| 1216 | | <t>Cache directives are identified by a token, to be compared case-insensitively, and have an optional argument.</t> |
| 1217 | | <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="Cache-Control"/><iref primary="true" item="Grammar" subitem="cache-extension"/> |
| | 1213 | <t> |
| | 1214 | Cache directives are identified by a token, to be compared case-insensitively, |
| | 1215 | and have an optional argument, that can use both token and quoted-string |
| | 1216 | syntax. Recipients &MUST; accept both forms. |
| | 1217 | </t> |
| | 1218 | <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="Cache-Control"/><iref primary="true" item="Grammar" subitem="cache-directive"/> |
| 1257 | | <list> |
| 1258 | | <t>The no-store request directive indicates that a cache &MUST-NOT; |
| 1259 | | store any part of either this request or any response to it. This |
| 1260 | | directive applies to both private and shared caches. "&MUST-NOT; |
| 1261 | | store" in this context means that the cache &MUST-NOT; intentionally |
| 1262 | | store the information in non-volatile storage, and &MUST; make a |
| 1263 | | best-effort attempt to remove the information from volatile storage as |
| 1264 | | promptly as possible after forwarding it.</t> |
| 1265 | | <t>This directive is NOT a reliable or sufficient mechanism for ensuring |
| 1266 | | privacy. In particular, malicious or compromised caches might not |
| 1267 | | recognize or obey this directive, and communications networks might be |
| 1268 | | vulnerable to eavesdropping.</t> |
| 1269 | | <t>Note that if a request containing this directive is satisfied from a |
| 1270 | | cache, the no-store request directive does not apply to the already |
| 1271 | | stored response.</t> |
| 1272 | | </list> |
| | 1244 | <t> |
| | 1245 | The no-store request directive indicates that a cache &MUST-NOT; |
| | 1246 | store any part of either this request or any response to it. This |
| | 1247 | directive applies to both private and shared caches. "&MUST-NOT; |
| | 1248 | store" in this context means that the cache &MUST-NOT; intentionally |
| | 1249 | store the information in non-volatile storage, and &MUST; make a |
| | 1250 | best-effort attempt to remove the information from volatile storage as |
| | 1251 | promptly as possible after forwarding it. |
| 1275 | | <x:dfn>max-age</x:dfn> |
| | 1254 | This directive is NOT a reliable or sufficient mechanism for ensuring |
| | 1255 | privacy. In particular, malicious or compromised caches might not |
| | 1256 | recognize or obey this directive, and communications networks might be |
| | 1257 | vulnerable to eavesdropping. |
| | 1258 | </t> |
| | 1259 | <t> |
| | 1260 | Note that if a request containing this directive is satisfied from a |
| | 1261 | cache, the no-store request directive does not apply to the already |
| | 1262 | stored response. |
| | 1263 | </t> |
| | 1264 | </section> |
| | 1265 | |
| | 1266 | <section title="max-age" anchor="cache-request-directive.max-age"> |
| 1290 | | <t>The max-stale request directive indicates that the client is willing |
| 1291 | | to accept a response that has exceeded its expiration time. If max-stale |
| 1292 | | is assigned a value, then the client is willing to accept a response |
| 1293 | | that has exceeded its expiration time by no more than the specified |
| 1294 | | number of seconds. If no value is assigned to max-stale, then the client |
| 1295 | | is willing to accept a stale response of any age.</t> |
| | 1291 | <t> |
| | 1292 | <x:ref>delta-seconds</x:ref> (see <xref target="delta-seconds"/>) |
| | 1293 | </t> |
| 1299 | | <x:dfn>min-fresh</x:dfn> |
| | 1297 | The max-stale request directive indicates that the client is willing |
| | 1298 | to accept a response that has exceeded its expiration time. If max-stale |
| | 1299 | is assigned a value, then the client is willing to accept a response |
| | 1300 | that has exceeded its expiration time by no more than the specified |
| | 1301 | number of seconds. If no value is assigned to max-stale, then the client |
