idnits 2.17.1 draft-ietf-httpbis-p6-cache-26.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 2 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. -- The draft header indicates that this document obsoletes RFC2616, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to contain a disclaimer for pre-RFC5378 work, and may have content which was first submitted before 10 November 2008. The disclaimer is necessary when there are original authors that you have been unable to contact, or if some do not wish to grant the BCP78 rights to the IETF Trust. If you are able to get all authors (current and original) to grant those rights, you can and should remove the disclaimer; otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 6, 2014) is 3694 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Obsolete informational reference (is this intentional?): RFC 2616 (Obsoleted by RFC 7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235) -- Obsolete informational reference (is this intentional?): RFC 5226 (Obsoleted by RFC 8126) Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 HTTPbis Working Group R. Fielding, Ed. 3 Internet-Draft Adobe 4 Obsoletes: 2616 (if approved) M. Nottingham, Ed. 5 Intended status: Standards Track Akamai 6 Expires: August 10, 2014 J. Reschke, Ed. 7 greenbytes 8 February 6, 2014 10 Hypertext Transfer Protocol (HTTP/1.1): Caching 11 draft-ietf-httpbis-p6-cache-26 13 Abstract 15 The Hypertext Transfer Protocol (HTTP) is a stateless application- 16 level protocol for distributed, collaborative, hypertext information 17 systems. This document defines HTTP caches and the associated header 18 fields that control cache behavior or indicate cacheable response 19 messages. 21 Editorial Note (To be removed by RFC Editor) 23 Discussion of this draft takes place on the HTTPBIS working group 24 mailing list (ietf-http-wg@w3.org), which is archived at 25 . 27 The current issues list is at 28 and related 29 documents (including fancy diffs) can be found at 30 . 32 The changes in this draft are summarized in Appendix D.2. 34 Status of This Memo 36 This Internet-Draft is submitted in full conformance with the 37 provisions of BCP 78 and BCP 79. 39 Internet-Drafts are working documents of the Internet Engineering 40 Task Force (IETF). Note that other groups may also distribute 41 working documents as Internet-Drafts. The list of current Internet- 42 Drafts is at http://datatracker.ietf.org/drafts/current/. 44 Internet-Drafts are draft documents valid for a maximum of six months 45 and may be updated, replaced, or obsoleted by other documents at any 46 time. It is inappropriate to use Internet-Drafts as reference 47 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on August 10, 2014. 50 Copyright Notice 52 Copyright (c) 2014 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (http://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 This document may contain material from IETF Documents or IETF 66 Contributions published or made publicly available before November 67 10, 2008. The person(s) controlling the copyright in some of this 68 material may not have granted the IETF Trust the right to allow 69 modifications of such material outside the IETF Standards Process. 70 Without obtaining an adequate license from the person(s) controlling 71 the copyright in such materials, this document may not be modified 72 outside the IETF Standards Process, and derivative works of it may 73 not be created outside the IETF Standards Process, except to format 74 it for publication as an RFC or to translate it into languages other 75 than English. 77 Table of Contents 79 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 80 1.1. Conformance and Error Handling . . . . . . . . . . . . . . 4 81 1.2. Syntax Notation . . . . . . . . . . . . . . . . . . . . . 4 82 1.2.1. Delta Seconds . . . . . . . . . . . . . . . . . . . . 5 83 2. Overview of Cache Operation . . . . . . . . . . . . . . . . . 5 84 3. Storing Responses in Caches . . . . . . . . . . . . . . . . . 6 85 3.1. Storing Incomplete Responses . . . . . . . . . . . . . . . 7 86 3.2. Storing Responses to Authenticated Requests . . . . . . . 7 87 3.3. