Rule from network under performance category
Passmarked is made out of users just like you who helped supply some content. Click below to contribute to this rule. We need you.Add content to this rule
cache-control header allows developers/website owners to precisely control where the resources of the site are allowed to be stored/cached and how often they need to be re-validated from the server.
The header includes numerous options that can be set, normally referred to as
directives. The supported
directives commonly used include:
public- Allows proxy servesr to cache the resource, use normally for resources such as images where the data can be public and shared.
private- Allows only the browser itself to cache the result of the resource, could be seen as more secure as no service in between the service and the user should be caching the result.
no-cache- Will force browsers to make a request to the server before releasing anything from the cache. Great if you need to be able to log and track usage of a resource while still using caching for performance.
only-if-cached- Informs the browser to not make any requests to the server.
max-age=<seconds>- Specifies the number of seconds that this resource should be cached for. We recommend at a bare minimum 4 hours, while something bigger like 2 days are advised for shared static resources like images.
s-maxage=<seconds>- Same as
max-agebut only applies to servers and intermediate services, ignore in the private cache of browsers themselves.
must-revalidate- Informs the browser to check the server for a new copy of the resource everytime before using it from cache.
proxy-revalidate- Same as
must-revalidatebut only applies to proxies
no-store- Informs the browser to not store anything related to the request or the response of the resource in question.
directives can be cherry-picked and combined based on the scenario such as:
Cache-Control: no-cache, no-store, must-revalidate
Which will totally disable caching for resources returned with the header.
Which will cache the resource for 4 hours.
Double check the web server congfiguration and what options are included using only the valid options listed above (or from the resources).
Passmarked works best when you have an account. It allows you to keep a dashboard with saved data of the sites you have run through the system, we’ll alert you about important updates and you get access to the Passmarked Slack forum.Sign up to get started