API Caching directives
The HTTP cache directive must be executed by all the devices in the chain (firewall, server, client, db,…) that manage the request/response
The directive in included in the HTTP header as:
Cache-Control: "directive-1, directive-2,..."
Cache-Control: "private, max-age=60"
Caching Control in the Response
It is useful to manage
- who can cache the response
- for how long
- under what conditions
Caching Control in the Request
It is useful for
- override caching behavior
- Protect sensitive data
private vs public
Private means to not cache on the intermediate nodes, but only in the client
Public means cache everywhere
Used with sensitive data for which they should not be cached at all
no-cache and ETag
With the no-cache directive the server will respond with new fresh data, and the data will not be cached.
The Etag directive represents the hash of the response body, and the client will send it back to the server in order, for the server, to check if the data that have been sent previously to the client are the same of the data that it is going to send again.
In this case the server sends back a 304 (not changed) status code. If the data is changed the server will reply with the 200.
It’s the time, in seconds, for which the cache will be valid