| | 1302 | is willing to accept a stale response of any age. |
| | 1303 | </t> |
| | 1304 | </section> |
| | 1305 | |
| | 1306 | <section title="min-fresh" anchor="cache-request-directive.min-fresh"> |
| 1314 | | <list> |
| 1315 | | <t>The no-transform request directive indicates that an intermediary |
| 1316 | | (whether or not it implements a cache) &MUST-NOT; change the |
| 1317 | | Content-Encoding, Content-Range or Content-Type request header fields, |
| 1318 | | nor the request representation.</t> |
| 1319 | | </list> |
| | 1329 | <t> |
| | 1330 | The no-transform request directive indicates that an intermediary |
| | 1331 | (whether or not it implements a cache) &MUST-NOT; change the |
| | 1332 | Content-Encoding, Content-Range or Content-Type request header fields, |
| | 1333 | nor the request representation. |
| 1325 | | <list> |
| 1326 | | <t>The only-if-cached request directive indicates that the client only |
| 1327 | | wishes to obtain a stored response. If it receives this directive, a |
| 1328 | | cache &SHOULD; either respond using a stored response that is consistent |
| 1329 | | with the other constraints of the request, or respond with a 504 |
| 1330 | | (Gateway Timeout) status code. If a group of caches is being operated as |
| 1331 | | a unified system with good internal connectivity, a member cache &MAY; |
| 1332 | | forward such a request within that group of caches.</t> |
| 1333 | | </list> |
| | 1340 | <t> |
| | 1341 | The only-if-cached request directive indicates that the client only |
| | 1342 | wishes to obtain a stored response. If it receives this directive, a |
| | 1343 | cache &SHOULD; either respond using a stored response that is consistent |
| | 1344 | with the other constraints of the request, or respond with a 504 |
| | 1345 | (Gateway Timeout) status code. If a group of caches is being operated as |
| | 1346 | a unified system with good internal connectivity, a member cache &MAY; |
| | 1347 | forward such a request within that group of caches. |
| 1371 | | <t>The private response directive indicates that the response message is |
| 1372 | | intended for a single user and &MUST-NOT; be stored by a shared cache. A |
| 1373 | | private cache &MAY; store the response.</t> |
| 1374 | | <t>If the private response directive specifies one or more field-names, |
| 1375 | | this requirement is limited to the field-values associated with the |
| 1376 | | listed response header fields. That is, a shared cache &MUST-NOT; store |
| 1377 | | the specified field-names(s), whereas it &MAY; store the remainder of the |
| 1378 | | response message.</t> |
| 1379 | | <t>The field-names given are not limited to the set of standard header |
| 1380 | | fields defined by this specification. Field names are case-insensitive. |
| | 1387 | <t> |
| | 1388 | #<x:ref>field-name</x:ref> |
| 1391 | | <x:dfn>no-cache</x:dfn> |
| | 1393 | The private response directive indicates that the response message is |
| | 1394 | intended for a single user and &MUST-NOT; be stored by a shared cache. A |
| | 1395 | private cache &MAY; store the response. |
| | 1396 | </t> |
| | 1397 | <t> |
| | 1398 | If the private response directive specifies one or more field-names, |
| | 1399 | this requirement is limited to the field-values associated with the |
| | 1400 | listed response header fields. That is, a shared cache &MUST-NOT; store |
| | 1401 | the specified field-names(s), whereas it &MAY; store the remainder of the |
| | 1402 | response message. |
| | 1403 | </t> |
| | 1404 | <t> |
| | 1405 | The field-names given are not limited to the set of standard header |
| | 1406 | fields defined by this specification. Field names are case-insensitive. |
| | 1407 | </t> |
| | 1408 | <t> |
| | 1409 | <x:h>Note:</x:h> This usage of the word "private" only controls |
| | 1410 | where the response can be stored; it cannot ensure the privacy of the |
| | 1411 | message content. Also, private response directives with field-names are |
| | 1412 | often handled by implementations as if an unqualified private directive |
