflight channel`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS/Errors/CORSMissingAllowHeaderFromPreflight)
15. [`Reason: Multiple CORS header 'Access-Control-Allow-Origin' not allowed`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS/Errors/CORSMultipleAllowOriginNotAllowed)
9. [Content Security Policy (CSP)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP)
1. [Errors and warnings](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP/Errors)
25. [Reference](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference)
26. [HTTP headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers)
1. [`Accept`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Accept)
2. [`Accept-CH`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Accept-CH)
3. [`Accept-Encoding`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Accept-Encoding)
4. [`Accept-Language`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Accept-Language)
5. [`Accept-Patch`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Accept-Patch)
6. [`Accept-Post`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Accept-Post)
7. [`Accept-Ranges`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Accept-Ranges)
8. [`Access-Control-Allow-Credentials`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Access-Control-Allow-Credentials)
9. [`Access-Control-Allow-Headers`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Access-Control-Allow-Headers)
10. [`Access-Control-Allow-Methods`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Access-Control-Allow-Methods)
11. [`Access-Control-Allow-Origin`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Access-Control-Allow-Origin)
12. [`Access-Control-Expose-Headers`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Access-Control-Expose-Headers)
13. [`Access-Control-Max-Age`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Access-Control-Max-Age)
14. [`Access-Control-Request-Headers`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Access-Control-Request-Headers)
15. [`Access-Control-Request-Method`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Access-Control-Request-Method)
16. [`Activate-Storage-Access`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Activate-Storage-Access)
17. [`Age`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Age)
18. [`Allow`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Allow)
19. [`Alt-Svc`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Alt-Svc)
20. [`Alt-Used`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Alt-Used)
21. [`Attribution-Reporting-Eligible`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Attribution-Reporting-Eligible)
Deprecated
22. [`Attribution-Reporting-Register-Source`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Attribution-Reporting-Register-Source)
Deprecated
23. [`Attribution-Reporting-Register-Trigger`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Attribution-Reporting-Register-Trigger)
Deprecated
24. [`Authorization`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Authorization)
25. [`Available-Dictionary`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Available-Dictionary)
Experimental
26. *[`Cache-Control`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control)*
27. [`Clear-Site-Data`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Clear-Site-Data)
28. [`Connection`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Connection)
29. [`Content-Digest`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Digest)
30. [`Content-Disposition`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Disposition)
31. [`Content-DPR`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-DPR)
Non-standard
Deprecated
32. [`Content-Encoding`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Encoding)
33. [`Content-Language`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Language)
34. [`Content-Length`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Length)
35. [`Content-Location`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Location)
36. [`Content-Range`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Range)
37. [`Content-Security-Policy`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy)
38. [`Content-Security-Policy-Report-Only`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy-Report-Only)
39. [`Content-Type`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Type)
40. [`Cookie`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cookie)
41. [`Critical-CH`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Critical-CH)
Experimental
42. [`Cross-Origin-Embedder-Policy`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy)
43. [`Cross-Origin-Embedder-Policy-Report-Only`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy-Report-Only)
44. [`Cross-Origin-Opener-Policy`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Opener-Policy)
45. [`Cross-Origin-Resource-Policy`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Resource-Policy)
46. [`Date`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Date)
47. [`Device-Memory`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Device-Memory)
Non-standard
Deprecated
48. [`Dictionary-ID`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Dictionary-ID)
Experimental
49. [`DNT`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/DNT)
Non-standard
Deprecated
50. [`Downlink`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Downlink)
Experimental
51. [`DPR`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/DPR)
Non-standard
Deprecated
52. [`Early-Data`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Early-Data)
Experimental
53. [`ECT`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/ECT)
Experimental
54. [`ETag`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/ETag)
55. [`Expect`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Expect)
56. [`Expect-CT`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Expect-CT)
Deprecated
57. [`Expires`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Expires)
58. [`Forwarded`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Forwarded)
59. [`From`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/From)
60. [`Host`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Host)
61. [`Idempotency-Key`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Idempotency-Key)
Experimental
62. [`If-Match`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/If-Match)
63. [`If-Modified-Since`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/If-Modified-Since)
64. [`If-None-Match`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/If-None-Match)
65. [`If-Range`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/If-Range)
66. [`If-Unmodified-Since`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/If-Unmodified-Since)
67. [`Integrity-Policy`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Integrity-Policy)
68. [`Integrity-Policy-Report-Only`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Integrity-Policy-Report-Only)
69. [`Keep-Alive`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Keep-Alive)
70. [`Last-Modified`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Last-Modified)
71. [`Link`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Link)
72. [`Location`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Location)
73. [`Max-Forwards`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Max-Forwards)
74. [`NEL`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/NEL)
Experimental
75. [`No-Vary-Search`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/No-Vary-Search)
Experimental
76. [`Observe-Browsing-Topics`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Observe-Browsing-Topics)
Non-standard
Deprecated
