43

The cache control header "no-cache, must-revalidate, private" allows browsers to cache the resource but forces a revalidate with conditional requests. This works as expected in FF, Safari, and Chrome.

However, IE7+8 does not send a conditional request, that is, "If-Modified-Since" is missing in the request header and hence the server responds with HTTP/200 instead of HTTP/304.

Here are the full server response headers:

Last-Modified: Wed, 16 Feb 2011 13:52:26 GMT
Content-type: text/html;charset=utf-8
Content-Length: 10835
Date: Wed, 16 Feb 2011 13:52:26 GMT
Connection: keep-alive
Cache-Control: no-cache, must-revalidate, private

This seems like an IE bug, but I haven't found anything related on the web, so I wonder whether maybe the absence or existence of another header makes IE behave strangely?

A good discussion of the difference between no-cache and max-age: What's the difference between Cache-Control: max-age=0 and no-cache?

activedecay
  • 8,238
  • 3
  • 40
  • 54
alienhard
  • 13,366
  • 9
  • 34
  • 28
  • Go into Internet Options==>General Tab==>Browsing history section==>Settings... button. Look at the "Check for newer versions of stored pages:" selector. Confirm that this cache behavior is or is not linked to its setting (for most users, it should be Automatically). – rskar Feb 16 '11 at 14:43
  • 1
    It is **not** linked to this behavior. – alienhard Feb 16 '11 at 17:17

2 Answers2

76

I've eventually figured it out. Here is an explanation and a tested solution.

The following site confirms my observation: http://blog.httpwatch.com/2008/10/15/two-important-differences-between-firefox-and-ie-caching/

It says that IE does not locally store pages with the 'no-cache' directive and hence always sends an unconditional request.

There's also a MS support article - https://support.microsoft.com/help/234067/ - which confirms this:

"Internet Explorer supports the HTTP 1.1 Cache-Control header, which prevents all caching of a particular Web resource when the no-cache value is specified..."

This behavior is not entirely wrong -- but it is not what RFC 2616 (sec. 14.9.1) intended. About 'no-cache' it says "... a cache MUST NOT use the response to satisfy a subsequent request without successful revalidation with the origin server." So the response CAN be cached but MUST revalidate it. The major browsers, except for IE, do cache the response and revalidate it. To prevent storing the request, there's the 'no-store' Cache-Control directive.

In summary, IE treats 'no-cache' as 'no-store'.

And here's the solution to enable conditional requests for IE and the other browsers in a consistent way:

Don't use no-cache, but instead set the Expires header to the past (or -1, which has the same effect). IE, as well as the other major browsers, will then send conditional requests. (Note, you should also be aware of the IE Vary header bug, which prevents caching.)

These are the critical header fields:

Last-Modified: Wed, 16 Feb 2011 13:52:26 GMT
Expires: -1
Cache-Control: must-revalidate, private
  • Last-Modified (or ETag) is needed as a validator
  • Expires -1 tells that the resource is stale and must be revalidated
  • Cache-Control must not include no-cache or no-store
Helder Magalhães
  • 500
  • 5
  • 13
alienhard
  • 13,366
  • 9
  • 34
  • 28
  • Great, this is exactly what I was looking for! – Josh Voigts Feb 26 '13 at 23:01
  • 3
    Running IE11 (on Win8.1 in a VirtualBox) I do not get the same behavior. For me, IE11 does validate the resources marked as `no-cache` rather than reload them completely. The resources also have an `Expires` header with an old date. – henko May 02 '14 at 13:20
  • 1
    Using an ETag is a more general solution to this problem as the client can then easily check if the content has modified, and will stop the download if the content is the same. Works in all browsers consistently. – Montana Harkin Aug 11 '14 at 23:06
  • 1
    In which IE version was this tested? Will it also work in IE6? – rustyx Jun 10 '15 at 12:04
  • For me, IE adds Cache-Control: no-cache in the request for an image, and not a response. And it doesn't cache the image, which is not what i want. any idea how to fix that ? And why is the header is present in the request ? Its not being set from javascript code – mishal153 Jun 03 '16 at 10:22
-2
   $last_modified = filemtime($_SERVER['SCRIPT_FILENAME']);

   session_cache_limiter(FALSE);

   header("Content-Type: text/css");
   header("Cache-Control: max-age=1, must-revalidate, private");
   header("Last-Modified: " . gmdate("D, d M Y H:i:s", $last_modified) . " GMT");

   if(isset($_SERVER["HTTP_IF_MODIFIED_SINCE"]))
   {
      if(strtotime($_SERVER["HTTP_IF_MODIFIED_SINCE"]) >= $last_modified)
      {
         header("HTTP/1.1 304 Not Modified");
         exit;
      }
   }
danielb
  • 13
  • 1