| | 1413 | was received; i.e., the special handling for the qualified form is not |
| | 1414 | widely implemented. |
| | 1415 | </t> |
| | 1416 | <t> |
| | 1417 | <x:h>Note:</x:h> For compatibility with non-robust recipients, even a |
| | 1418 | single-entry list of field names &SHOULD; be sent using the quoted-string |
| | 1419 | syntax. |
| | 1420 | </t> |
| | 1421 | </section> |
| | 1422 | |
| | 1423 | <section title="no-cache" anchor="cache-response-directive.no-cache"> |
| 1395 | | <t>The no-cache response directive indicates that the response &MUST-NOT; |
| 1396 | | be used to satisfy a subsequent request without successful validation on |
| 1397 | | the origin server. This allows an origin server to prevent a cache from |
| 1398 | | using it to satisfy a request without contacting it, even by caches that |
| 1399 | | have been configured to return stale responses.</t> |
| 1400 | | <t>If the no-cache response directive specifies one or more field-names, |
| 1401 | | then a cache MAY use the response to satisfy a subsequent request, |
| 1402 | | subject to any other restrictions on caching. However, any header fields |
| 1403 | | in the response that have the field-name(s) listed &MUST-NOT; be sent |
| 1404 | | in the response to a subsequent request without successful revalidation |
| 1405 | | with the origin server. This allows an origin server to prevent the |
| 1406 | | re-use of certain header fields in a response, while still allowing |
| 1407 | | caching of the rest of the response.</t> |
| 1408 | | <t>The field-names given are not limited to the set of standard header |
| 1409 | | fields defined by this specification. Field names are case-insensitive. |
| | 1429 | <t> |
| | 1430 | #<x:ref>field-name</x:ref> |
| 1419 | | <x:dfn>no-store</x:dfn> |
| | 1435 | The no-cache response directive indicates that the response &MUST-NOT; |
| | 1436 | be used to satisfy a subsequent request without successful validation on |
| | 1437 | the origin server. This allows an origin server to prevent a cache from |
| | 1438 | using it to satisfy a request without contacting it, even by caches that |
| | 1439 | have been configured to return stale responses. |
| | 1440 | </t> |
| | 1441 | <t> |
| | 1442 | If the no-cache response directive specifies one or more field-names, |
| | 1443 | then a cache &MAY; use the response to satisfy a subsequent request, |
| | 1444 | subject to any other restrictions on caching. However, any header fields |
| | 1445 | in the response that have the field-name(s) listed &MUST-NOT; be sent |
| | 1446 | in the response to a subsequent request without successful revalidation |
| | 1447 | with the origin server. This allows an origin server to prevent the |
| | 1448 | re-use of certain header fields in a response, while still allowing |
| | 1449 | caching of the rest of the response. |
| | 1450 | </t> |
| | 1451 | <t> |
| | 1452 | The field-names given are not limited to the set of standard header |
| | 1453 | fields defined by this specification. Field names are case-insensitive. |
| | 1454 | </t> |
| | 1455 | <t> |
| | 1456 | <x:h>Note:</x:h> Most HTTP/1.0 caches will not recognize or obey |
| | 1457 | this directive. Also, no-cache response directives with field-names are |
| | 1458 | often handled by implementations as if an unqualified no-cache directive |
| | 1459 | was received; i.e., the special handling for the qualified form is not |
| | 1460 | widely implemented. |
| | 1461 | </t> |
| | 1462 | <t> |
| | 1463 | <x:h>Note:</x:h> For compatibility with non-robust recipients, even a |
| | 1464 | single-entry list of field names &SHOULD; be sent using the quoted-string |
| | 1465 | syntax. |
| | 1466 | </t> |
| | 1467 | </section> |
| | 1468 | |
| | 1469 | <section title="no-store" anchor="cache-response-directive.no-store"> |
| 1422 | | <list> |
| 1423 | | <t>The no-store response directive indicates that a cache &MUST-NOT; |
| 1424 | | store any part of either the immediate request or response. This |