77. [`Origin`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Origin)
78. [`Origin-Agent-Cluster`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Origin-Agent-Cluster)
79. [`Permissions-Policy`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy)
Experimental
80. [`Pragma`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Pragma)
Deprecated
81. [`Prefer`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Prefer)
82. [`Preference-Applied`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Preference-Applied)
83. [`Priority`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Priority)
84. [`Proxy-Authenticate`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Proxy-Authenticate)
85. [`Proxy-Authorization`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Proxy-Authorization)
86. [`Range`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Range)
87. [`Referer`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Referer)
88. [`Referrer-Policy`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Referrer-Policy)
89. [`Refresh`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Refresh)
90. [`Report-To`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Report-To)
Non-standard
Deprecated
91. [`Reporting-Endpoints`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Reporting-Endpoints)
92. [`Repr-Digest`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Repr-Digest)
93. [`Retry-After`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Retry-After)
94. [`RTT`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/RTT)
Experimental
95. [`Save-Data`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Save-Data)
Experimental
96. [`Sec-Browsing-Topics`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-Browsing-Topics)
Non-standard
Deprecated
97. [`Sec-CH-Device-Memory`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-CH-Device-Memory)
Experimental
98. [`Sec-CH-DPR`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-CH-DPR)
Experimental
99. [`Sec-CH-Prefers-Color-Scheme`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-CH-Prefers-Color-Scheme)
Experimental
100. [`Sec-CH-Prefers-Reduced-Motion`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-CH-Prefers-Reduced-Motion)
Experimental
101. [`Sec-CH-Prefers-Reduced-Transparency`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-CH-Prefers-Reduced-Transparency)
Experimental
102. [`Sec-CH-UA`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-CH-UA)
Experimental
103. [`Sec-CH-UA-Arch`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-CH-UA-Arch)
Experimental
104. [`Sec-CH-UA-Bitness`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-CH-UA-Bitness)
Experimental
105. [`Sec-CH-UA-Form-Factors`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-CH-UA-Form-Factors)
Experimental
106. [`Sec-CH-UA-Full-Version`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-CH-UA-Full-Version)
Deprecated
107. [`Sec-CH-UA-Full-Version-List`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-CH-UA-Full-Version-List)
Experimental
108. [`Sec-CH-UA-Mobile`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-CH-UA-Mobile)
Experimental
109. [`Sec-CH-UA-Model`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-CH-UA-Model)
Experimental
110. [`Sec-CH-UA-Platform`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-CH-UA-Platform)
Experimental
111. [`Sec-CH-UA-Platform-Version`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-CH-UA-Platform-Version)
Experimental
112. [`Sec-CH-UA-WoW64`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-CH-UA-WoW64)
Experimental
113. [`Sec-CH-Viewport-Height`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-CH-Viewport-Height)
Experimental
114. [`Sec-CH-Viewport-Width`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-CH-Viewport-Width)
Experimental
115. [`Sec-CH-Width`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-CH-Width)
Experimental
116. [`Sec-Fetch-Dest`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-Fetch-Dest)
117. [`Sec-Fetch-Mode`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-Fetch-Mode)
118. [`Sec-Fetch-Site`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-Fetch-Site)
119. [`Sec-Fetch-Storage-Access`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-Fetch-Storage-Access)
120. [`Sec-Fetch-User`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-Fetch-User)
121. [`Sec-GPC`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-GPC)
Experimental
122. [`Sec-Private-State-Token`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-Private-State-Token)
Experimental
123. [`Sec-Private-State-Token-Crypto-Version`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-Private-State-Token-Crypto-Version)
Experimental
124. [`Sec-Private-State-Token-Lifetime`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-Private-State-Token-Lifetime)
Experimental
125. [`Sec-Purpose`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-Purpose)
126. [`Sec-Redemption-Record`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-Redemption-Record)
Experimental
127. [`Sec-Speculation-Tags`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-Speculation-Tags)
Experimental
128. [`Sec-WebSocket-Accept`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-WebSocket-Accept)
129. [`Sec-WebSocket-Extensions`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-WebSocket-Extensions)
130. [`Sec-WebSocket-Key`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-WebSocket-Key)
131. [`Sec-WebSocket-Protocol`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-WebSocket-Protocol)
132. [`Sec-WebSocket-Version`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-WebSocket-Version)
133. [`Server`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Server)
134. [`Server-Timing`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Server-Timing)
135. [`Service-Worker`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Service-Worker)
136. [`Service-Worker-Allowed`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Service-Worker-Allowed)
137. [`Service-Worker-Navigation-Preload`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Service-Worker-Navigation-Preload)
138. [`Set-Cookie`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie)
139. [`Set-Login`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Login)
140. [`SourceMap`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/SourceMap)
141. [`Speculation-Rules`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Speculation-Rules)
Experimental
142. [`Strict-Transport-Security`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Strict-Transport-Security)
143. [`Supports-Loading-Mode`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Supports-Loading-Mode)
Experimental
144. [`TE`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/TE)
145. [`Timing-Allow-Origin`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Timing-Allow-Origin)
146. [`Tk`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Tk)
Non-standard
Deprecated
147. [`Trailer`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Trailer)
148. [`Transfer-Encoding`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Transfer-Encoding)
149. [`Upgrade`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Upgrade)
150. [`Upgrade-Insecure-Requests`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Upgrade-Insecure-Requests)
151. [`Use-As-Dictionary`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Use-As-Dictionary)
Experimental
152. [`User-Agent`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/User-Agent)
153. [`Vary`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Vary)
154. [`Via`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Via)
