| 1216 | | <t>Cache directives are identified by a token, to be compared case-insensitively, and have an optional argument.</t> |
| 1217 | | <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="Cache-Control"/><iref primary="true" item="Grammar" subitem="cache-extension"/> |
| | 1213 | <t> |
| | 1214 | Cache directives are identified by a token, to be compared case-insensitively, |
| | 1215 | and have an optional argument, that can use both token and quoted-string |
| | 1216 | syntax. For the directives defined below that define arguments, recipients |
| | 1217 | ought to accept both forms, even if one is documented to be preferred. For |
| | 1218 | any directive not defined by this specification, recipients &MUST; accept |
| | 1219 | both forms. |
| | 1220 | </t> |
| | 1221 | <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="Cache-Control"/><iref primary="true" item="Grammar" subitem="cache-directive"/> |
| 1257 | | <list> |
| 1258 | | <t>The no-store request directive indicates that a cache &MUST-NOT; |
| 1259 | | store any part of either this request or any response to it. This |
| 1260 | | directive applies to both private and shared caches. "&MUST-NOT; |
| 1261 | | store" in this context means that the cache &MUST-NOT; intentionally |
| 1262 | | store the information in non-volatile storage, and &MUST; make a |
| 1263 | | best-effort attempt to remove the information from volatile storage as |
| 1264 | | promptly as possible after forwarding it.</t> |
| 1265 | | <t>This directive is NOT a reliable or sufficient mechanism for ensuring |
| 1266 | | privacy. In particular, malicious or compromised caches might not |
| 1267 | | recognize or obey this directive, and communications networks might be |
| 1268 | | vulnerable to eavesdropping.</t> |
| 1269 | | <t>Note that if a request containing this directive is satisfied from a |
| 1270 | | cache, the no-store request directive does not apply to the already |
| 1271 | | stored response.</t> |
| 1272 | | </list> |
| | 1247 | <t> |
| | 1248 | The no-store request directive indicates that a cache &MUST-NOT; |
| | 1249 | store any part of either this request or any response to it. This |
| | 1250 | directive applies to both private and shared caches. "&MUST-NOT; |
| | 1251 | store" in this context means that the cache &MUST-NOT; intentionally |
| | 1252 | store the information in non-volatile storage, and &MUST; make a |
| | 1253 | best-effort attempt to remove the information from volatile storage as |
| | 1254 | promptly as possible after forwarding it. |
| 1275 | | <x:dfn>max-age</x:dfn> |
| | 1257 | This directive is NOT a reliable or sufficient mechanism for ensuring |
| | 1258 | privacy. In particular, malicious or compromised caches might not |
| | 1259 | recognize or obey this directive, and communications networks might be |
| | 1260 | vulnerable to eavesdropping. |
| | 1261 | </t> |
| | 1262 | <t> |
| | 1263 | Note that if a request containing this directive is satisfied from a |
| | 1264 | cache, the no-store request directive does not apply to the already |
| | 1265 | stored response. |
| | 1266 | </t> |
| | 1267 | </section> |
| | 1268 | |
| | 1269 | <section title="max-age" anchor="cache-request-directive.max-age"> |
| 1286 | | <x:dfn>max-stale</x:dfn> |
| | 1281 | The max-age request directive indicates that the client is unwilling to |
| | 1282 | accept a response whose age is greater than the specified number of |
| | 1283 | seconds. Unless the max-stale request directive is also present, the |
| | 1284 | client is not willing to accept a stale response. |
| | 1285 | </t> |
| | 1286 | <t> |
| | 1287 | <x:h>Note:</x:h> This directive uses the token form of the argument syntax; |
| | 1288 | e.g., 'max-age=5', not 'max-age="5"'. Senders &SHOULD-NOT; use the |
| | 1289 | quoted-string form. |
| | 1290 | </t> |
| | 1291 | </section> |
| | 1292 | |
| | 1293 | <section title="max-stale" anchor="cache-request-directive.max-stale"> |
| 1290 | | <t>The max-stale request directive indicates that the client is willing |
| 1291 | | to accept a response that has exceeded its expiration time. If max-stale |
| 1292 | | is assigned a value, then the client is willing to accept a response |