| 1425 | | directive applies to both private and shared caches. "&MUST-NOT; |
| 1426 | | store" in this context means that the cache &MUST-NOT; intentionally |
| 1427 | | store the information in non-volatile storage, and &MUST; make a |
| 1428 | | best-effort attempt to remove the information from volatile storage as |
| 1429 | | promptly as possible after forwarding it.</t> |
| 1430 | | <t>This directive is NOT a reliable or sufficient mechanism for ensuring |
| 1431 | | privacy. In particular, malicious or compromised caches might not |
| 1432 | | recognize or obey this directive, and communications networks might be |
| 1433 | | vulnerable to eavesdropping.</t> |
| 1434 | | </list> |
| | 1472 | <t> |
| | 1473 | The no-store response directive indicates that a cache &MUST-NOT; |
| | 1474 | store any part of either the immediate request or response. This |
| | 1475 | directive applies to both private and shared caches. "&MUST-NOT; |
| | 1476 | store" in this context means that the cache &MUST-NOT; intentionally |
| | 1477 | store the information in non-volatile storage, and &MUST; make a |
| | 1478 | best-effort attempt to remove the information from volatile storage as |
| | 1479 | promptly as possible after forwarding it. |
| 1440 | | <list> |
| 1441 | | <t>The must-revalidate response directive indicates that once it has |
| 1442 | | become stale, a cache &MUST-NOT; use the response to satisfy subsequent |
| 1443 | | requests without successful validation on the origin server.</t> |
| 1444 | | <t>The must-revalidate directive is necessary to support reliable |
| 1445 | | operation for certain protocol features. In all circumstances a |
| 1446 | | cache &MUST; obey the must-revalidate directive; in particular, |
| 1447 | | if a cache cannot reach the origin server for any reason, it &MUST; |
| 1448 | | generate a 504 (Gateway Timeout) response.</t> |
| 1449 | | <t>The must-revalidate directive ought to be used by servers if and only |
| 1450 | | if failure to validate a request on the representation could result in |
| 1451 | | incorrect operation, such as a silently unexecuted financial |
| 1452 | | transaction.</t> |
| 1453 | | </list> |
| | 1492 | <t> |
| | 1493 | The must-revalidate response directive indicates that once it has |
| | 1494 | become stale, a cache &MUST-NOT; use the response to satisfy subsequent |
| | 1495 | requests without successful validation on the origin server. |
| 1456 | | <x:dfn>proxy-revalidate</x:dfn> |
| | 1498 | The must-revalidate directive is necessary to support reliable |
| | 1499 | operation for certain protocol features. In all circumstances a |
| | 1500 | cache &MUST; obey the must-revalidate directive; in particular, |
| | 1501 | if a cache cannot reach the origin server for any reason, it &MUST; |
| | 1502 | generate a 504 (Gateway Timeout) response. |
| | 1503 | </t> |
| | 1504 | <t> |
| | 1505 | The must-revalidate directive ought to be used by servers if and only |
| | 1506 | if failure to validate a request on the representation could result in |
| | 1507 | incorrect operation, such as a silently unexecuted financial |
| | 1508 | transaction. |
| | 1509 | </t> |
| | 1510 | </section> |
| | 1511 | |
| | 1512 | <section title="proxy-revalidate" anchor="cache-response-directive.proxy-revalidate"> |
| 1491 | | <list> |
| 1492 | | <t>The no-transform response directive indicates that an intermediary |
| 1493 | | (regardless of whether it implements a cache) &MUST-NOT; change the |
| 1494 | | Content-Encoding, Content-Range or Content-Type response header fields, |
| 1495 | | nor the response representation.</t> |
| 1496 | | </list> |
| | 1563 | <t> |
| | 1564 | The no-transform response directive indicates that an intermediary |
| | 1565 | (regardless of whether it implements a cache) &MUST-NOT; change the |
| | 1566 | Content-Encoding, Content-Range or Content-Type response header fields, |
| | 1567 | nor the response representation. |
![(please configure the [header_logo] section in trac.ini)](https://www.ietf.org/images/ietflogotrans.gif)