155. [`Viewport-Width`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Viewport-Width)
Non-standard
Deprecated
156. [`Want-Content-Digest`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Want-Content-Digest)
157. [`Want-Repr-Digest`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Want-Repr-Digest)
158. [`Warning`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Warning)
Deprecated
159. [`Width`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Width)
Non-standard
Deprecated
160. [`WWW-Authenticate`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/WWW-Authenticate)
161. [`X-Content-Type-Options`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Content-Type-Options)
162. [`X-DNS-Prefetch-Control`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-DNS-Prefetch-Control)
Non-standard
163. [`X-Forwarded-For`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Forwarded-For)
Non-standard
164. [`X-Forwarded-Host`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Forwarded-Host)
Non-standard
165. [`X-Forwarded-Proto`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Forwarded-Proto)
Non-standard
166. [`X-Frame-Options`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options)
167. [`X-Permitted-Cross-Domain-Policies`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Permitted-Cross-Domain-Policies)
Non-standard
168. [`X-Powered-By`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Powered-By)
Non-standard
169. [`X-Robots-Tag`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Robots-Tag)
Non-standard
170. [`X-XSS-Protection`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-XSS-Protection)
Non-standard
Deprecated
27. [HTTP request methods](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Methods)
1. [`CONNECT`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Methods/CONNECT)
2. [`DELETE`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Methods/DELETE)
3. [`GET`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Methods/GET)
4. [`HEAD`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Methods/HEAD)
5. [`OPTIONS`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Methods/OPTIONS)
6. [`PATCH`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Methods/PATCH)
7. [`POST`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Methods/POST)
8. [`PUT`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Methods/PUT)
9. [`TRACE`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Methods/TRACE)
28. [HTTP response status codes](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status)
1. [`100 Continue`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/100)
2. [`101 Switching Protocols`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/101)
3. [`102 Processing`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/102)
4. [`103 Early Hints`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/103)
5. [`200 OK`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/200)
6. [`201 Created`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/201)
7. [`202 Accepted`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/202)
8. [`203 Non-Authoritative Information`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/203)
9. [`204 No Content`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/204)
10. [`205 Reset Content`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/205)
11. [`206 Partial Content`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/206)
12. [`207 Multi-Status`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/207)
13. [`208 Already Reported`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/208)
14. [`226 IM Used`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/226)
15. [`300 Multiple Choices`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/300)
16. [`301 Moved Permanently`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/301)
17. [`302 Found`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/302)
18. [`303 See Other`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/303)
19. [`304 Not Modified`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/304)
20. [`307 Temporary Redirect`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/307)
21. [`308 Permanent Redirect`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/308)
22. [`400 Bad Request`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/400)
23. [`401 Unauthorized`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/401)
24. [`402 Payment Required`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/402)
25. [`403 Forbidden`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/403)
26. [`404 Not Found`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/404)
27. [`405 Method Not Allowed`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/405)
28. [`406 Not Acceptable`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/406)
29. [`407 Proxy Authentication Required`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/407)
30. [`408 Request Timeout`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/408)
31. [`409 Conflict`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/409)
32. [`410 Gone`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/410)
33. [`411 Length Required`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/411)
34. [`412 Precondition Failed`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/412)
35. [`413 Content Too Large`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/413)
36. [`414 URI Too Long`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/414)
37. [`415 Unsupported Media Type`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/415)
38. [`416 Range Not Satisfiable`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/416)
39. [`417 Expectation Failed`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/417)
40. [`418 I'm a teapot`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/418)
41. [`421 Misdirected Request`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/421)
42. [`422 Unprocessable Content`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/422)
43. [`423 Locked`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/423)
44. [`424 Failed Dependency`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/424)
45. [`425 Too Early`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/425)
46. [`426 Upgrade Required`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/426)
47. [`428 Precondition Required`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/428)
48. [`429 Too Many Requests`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/429)
49. [`431 Request Header Fields Too Large`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/431)
50. [`451 Unavailable For Legal Reasons`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/451)
51. [`500 Internal Server Error`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/500)
52. [`501 Not Implemented`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/501)
53. [`502 Bad Gateway`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/502)
54. [`503 Service Unavailable`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/503)
55. [`504 Gateway Timeout`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/504)
56. [`505 HTTP Version Not Supported`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/505)
57. [`506 Variant Also Negotiates`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/506)
58. [`507 Insufficient Storage`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/507)
59. [`508 Loop Detected`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/508)
60. [`510 Not Extended`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/510)
61. [`511 Network Authentication Required`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/511)
