ETag with no Cache-Control header in http response

5
votes

I am trying to learn some basics about HTTP. I've inspected a some HTTP response headers and noticed 2 things that confused me:

  • There was no cache-control header and

  • ETag header was present.

The way I understood ETag is that, client sends ETag in a requests to a cache, and cache revalidates resources Etag with the server. But if there is no Cache-Control header in response, than all subsequent requests do the revalidation directly with the server and completely omit cache. Is this the case or am I missing something? Does something else happen when there is no cache-control header present in response? Why is ETag even present if all request will go to the server directly anyway?

1
httpcachinghttp-headersetag

1 Answers

6
votes

The absence of a cache-control header does not mean a resource cannot be cached - it's up to the client (i.e. the web browser) to decide how to handle this undefined state.

Caching it (whether in memory or in disk) and only using that cached version if ETag validates seems a perfectly reasonable implementation to me.

If you don't want a resource cached then you should explicitly say this with a cache-control header of "max-age=0, no-store, no-cache, must-revalidate".