Cache-Control

Last updated: April 2026

Cache-Control is an HTTP response header that controls how browsers, CDNs, and proxies cache responses. Without it, caches apply unpredictable defaults.

Common directives

public                  # cacheable by browsers and CDNs
private                 # cacheable by browser only (not CDNs)
no-cache                # cache but revalidate before every use
no-store                # do not cache anywhere
max-age=N               # fresh for N seconds
s-maxage=N              # CDN TTL (overrides max-age for shared caches)
immutable               # resource never changes during max-age window
stale-while-revalidate=N # serve stale while revalidating in background
must-revalidate         # must revalidate once stale, no serving stale

Recommended values by resource type

# Fingerprinted static assets (JS, CSS with hash in filename)
Cache-Control: public, max-age=31536000, immutable

# Images
Cache-Control: public, max-age=2592000

# HTML pages
Cache-Control: no-cache

# API responses (private data)
Cache-Control: no-store

# API responses (public, can be stale briefly)
Cache-Control: public, max-age=60, stale-while-revalidate=300