29. [CSP directives](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy#directives)
1. [`base-uri`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/base-uri)
2. [`block-all-mixed-content`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/block-all-mixed-content)
Deprecated
3. [`child-src`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/child-src)
4. [`connect-src`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/connect-src)
5. [`default-src`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/default-src)
6. [`fenced-frame-src`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/fenced-frame-src)
Experimental
7. [`font-src`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/font-src)
8. [`form-action`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/form-action)
9. [`frame-ancestors`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/frame-ancestors)
10. [`frame-src`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/frame-src)
11. [`img-src`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/img-src)
12. [`manifest-src`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/manifest-src)
13. [`media-src`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/media-src)
14. [`object-src`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/object-src)
15. [`prefetch-src`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/prefetch-src)
Non-standard
Deprecated
16. [`report-to`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/report-to)
17. [`report-uri`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/report-uri)
Deprecated
18. [`require-trusted-types-for`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/require-trusted-types-for)
19. [`sandbox`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/sandbox)
20. [`script-src`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/script-src)
21. [`script-src-attr`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/script-src-attr)
22. [`script-src-elem`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/script-src-elem)
23. [`style-src`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/style-src)
24. [`style-src-attr`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/style-src-attr)
25. [`style-src-elem`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/style-src-elem)
26. [`trusted-types`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/trusted-types)
27. [`upgrade-insecure-requests`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/upgrade-insecure-requests)
28. [`worker-src`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/worker-src)
30. [Permissions-Policy directives](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy#directives)
Experimental
1. [`accelerometer`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/accelerometer)
Experimental
2. [`ambient-light-sensor`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/ambient-light-sensor)
Experimental
3. [`aria-notify`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/aria-notify)
Experimental
4. [`attribution-reporting`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/attribution-reporting)
Deprecated
5. [`autoplay`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/autoplay)
Experimental
6. [`bluetooth`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/bluetooth)
Experimental
7. [`browsing-topics`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/browsing-topics)
Non-standard
Deprecated
8. [`camera`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/camera)
Experimental
9. [`captured-surface-control`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/captured-surface-control)
Experimental
10. [`ch-ua-high-entropy-values`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/ch-ua-high-entropy-values)
Experimental
11. [`compute-pressure`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/compute-pressure)
Experimental
12. [`cross-origin-isolated`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/cross-origin-isolated)
Experimental
13. [`deferred-fetch`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/deferred-fetch)
Experimental
14. [`deferred-fetch-minimal`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/deferred-fetch-minimal)
Experimental
15. [`display-capture`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/display-capture)
Experimental
16. [`encrypted-media`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/encrypted-media)
Experimental
17. [`fullscreen`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/fullscreen)
Experimental
18. [`gamepad`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/gamepad)
Experimental
19. [`geolocation`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/geolocation)
Experimental
20. [`gyroscope`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/gyroscope)
Experimental
21. [`hid`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/hid)
Experimental
22. [`identity-credentials-get`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/identity-credentials-get)
Experimental
23. [`idle-detection`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/idle-detection)
Experimental
24. [`language-detector`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/language-detector)
Experimental
25. [`local-fonts`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/local-fonts)
Experimental
26. [`magnetometer`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/magnetometer)
Experimental
27. [`microphone`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/microphone)
Experimental
28. [`midi`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/midi)
Experimental
29. [`on-device-speech-recognition`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/on-device-speech-recognition)
Experimental
30. [`otp-credentials`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/otp-credentials)
Experimental
31. [`payment`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/payment)
Experimental
32. [`picture-in-picture`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/picture-in-picture)
Experimental
33. [`private-state-token-issuance`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/private-state-token-issuance)
Experimental
34. [`private-state-token-redemption`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/private-state-token-redemption)
Experimental
35. [`publickey-credentials-create`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/publickey-credentials-create)
Experimental
36. [`publickey-credentials-get`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/publickey-credentials-get)
Experimental
37. [`screen-wake-lock`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/screen-wake-lock)
Experimental
38. [`serial`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/serial)
Experimental
39. [`speaker-selection`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/speaker-selection)
Experimental
40. [`storage-access`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/storage-access)
Experimental
41. [`summarizer`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/summarizer)
Experimental
42. [`translator`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/translator)
Experimental
43. [`usb`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/usb)
Experimental
44. [`web-share`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/web-share)
Experimental
45. [`window-management`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/window-management)
Experimental
46. [`xr-spatial-tracking`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/xr-spatial-tracking)
Experimental
31. [HTTP resources and specifications](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Resources_and_specifications)
Your blueprint for a better internet.