| 1293 | | that has exceeded its expiration time by no more than the specified |
| 1294 | | number of seconds. If no value is assigned to max-stale, then the client |
| 1295 | | is willing to accept a stale response of any age.</t> |
| | 1299 | <t> |
| | 1300 | <x:ref>delta-seconds</x:ref> (see <xref target="delta-seconds"/>) |
| | 1301 | </t> |
| 1299 | | <x:dfn>min-fresh</x:dfn> |
| | 1305 | The max-stale request directive indicates that the client is willing |
| | 1306 | to accept a response that has exceeded its expiration time. If max-stale |
| | 1307 | is assigned a value, then the client is willing to accept a response |
| | 1308 | that has exceeded its expiration time by no more than the specified |
| | 1309 | number of seconds. If no value is assigned to max-stale, then the client |
| | 1310 | is willing to accept a stale response of any age. |
| | 1311 | </t> |
| | 1312 | <t> |
| | 1313 | <x:h>Note:</x:h> This directive uses the token form of the argument syntax; |
| | 1314 | e.g., 'max-stale=10', not 'max-stale="10"'. Senders &SHOULD-NOT; use the |
| | 1315 | quoted-string form. |
| | 1316 | </t> |
| | 1317 | </section> |
| | 1318 | |
| | 1319 | <section title="min-fresh" anchor="cache-request-directive.min-fresh"> |
| 1311 | | <x:dfn>no-transform</x:dfn> |
| | 1331 | The min-fresh request directive indicates that the client is willing |
| | 1332 | to accept a response whose freshness lifetime is no less than its |
| | 1333 | current age plus the specified time in seconds. That is, the client |
| | 1334 | wants a response that will still be fresh for at least the specified |
| | 1335 | number of seconds. |
| | 1336 | </t> |
| | 1337 | <t> |
| | 1338 | <x:h>Note:</x:h> This directive uses the token form of the argument syntax; |
| | 1339 | e.g., 'min-fresh=20', not 'min-fresh="20"'. Senders &SHOULD-NOT; use the |
| | 1340 | quoted-string form. |
| | 1341 | </t> |
| | 1342 | </section> |
| | 1343 | |
| | 1344 | <section title="no-transform" anchor="cache-request-directive.no-transform"> |
| 1314 | | <list> |
| 1315 | | <t>The no-transform request directive indicates that an intermediary |
| 1316 | | (whether or not it implements a cache) &MUST-NOT; change the |
| 1317 | | Content-Encoding, Content-Range or Content-Type request header fields, |
| 1318 | | nor the request representation.</t> |
| 1319 | | </list> |
| | 1347 | <t> |
| | 1348 | The no-transform request directive indicates that an intermediary |
| | 1349 | (whether or not it implements a cache) &MUST-NOT; change the |
| | 1350 | Content-Encoding, Content-Range or Content-Type request header fields, |
| | 1351 | nor the request representation. |
| 1325 | | <list> |
| 1326 | | <t>The only-if-cached request directive indicates that the client only |
| 1327 | | wishes to obtain a stored response. If it receives this directive, a |
| 1328 | | cache &SHOULD; either respond using a stored response that is consistent |
| 1329 | | with the other constraints of the request, or respond with a 504 |
| 1330 | | (Gateway Timeout) status code. If a group of caches is being operated as |
| 1331 | | a unified system with good internal connectivity, a member cache &MAY; |
| 1332 | | forward such a request within that group of caches.</t> |
| 1333 | | </list> |
| | 1358 | <t> |
| | 1359 | The only-if-cached request directive indicates that the client only |
| | 1360 | wishes to obtain a stored response. If it receives 3ive, a |
| | 1361 | cache &SHOULD; either respond using a stored response that is consistent |
| | 1362 | with the other constraints of the request, or respond with a 504 |
| | 1363 | (Gateway Timeout) status code. If a group of caches is being operated as |
| | 1364 | a unified system with good internal connectivity, a member cache &MAY; |
| | 1365 | forward such a request within that group of caches. |
| 1341 | | <figure><artwork type="abnf2616"><iref item="Grammar" primary="true" |
| 1342 | | subitem="cache-response-directive" /> |
| 1343 | | <x:ref>cache-response-directive</x:ref> = |
| 1344 | | "public" |
| 1345 | | / "private" [ "=" <x:ref>DQUOTE</x:ref> 1#<x:ref>field-name</x:ref> <x:ref>DQUOTE</x:ref> ] |
