0

To indicate the need to check the validity of the saved cache before each subsequent request, we can use Cache-Control: no-cache with the validator (ETag or Date+Last-Modified) in the server response.

A more compatible way to revalidate, if I understand correctly, is to use max-age=0, must-revalidate instead of no-cache. A wide range of historical reasons to use the second option has been discussed in the very helpful thread What's the difference between Cache-Control: max-age=0 and no-cache?

The value max-age=0, must-revalidate (with private or public) is the most popular among no-cache alternatives (according to usage statistics from Webtechsurvey). Among the alternatives, there is a slightly less popular option no-cache, must-revalidate, max-age=0, which I do not understand. It's probably aimed at supporting HTTP/1.0 and other things that don't recognize no-cache, however I understand that this causes problems in some older browsers that changed the no-cache behavior as mentioned in the discussion at the link.

The problem is that unlike no-cache, if there is no server response, using must-revalidate will not allow the cache to be used and should show a 504 error. If we do not use must-revalidate, this can lead to a false positive hash, which is mentioned all in the same topic.

Question: how to create a max-age:0 compatibility level check with a mandatory cache check and a mandatory download of a new version (without heuristic risks), if the server is in order, and if the server does not respond, then issue the cache? Is there an ideal solution or should there be compromises?

p.s. Of course, this makes the cache potentially out of date in conditions where we allegedly require it to be perfectly up to date and do this at the expense of additional HTTP requests. However, with some conscious risk approach, showing cache may be a better SEO strategy than showing an error.

Svyatoslav Alekseev
  • 1
  • 1
  • 1
    Why do you think you need to use `must-revalidate` with IE < 10? – Kevin Christopher Henry Apr 07 '23 at 00:08
  • @kevin-christopher-henry I had to seriously edit the question as it's really not specific to IE, but there are historical reasons why `no-store` shouldn't be mentioned at all (for perfect compatibility), so reverting back to `max-age=0, must -revalidate`. – Svyatoslav Alekseev Apr 07 '23 at 02:00
  • What you're asking for is the behavior of `Cache-Control: max-age=0`. What's wrong with that? What do you think it's not compatible with? The thread you cited is pointing out that, at one point long ago, `no-cache` was new and not backwards compatible. – Kevin Christopher Henry Apr 07 '23 at 04:42
  • @kevin-christopher-henry As I understand it, must-revalidate changes the behavior of `max-age` from "should" to "must" by disabling heuristics and the impact of other directives, such as the `max-stale` request directive. It is mentioned in rfc7234 section-3.2 that this prevents stale queries from being used. (did not delve into the heuristics, but the industry believes according to HTTP header statistics): `.... In particular, a response with either "max-age=0, must-revalidate" or "s-maxage=0" cannot be used to satisfy a subsequent request without revalidating it on the origin server`. – Svyatoslav Alekseev Apr 07 '23 at 06:05
  • Right, and that's not the behavior you want. "...if the server does not respond, then issue the cache". So why would you use `must-revalidate`? Just don't use it! – Kevin Christopher Henry Apr 07 '23 at 15:01
  • Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. – Community Apr 08 '23 at 15:12

0 Answers0