MDN
- [About](https://developer.mozilla.org/en-US/about)
- [Blog](https://developer.mozilla.org/en-US/blog/)
- [Mozilla careers](https://www.mozilla.org/en-US/careers/listings/)
- [Advertise with us](https://developer.mozilla.org/en-US/advertising)
- [MDN Plus](https://developer.mozilla.org/en-US/plus)
- [Product help](https://support.mozilla.org/products/mdn-plus)
Contribute
- [MDN Community](https://developer.mozilla.org/en-US/community)
- [Community resources](https://developer.mozilla.org/en-US/docs/MDN/Community)
- [Writing guidelines](https://developer.mozilla.org/en-US/docs/MDN/Writing_guidelines)
- [MDN Discord](https://developer.mozilla.org/discord)
- [MDN on GitHub](https://github.com/mdn)
Developers
- [Web technologies](https://developer.mozilla.org/en-US/docs/Web)
- [Learn web development](https://developer.mozilla.org/en-US/docs/Learn_web_development)
- [Guides](https://developer.mozilla.org/en-US/docs/MDN/Guides)
- [Tutorials](https://developer.mozilla.org/en-US/docs/MDN/Tutorials)
- [Glossary](https://developer.mozilla.org/en-US/docs/Glossary)
- [Hacks blog](https://hacks.mozilla.org/)
- [Website Privacy Notice](https://www.mozilla.org/privacy/websites/)
- [Telemetry Settings](https://www.mozilla.org/en-US/privacy/websites/data-preferences/)
- [Legal](https://www.mozilla.org/about/legal/terms/mozilla)
- [Community Participation Guidelines](https://www.mozilla.org/about/governance/policies/participation/)
Visit [Mozilla Corporationβs](https://www.mozilla.org/) not-for-profit parent, the [Mozilla Foundation](https://foundation.mozilla.org/).
Portions of this content are Β©1998β2026 by individual mozilla.org contributors. Content available under [a Creative Commons license](https://developer.mozilla.org/docs/MDN/Writing_guidelines/Attrib_copyright_license). |
| Readable Markdown | ## [Syntax](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#syntax)
http
```
Cache-Control: <directive>, <directive>, ...
```
Cache directives follow these rules:
- Caching directives are case-insensitive. However, lowercase is recommended because some implementations do not recognize uppercase directives.
- Multiple directives are permitted and must be comma-separated (e.g., `Cache-control: max-age=180, public`).
- Some directives have an optional argument. When an argument is provided, it is separated from the directive name by an equals symbol (`=`). Typically, arguments for the directives are integers and are therefore not enclosed in quote characters (e.g., `Cache-control: max-age=12`).
### [Cache directives](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#cache_directives)
The following table lists the standard `Cache-Control` directives:
| Request | Response |
|---|---|
| `max-age` | `max-age` |
| `max-stale` | \- |
| `min-fresh` | \- |
| \- | `s-maxage` |
| `no-cache` | `no-cache` |
| `no-store` | `no-store` |
| `no-transform` | `no-transform` |
| `only-if-cached` | \- |
| \- | `must-revalidate` |
| \- | `proxy-revalidate` |
| \- | `must-understand` |
| \- | `private` |
| \- | `public` |
| \- | `immutable` |
| \- | `stale-while-revalidate` |
| `stale-if-error` | `stale-if-error` |
Note: Check the [compatibility table](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#browser_compatibility) for their support; user agents that don't recognize them should ignore them.
## [Vocabulary](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#vocabulary)
This section defines the terms used in this document, some of which are from the specification.
[(HTTP) cache](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#http_cache)
Implementation that holds requests and responses for reusing in subsequent requests. It can be either a shared cache or a private cache.
[Shared cache](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#shared_cache)
Cache that exists between the origin server and clients (e.g., Proxy, CDN). It stores a single response and reuses it with multiple users β so developers should avoid storing personalized contents to be cached in the shared cache.
[Private cache](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#private_cache)
Cache that exists in the client. It is also called *local cache* or *browser cache*. It can store and reuse personalized content for a single user.
[Store response](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#store_response)
Store a response in caches when the response is cacheable. However, the cached response is not always reused as-is. (Usually, "cache" means storing a response.)
[Reuse response](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#reuse_response)
Reuse cached responses for subsequent requests.
[Revalidate response](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#revalidate_response)
Ask the origin server whether or not the stored response is still [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age). Usually, the revalidation is done through a conditional request.
[Fresh response](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#fresh_response)
Indicates that the response is [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age). This usually means the response can be reused for subsequent requests, depending on request directives.
[Stale response](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#stale_response)
Indicates that the response is a [stale response](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age). This usually means the response can't be reused as-is. Cache storage isn't required to remove stale responses immediately because revalidation could change the response from being stale to being [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) again.