| 1346 | | / "no-cache" [ "=" <x:ref>DQUOTE</x:ref> 1#<x:ref>field-name</x:ref> <x:ref>DQUOTE</x:ref> ] |
| 1347 | | / "no-store" |
| 1348 | | / "no-transform" |
| 1349 | | / "must-revalidate" |
| 1350 | | / "proxy-revalidate" |
| 1351 | | / "max-age" "=" <x:ref>delta-seconds</x:ref> |
| 1352 | | / "s-maxage" "=" <x:ref>delta-seconds</x:ref> |
| 1353 | | / <x:ref>cache-extension</x:ref> |
| 1354 | | </artwork></figure> |
| 1355 | | |
| 1356 | | <t> |
| 1357 | | <x:dfn>public</x:dfn> |
| | 1374 | <section title="public" anchor="cache-response-directive.only-if-cached"> |
| 1371 | | <t>The private response directive indicates that the response message is |
| 1372 | | intended for a single user and &MUST-NOT; be stored by a shared cache. A |
| 1373 | | private cache &MAY; store the response.</t> |
| 1374 | | <t>If the private response directive specifies one or more field-names, |
| 1375 | | this requirement is limited to the field-values associated with the |
| 1376 | | listed response header fields. That is, a shared cache &MUST-NOT; store |
| 1377 | | the specified field-names(s), whereas it &MAY; store the remainder of the |
| 1378 | | response message.</t> |
| 1379 | | <t>The field-names given are not limited to the set of standard header |
| 1380 | | fields defined by this specification. Field names are case-insensitive. |
| | 1390 | <t> |
| | 1391 | #<x:ref>field-name</x:ref> |
| 1391 | | <x:dfn>no-cache</x:dfn> |
| | 1396 | The private response directive indicates that the response message is |
| | 1397 | intended for a single user and &MUST-NOT; be stored by a shared cache. A |
| | 1398 | private cache &MAY; store the response. |
| | 1399 | </t> |
| | 1400 | <t> |
| | 1401 | If the private response directive specifies one or more field-names, |
| | 1402 | this requirement is limited to the field-values associated with the |
| | 1403 | listed response header fields. That is, a shared cache &MUST-NOT; store |
| | 1404 | the specified field-names(s), whereas it &MAY; store the remainder of the |
| | 1405 | response message. |
| | 1406 | </t> |
| | 1407 | <t> |
| | 1408 | The field-names given are not limited to the set of standard header |
| | 1409 | fields defined by this specification. Field names are case-insensitive. |
| | 1410 | </t> |
| | 1411 | <t> |
| | 1412 | <x:h>Note:</x:h> This usage of the word "private" only controls |
| | 1413 | where the response can be stored; it cannot ensure the privacy of the |
| | 1414 | message content. Also, private response directives with field-names are |
| | 1415 | often handled by implementations as if an unqualified private directive |
| | 1416 | was received; i.e., the special handling for the qualified form is not |
| | 1417 | widely implemented. |
| | 1418 | </t> |
| | 1419 | <t> |
| | 1420 | <x:h>Note:</x:h> This directive uses the quoted-string form of the argument |
| | 1421 | syntax. Senders &SHOULD-NOT; use the token form (even if quoting appears not |
| | 1422 | to be needed for single-entry lists). |
| | 1423 | </t> |
| | 1424 | </section> |
| | 1425 | |
| | 1426 | <section title="no-cache" anchor="cache-response-directive.no-cache"> |
| 1395 | | <t>The no-cache response directive indicates that the response &MUST-NOT; |
| 1396 | | be used to satisfy a subsequent request without successful validation on |
| 1397 | | the origin server. This allows an origin server to prevent a cache from |
| 1398 | | using it to satisfy a request without contacting it, even by caches that |
| 1399 | | have been configured to return stale responses.</t> |
| 1400 | | <t>If the no-cache response directive specifies one or more field-names, |
| 1401 | | then a cache &MAY; use the response to satisfy a subsequent request, |
| 1402 | | subject to any other restrictions on caching. However, any header fields |
| 1403 | | in the response that have the field-name(s) listed &MUST-NOT; be sent |
| 1404 | | in the response to a subsequent request without successful revalidation |
| 1405 | | with the origin server. This allows an origin server to prevent the |
| 1406 | | re-use of certain header fields in a response, while still allowing |
| 1407 | | caching of the rest of the response.</t> |
