Cache-Control headers can be sent in both the request and the response.    Cache-Control headers in the response specify whether or not the content can be cached by the user and for how long.  Cache-Control headers in a request specify whether or not a user wants to receive content served from cache, this includes disk caches and proxy caches.

The values in response Cache-Control headers can include:

  • no-cache - No system or user can cache this content.
  • private - Browser can cache this content, but shared or public caches cannot.
  • public - Content can be cached by any system not just browsers. 
  • max-age - Set in seconds; specifies the maximum amount of time content is considered fresh.

The most commonly used request based Cache-Control header is no-cache. A cache must not use a cached version of the item, without revalidation with the origin web servers.  This applies to disk cache as well as shared caches.  To see this in action use a plug-in or tool to view the HTTP headers that are sent from your browser, while using CTRL + Refresh to load a page you have previously visited.  Your request headers should look something like this:

Accept    */*
Accept-Encoding    gzip, deflate
Accept-Language    en-gb
Cache-Control    no-cache
Connection    Keep-Alive

The response code should be a 200 as opposed to a 304 or cached response.

For detailed information on all the Cache-Control headers check out rfc2616.