[Age](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#age)
The time since a response was generated. It is a criterion for whether a response is [fresh or stale](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age).
## [Directives](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#directives)
This section lists directives that affect caching β both response directives and request directives.
### [Response Directives](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#response_directives)
#### `max-age`
The `max-age=N` response directive indicates that the response remains [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) until *N* seconds after the response is generated.
http
```
Cache-Control: max-age=604800
```
Indicates that caches can store this response and reuse it for subsequent requests while it's [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age).
Note that `max-age` is not the elapsed time since the response was received; it is the elapsed time since the response was generated on the origin server. So if the other cache(s) β on the network route taken by the response β store the response for 100 seconds (indicated using the `Age` response header field), the browser cache would deduct 100 seconds from its [freshness lifetime](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age).
If the `max-age` value is negative (for example, `-1`) or isn't an integer (for example, `3599.99`), then the caching behavior is unspecified. Caches are encouraged to treat the value as if it were `0` (this is noted in the [Calculating Freshness Lifetime](https://httpwg.org/specs/rfc9111.html#calculating.freshness.lifetime) section of the HTTP specification).
http
```
Cache-Control: max-age=604800
Age: 100
```
#### `s-maxage`
The `s-maxage` response directive indicates how long the response remains [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) in a shared cache. The `s-maxage` directive is ignored by private caches, and overrides the value specified by the `max-age` directive or the `Expires` header for shared caches, if they are present.
http
```
Cache-Control: s-maxage=604800
```
#### `no-cache`
The `no-cache` response directive indicates that the response can be stored in caches, but the response must be validated with the origin server before each reuse, even when the cache is disconnected from the origin server.
http
```
Cache-Control: no-cache
```
If you want caches to always check for content updates while reusing stored content, `no-cache` is the directive to use. It does this by requiring caches to revalidate each request with the origin server.
Note that `no-cache` does not mean "don't cache". `no-cache` allows caches to store a response but requires them to revalidate it before reuse. If the sense of "don't cache" that you want is actually "don't store", then `no-store` is the directive to use.
#### `must-revalidate`
The `must-revalidate` response directive indicates that the response can be stored in caches and can be reused while [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age). If the response becomes [stale](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age), it must be validated with the origin server before reuse.
Typically, `must-revalidate` is used with `max-age`.
http
```
Cache-Control: max-age=604800, must-revalidate
```
HTTP allows caches to reuse [stale responses](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) when they are disconnected from the origin server. `must-revalidate` is a way to prevent this from happening - either the stored response is revalidated with the origin server or a 504 (Gateway Timeout) response is generated.
#### `proxy-revalidate`
The `proxy-revalidate` response directive is the equivalent of `must-revalidate`, but specifically for shared caches only.
#### `no-store`
The `no-store` response directive indicates that any caches of any kind (private or shared) should not store this response.
http
```
Cache-Control: no-store
```
#### `private`
The `private` response directive indicates that the response can be stored only in a private cache (e.g., local caches in browsers).
http
```
Cache-Control: private
```
You should add the `private` directive for user-personalized content, especially for responses received after login and for sessions managed via cookies.
If you forget to add `private` to a response with personalized content, then that response can be stored in a shared cache and end up being reused for multiple users, which can cause personal information to leak.
#### `public`
The `public` response directive indicates that the response can be stored in a shared cache. Responses for requests with `Authorization` header fields must not be stored in a shared cache; however, the `public` directive will cause such responses to be stored in a shared cache.
http
```
Cache-Control: public
```
In general, when pages are under Basic Auth or Digest Auth, the browser sends requests with the `Authorization` header. This means that the response is access-controlled for restricted users (who have accounts), and it's fundamentally not shared-cacheable, even if it has `max-age`.
You can use the `public` directive to unlock that restriction.
http
```
Cache-Control: public, max-age=604800
```
Note that `s-maxage` or `must-revalidate` also unlock that restriction.
If a request doesn't have an `Authorization` header, or you are already using `s-maxage` or `must-revalidate` in the response, then you don't need to use `public`.
#### `must-understand`
The `must-understand` response directive indicates that a cache should store the response only if it understands the requirements for caching based on status code.
`must-understand` should be coupled with `no-store` for fallback behavior.
http
```
Cache-Control: must-understand, no-store
```
If a cache doesn't support `must-understand`, it will be ignored. If `no-store` is also present, the response isn't stored.
If a cache supports `must-understand`, it stores the response with an understanding of cache requirements based on its status code.
#### `no-transform`
Some intermediaries transform content for various reasons. For example, some convert images to reduce transfer size. In some cases, this is undesirable for the content provider.
`no-transform` indicates that any intermediary (regardless of whether it implements a cache) shouldn't transform the response contents.