| 1408 | | <t>The field-names given are not limited to the set of standard header |
| 1409 | | fields defined by this specification. Field names are case-insensitive. |
| | 1432 | <t> |
| | 1433 | #<x:ref>field-name</x:ref> |
| 1419 | | <x:dfn>no-store</x:dfn> |
| | 1438 | The no-cache response directive indicates that the response &MUST-NOT; |
| | 1439 | be used to satisfy a subsequent request without successful validation on |
| | 1440 | the origin server. This allows an origin server to prevent a cache from |
| | 1441 | using it to satisfy a request without contacting it, even by caches that |
| | 1442 | have been configured to return stale responses. |
| | 1443 | </t> |
| | 1444 | <t> |
| | 1445 | If the no-cache response directive specifies one or more field-names, |
| | 1446 | then a cache &MAY; use the response to satisfy a subsequent request, |
| | 1447 | subject to any other restrictions on caching. However, any header fields |
| | 1448 | in the response that have the field-name(s) listed &MUST-NOT; be sent |
| | 1449 | in the response to a subsequent request without successful revalidation |
| | 1450 | with the origin server. This allows an origin server to prevent the |
| | 1451 | re-use of certain header fields in a response, while still allowing |
| | 1452 | caching of the rest of the response. |
| | 1453 | </t> |
| | 1454 | <t> |
| | 1455 | The field-names given are not limited to the set of standard header |
| | 1456 | fields defined by this specification. Field names are case-insensitive. |
| | 1457 | </t> |
| | 1458 | <t> |
| | 1459 | <x:h>Note:</x:h> Most HTTP/1.0 caches will not recognize or obey |
| | 1460 | this directive. Also, no-cache response directives with field-names are |
| | 1461 | often handled by implementations as if an unqualified no-cache directive |
| | 1462 | was received; i.e., the special handling for the qualified form is not |
| | 1463 | widely implemented. |
| | 1464 | </t> |
| | 1465 | <t> |
| | 1466 | <x:h>Note:</x:h> This directive uses the quoted-string form of the argument |
| | 1467 | syntax. Senders &SHOULD-NOT; use the token form (even if quoting appears not |
| | 1468 | to be needed for single-entry lists). |
| | 1469 | </t> |
| | 1470 | </section> |
| | 1471 | |
| | 1472 | <section title="no-store" anchor="cache-response-directive.no-store"> |
| 1422 | | <list> |
| 1423 | | <t>The no-store response directive indicates that a cache &MUST-NOT; |
| 1424 | | store any part of either the immediate request or response. This |
| 1425 | | directive applies to both private and shared caches. "&MUST-NOT; |
| 1426 | | store" in this context means that the cache &MUST-NOT; intentionally |
| 1427 | | store the information in non-volatile storage, and &MUST; make a |
| 1428 | | best-effort attempt to remove the information from volatile storage as |
| 1429 | | promptly as possible after forwarding it.</t> |
| 1430 | | <t>This directive is NOT a reliable or sufficient mechanism for ensuring |
| 1431 | | privacy. In particular, malicious or compromised caches might not |
| 1432 | | recognize or obey this directive, and communications networks might be |
| 1433 | | vulnerable to eavesdropping.</t> |
| 1434 | | </list> |
| | 1475 | <t> |
| | 1476 | The no-store response directive indicates that a cache &MUST-NOT; |
| | 1477 | store any part of either the immediate request or response. This |
| | 1478 | directive applies to both private and shared caches. "&MUST-NOT; |
| | 1479 | store" in this context means that the cache &MUST-NOT; intentionally |
| | 1480 | store the information in non-volatile storage, and &MUST; make a |
| | 1481 | best-effort attempt to remove the information from volatile storage as |
| | 1482 | promptly as possible after forwarding it. |
| 1440 | | <list> |
| 1441 | | <t>The must-revalidate response directive indicates that once it has |
| 1442 | | become stale, a cache &MUST-NOT; use the response to satisfy subsequent |
| 1443 | | requests without successful validation on the origin server.</t> |
| 1444 | | <t>The must-revalidate directive is necessary to support reliable |
| 1445 | | operation for certain protocol features. In all circumstances a |
