If a page answers with header
Cache-Control:private, s-maxage=0
Should the page ever be cached by the browser or not? What's the specification behavior in this case?
rfc2616 defines s-maxage has:
If a response includes an s-maxage directive, then for a shared cache (but not for a private cache), the maximum age specified by this directive overrides the maximum age specified by either the max-age directive or the Expires header. The s-maxage directive also implies the semantics of the proxy-revalidate directive (see section 14.9.4), i.e., that the shared cache must not use the entry after it becomes stale to respond to a subsequent request without first revalidating it with the origin server. The s- maxage directive is always ignored by a private cache.
This confuses me a bit. I understand that if max-age and s-maxage is defined, s-maxage is used for a shared cache but what happens to a private (browser) cache? Is s-maxage still used by the private cache or not?
My tests indicate that Chrome 49 and Firefox 44 would not cache this page request while IE 11 effectively does browser caching of this page (tests on win7 64bit). This page request is done via AJAX in case that matters.
So you can see different browsers have different behaviors. Reading the spec it seems IE is in the wrong here. What's the root cause for this? Maybe different default values?
Edit: Further testing points me that my header works the same way as Cache-Control:private.
In this case, Chrome never uses browser cache for both a 'normal' page request and an AJAX GET request while IE 11 doesn't cache the normal page request but caches the AJAX GET request, for no apparent good reason.