#### `immutable`
The `immutable` response directive indicates that the response will not be updated while it's [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age).
http
```
Cache-Control: public, max-age=604800, immutable
```
A modern best practice for static resources is to include version/hashes in their URLs, while never modifying the resources β but instead, when necessary, *updating* the resources with newer versions that have new version-numbers/hashes, so that their URLs are different. That's called the **cache-busting** pattern.
html
```
<script src="https://example.com/react.0.0.0.js"></script>
```
When a user reloads the browser, the browser will send conditional requests for validating to the origin server. But it's not necessary to revalidate those kinds of static resources even when a user reloads the browser, because they're never modified. `immutable` tells a cache that the response is immutable while it's [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) and avoids those kinds of unnecessary conditional requests to the server.
When you use a cache-busting pattern for resources and apply them to a long `max-age`, you can also add `immutable` to avoid revalidation.
#### `stale-while-revalidate`
The `stale-while-revalidate` response directive indicates that the cache could reuse a stale response while it revalidates it to a cache.
http
```
Cache-Control: max-age=604800, stale-while-revalidate=86400
```
In the example above, the response is [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) for 7 days (604800s). After 7 days it becomes [stale](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age), but the cache is allowed to reuse it for any requests that are made in the following day (86400s), provided that they revalidate the response in the background.
Revalidation will make the cache be [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) again, so it appears to clients that it was always [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) during that period β effectively hiding the latency penalty of revalidation from them.
If no request happened during that period, the cache became [stale](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) and the next request will revalidate normally.
#### `stale-if-error`
The `stale-if-error` response directive indicates that the cache can reuse a [stale response](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) when an upstream server generates an error, or when the error is generated locally. Here, an error is considered any response with a status code of 500, 502, 503, or 504.
http
```
Cache-Control: max-age=604800, stale-if-error=86400
```
In the example above, the response is [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) for 7 days (604800s). Afterwards, it becomes [stale](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age), but can be used for an extra 1 day (86400s) when an error is encountered.
After the stale-if-error period passes, the client will receive any error generated.
### [Request Directives](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#request_directives)
#### `no-cache`
The `no-cache` request directive asks caches to validate the response with the origin server before reuse.
http
```
Cache-Control: no-cache
```
`no-cache` allows clients to request the most up-to-date response even if the cache has a [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) response.
Browsers usually add `no-cache` to requests when users are **force reloading** a page.
#### `no-store`
The `no-store` request directive allows a client to request that caches refrain from storing the request and corresponding response β even if the origin server's response could be stored.
http
```
Cache-Control: no-store
```
#### `max-age`
The `max-age=N` request directive indicates that the client allows a stored response that is generated on the origin server within *N* seconds β where *N* may be any non-negative integer (including `0`).
http
```
Cache-Control: max-age=10800
```
In the case above, if the response with `Cache-Control: max-age=10800` was generated more than 3 hours ago (calculated from `max-age` and the `Age` header), the cache couldn't reuse that response.
Many browsers use this directive for **reloading**, as explained below.
http
```
Cache-Control: max-age=0
```
`max-age=0` is a workaround for `no-cache`, because many old (HTTP/1.0) cache implementations don't support `no-cache`. Recently browsers are still using `max-age=0` in "reloading" β for backward compatibility β and alternatively using `no-cache` to cause a "force reloading".
If the `max-age` value is negative (for example, `-1`) or isn't an integer (for example, `3599.99`), then the caching behavior is unspecified. Caches are encouraged to treat the value as if it were `0`.
#### `max-stale`
The `max-stale=N` request directive indicates that the client allows a stored response that is [stale](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) within *N* seconds. If no *N* value is specified, the client will accept a stale response of any age.
http
```
Cache-Control: max-stale=3600
```
For example, a request with the header above indicates that the browser will accept a stale response from the cache that has expired within the last hour.
Clients can use this header when the origin server is down or too slow and can accept cached responses from caches even if they are a bit old.
Note that the major browsers do not support requests with `max-stale`.
#### `min-fresh`
The `min-fresh=N` request directive indicates that the client allows a stored response that is [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) for at least *N* seconds.
http
```
Cache-Control: min-fresh=600
```
In the case above, if the response with `Cache-Control: max-age=3600` was stored in caches 51 minutes ago, the cache couldn't reuse that response.
Clients can use this header when the user requires the response to not only be [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age), but also requires that it won't be updated for a period of time.
Note that the major browsers do not support requests with `min-fresh`.
#### `no-transform`
Same meaning that `no-transform` has for a response, but for a request instead.
#### `only-if-cached`
The client indicates that an already-cached response should be returned. If a cache has a stored response, even a stale one, it will be returned. If no cached response is available, a [504 Gateway Timeout](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/504) response will be returned.
#### `stale-if-error`
The `stale-if-error` request directive indicates that the browser is interested in receiving stale content on error from any intermediate server for a particular origin. This is not supported by any browser (see [Browser compatibility](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#browser_compatibility)).