| 1446 | | cache &MUST; obey the must-revalidate directive; in particular, |
| 1447 | | if a cache cannot reach the origin server for any reason, it &MUST; |
| 1448 | | generate a 504 (Gateway Timeout) response.</t> |
| 1449 | | <t>The must-revalidate directive ought to be used by servers if and only |
| 1450 | | if failure to validate a request on the representation could result in |
| 1451 | | incorrect operation, such as a silently unexecuted financial |
| 1452 | | transaction.</t> |
| 1453 | | </list> |
| | 1495 | <t> |
| | 1496 | The must-revalidate response directive indicates that once it has |
| | 1497 | become stale, a cache &MUST-NOT; use the response to satisfy subsequent |
| | 1498 | requests without successful validation on the origin server. |
| 1456 | | <x:dfn>proxy-revalidate</x:dfn> |
| | 1501 | The must-revalidate directive is necessary to support reliable |
| | 1502 | operation for certain protocol features. In all circumstances a |
| | 1503 | cache &MUST; obey the must-revalidate directive; in particular, |
| | 1504 | if a cache cannot reach the origin server for any reason, it &MUST; |
| | 1505 | generate a 504 (Gateway Timeout) response. |
| | 1506 | </t> |
| | 1507 | <t> |
| | 1508 | The must-revalidate directive ought to be used by servers if and only |
| | 1509 | if failure to validate a request on the representation could result in |
| | 1510 | incorrect operation, such as a silently unexecuted financial |
| | 1511 | transaction. |
| | 1512 | </t> |
| | 1513 | </section> |
| | 1514 | |
| | 1515 | <section title="proxy-revalidate" anchor="cache-response-directive.proxy-revalidate"> |
| 1488 | | <x:dfn>no-transform</x:dfn> |
| | 1560 | The s-maxage response directive indicates that, in shared caches, the |
| | 1561 | maximum age specified by this directive overrides the maximum age |
| | 1562 | specified by either the max-age directive or the Expires header field. The |
| | 1563 | s-maxage directive also implies the semantics of the proxy-revalidate |
| | 1564 | response directive. |
| | 1565 | </t> |
| | 1566 | <t> |
| | 1567 | <x:h>Note:</x:h> This directive uses the token form of the argument syntax; |
| | 1568 | e.g., 's-maxage=10', not 's-maxage="10"'. Senders &SHOULD-NOT; use the |
| | 1569 | quoted-string form. |
| | 1570 | </t> |
| | 1571 | </section> |
| | 1572 | |
| | 1573 | <section title="no-transform" anchor="cache-response-directive.no-transform"> |
| 1491 | | <list> |
| 1492 | | <t>The no-transform response directive indicates that an intermediary |
| 1493 | | (regardless of whether it implements a cache) &MUST-NOT; change the |
| 1494 | | Content-Encoding, Content-Range or Content-Type response header fields, |
| 1495 | | nor the response representation.</t> |
| 1496 | | </list> |
| | 1576 | <t> |
| | 1577 | The no-transform response directive indicates that an intermediary |
| | 1578 | (regardless of whether it implements a cache) &MUST-NOT; change the |
| | 1579 | Content-Encoding, Content-Range or Content-Type response header fields, |
| | 1580 | nor the response representation. |
| 2444 | | <x:ref>cache-directive</x:ref> = cache-request-directive / cache-response-directive |
| 2445 | | <x:ref>cache-extension</x:ref> = token [ "=" ( token / quoted-string ) ] |
| 2446 | | <x:ref>cache-request-directive</x:ref> = "no-cache" / "no-store" / ( "max-age=" |
| 2447 | | delta-seconds ) / ( "max-stale" [ "=" delta-seconds ] ) / ( |
| 2448 | | "min-fresh=" delta-seconds ) / "no-transform" / "only-if-cached" / |
| 2449 | | cache-extension |
| 2450 | | <x:ref>cache-response-directive</x:ref> = "public" / ( "private" [ "=" DQUOTE *( "," |
| 2451 | | OWS ) field-name *( OWS "," [ OWS field-name ] ) DQUOTE ] ) / ( |
| 2452 | | "no-cache" [ "=" DQUOTE *( "," OWS ) field-name *( OWS "," [ OWS |
| 2453 | | field-name ] ) DQUOTE ] ) / "no-store" / "no-transform" / |
| 2454 | | "must-revalidate" / "proxy-revalidate" / ( "max-age=" delta-seconds |
| 2455 | | ) / ( "s-maxage=" delta-seconds ) / cache-extension |
| | 2529 | <x:ref>cache-directive</x:ref> = token [ "=" ( token / quoted-string ) ] |
![(please configure the [header_logo] section in trac.ini)](https://www.ietf.org/images/ietflogotrans.gif)
