Difference between no-cache and must-revalidate
For what it's worth, the MDN page on HTTP validation directly addresses this (emphasis mine):
It is often stated that the combination of
must-revalidatehas the same meaning as
Cache-Control: max-age=0, must-revalidate
max-age=0means that the response is immediately stale, and
must-revalidatemeans that it must not be reused without revalidation once it is stale — so in combination, the semantics seem to be the same as
However, that usage of
max-age=0is a remnant of the fact that many implementations prior to HTTP/1.1 were unable to handle the
no-cachedirective — and so to deal with that limitation,
max-age=0was used as a workaround.
But now that HTTP/1.1-conformant servers are widely deployed, there's no reason to ever use that
must-revalidatecombination — you should instead just use
For reference (for our own personal cache control, heh) that MDN page was last updated on June 1, 2022; and I pulled that quote on June 10, 2022 (archive June 8).
With Jeffrey Fox's interpretation about
no-cache, i've tested under chrome 52.0.2743.116 m, the result shows that
no-cache has the same behavior as
must-revalidate, they all will NOT use local cache when server is unreachable, and, they all will use cache while tap browser's Back/Forward button when server is unreachable.
As above, i think
max-age=0, must-revalidate is identical to
no-cache, at least in implementation.
I believe that
must-revalidate means :
Once the cache expires, refuse to return stale responses to the user even if they say that stale responses are acceptable.
no-cache implies :
must-revalidateplus the fact the response becomes stale right away.
If a response is cacheable for 10 seconds, then
must-revalidate kicks in after 10 seconds, whereas
must-revalidate after 0 seconds.
At least, that's my interpretation.
max-age=0, must-revalidate and
no-cache aren't exactly identical. With
must-revalidate, if the server doesn't respond to a revalidation request, the browser/proxy is supposed to return a 504 error. With
no-cache, it would just show the cached content, which would be probably preferred by the user (better to have something stale than nothing at all). This is why
must-revalidate is intended for critical transactions only.