## [Use Cases](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#use_cases)
### [Preventing storing](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#preventing_storing)
If you don't want a response stored in caches, use the `no-store` directive.
http
```
Cache-Control: no-store
```
Note that `no-cache` means "it can be stored but don't reuse before validating" β so it's not for preventing a response from being stored.
http
```
Cache-Control: no-cache
```
In theory, if directives are conflicted, the most restrictive directive should be honored. So the example below is basically meaningless because `private`, `no-cache`, `max-age=0` and `must-revalidate` conflict with `no-store`.
http
```
# conflicted
Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate
# equivalent to
Cache-Control: no-store
```
### [Caching static assets with "cache busting"](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#caching_static_assets_with_cache_busting)
When you build static assets with versioning/hashing mechanisms, adding a version/hash to the filename or query string is a good way to manage caching.
For example:
html
```
<!-- index.html -->
<script src="/assets/react.min.js"></script>
<img src="/assets/hero.png" width="900" height="400" />
```
The React library version will change when you update the library, and `hero.png` will also change when you edit the picture. So those are hard to store in a cache with `max-age`.
In such a case, you could address the caching needs by using a specific, numbered version of the library, and including the hash of the picture in its URL.
html
```
<!-- index.html -->
<script src="/assets/react.0.0.0min.js"></script>
<img src="/assets/hero.png?hash=deadbeef" width="900" height="400" />
```
You can add a long `max-age` value and `immutable` because the content will never change.
http
```
# /assets/*
Cache-Control: max-age=31536000, immutable
```
When you update the library or edit the picture, new content should have a new URL, and caches aren't reused. That is called the "cache busting" pattern.
Use a `no-cache` to make sure that the HTML response itself is not cached. `no-cache` could cause revalidation, and the client will correctly receive a new version of the HTML response and static assets.
http
```
# /index.html
Cache-Control: no-cache
```
Note: If `index.html` is controlled under Basic Authentication or Digest Authentication, files under `/assets` are not stored in the shared cache. If `/assets/` files are suitable for storing in a shared cache, you also need one of `public`, `s-maxage` or `must-revalidate`.
### [Up-to-date contents always](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#up-to-date_contents_always)
For content that's generated dynamically, or that's static but updated often, you want a user to always receive the most up-to-date version.
If you don't add a `Cache-Control` header because the response is not intended to be cached, that could cause an unexpected result. Cache storage is allowed to cache it heuristically β so if you have any requirements on caching, you should always indicate them explicitly, in the `Cache-Control` header.
Adding `no-cache` to the response causes revalidation to the server, so you can serve a [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) response every time β or if the client already has a new one, just respond `304 Not Modified`.
http
```
Cache-Control: no-cache
```
Most HTTP/1.0 caches don't support `no-cache` directives, so historically `max-age=0` was used as a workaround. But only `max-age=0` could cause a [stale response](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) to be reused when caches disconnected from the origin server. `must-revalidate` addresses that. That's why the example below is equivalent to `no-cache`.
http
```
Cache-Control: max-age=0, must-revalidate
```
But for now, you can simply use `no-cache` instead.
### [Clearing an already-stored cache](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#clearing_an_already-stored_cache)
There are no cache directives for clearing already-stored responses from caches on *intermediate* servers.
Imagine that clients/caches store a [fresh](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#fresh_and_stale_based_on_age) response for a path, with no request flight to the server. There is nothing a server could do to that path.
[`Clear-Site-Data: cache`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Clear-Site-Data#cache) can be used to clear every stored response for a site in the browser cache, so use this with care. Note that this will not affect shared or intermediate caches.
## [Specifications](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#specifications)
| Specification |
|---|
| [HTTP Caching \# field.cache-control](https://httpwg.org/specs/rfc9111.html#field.cache-control) |
| [HTTP Immutable Responses \# the-immutable-cache-control-extension](https://httpwg.org/specs/rfc8246.html#the-immutable-cache-control-extension) |
## [Browser compatibility](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#browser_compatibility)
## [See also](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#see_also)
- [HTTP caching](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching)
- [Caching Tutorial for Web Authors and Webmasters](https://www.mnot.net/cache_docs/)
- [Caching best practices & max-age gotchas](https://jakearchibald.com/2016/caching-best-practices/)
- [Cache-Control for Civilians](https://csswizardry.com/2019/03/cache-control-for-civilians/)
- [RFC 9111 β HTTP Caching](https://httpwg.org/specs/rfc9111.html)
- [RFC 5861 β HTTP Cache-Control Extensions for Stale Content](https://httpwg.org/specs/rfc5861.html)
- [RFC 8246 β HTTP Immutable Responses](https://httpwg.org/specs/rfc8246.html) |
| Shard | 53 (laksa) |
| Root Hash | 7082249407640205653 |
| Unparsed URL | org,mozilla!developer,/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control s443 |