Cache-control: private and public

Question

What should a http client do if server returned Cache-Control: private, public ?

I have a feeling private should override public, but I can't find a confirmation in the RFC (other than MUST in private and MAY in public).

For reference, [RFC 2616: 14.9.1 What is Cacheable](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.1). It's up to the browser how it should be handled. So, do not send both `public` and `private`. — Lekensteyn, Oct 03 '10 at 19:00
I am making a client, not server, and I am thinking in advance how to handle these scenarios. — Andrey Shchekin, Oct 03 '10 at 19:07

score 5 · Answer 1 · answered Sep 19 '12 at 16:45

5

I believe http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p6-cache-20.html#rfc.section.3 is pretty clear -- if it's labeled "private" it needs to be considered private, no matter whether "public" appears as well

answered Sep 19 '12 at 16:45

Julian Reschke

40,156
8
95
98

Is this official yet? – Pacerier Aug 25 '13 at 18:22
Pacerier: what yo you mean by "official"? No, it's not published as a RFC yet. See http://trac.tools.ietf.org/wg/httpbis/trac/wiki#HTTP1.1Deliverables – Julian Reschke Aug 26 '13 at 04:44
Hmm, is it going to be finalized for release soon? – Pacerier Aug 27 '13 at 08:24
It will need to got through an IETF Last Call (soonish), then likely revised once again, then be approved by the IESG. – Julian Reschke Aug 27 '13 at 15:28

score 2 · Accepted Answer · answered Aug 23 '11 at 10:58

2

From a pragmatic point of view, err on the side of caution and treat it "private".

That way you cause a little extra network traffic for the lousy server, but keep your user's (potentially private) data safe.

answered Aug 23 '11 at 10:58

Szocske

7,466
2
20
24

score 1 · Answer 3 · edited Sep 19 '12 at 16:51

1

Private cache control is used in this context to cache and store the data for a single user machine and not to be served with the entire network.

Whereas the Public Cache control is used to store the data in the client machine from the server and share it across the network on which the client machine is connected to.

edited Sep 19 '12 at 16:51

Brian Mains

50,520
35
148
257

answered Sep 19 '12 at 15:41

abc

19
1

score 0 · Answer 4 · answered Mar 22 '12 at 12:00

Private cache control is used in this context to cache and store the data for a single user machine and not to be served with the entire network.

Whereas the Public Cache control is used to store the data in the client machine from the server and share it across the network on which the client machine is connected to.

Please refer the below example contains the details of http://www.totalworkflow.co.uk/ Server response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Set-Cookie: .ASPXANONYMOUS=TV4owqs-zQEkAAAAZmFhNDI5NDQtZmFmMi00Y2Q3LWI4NDctYTE0NDg5MzAwNjg20; expires=Wed, 30-May-2012 21:32:48 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=x12csr3ac4jp03jugqawke2d; path=/; HttpOnly
X-AspNet-Version: 2.0.5072

Cache-control: private and public

4 Answers4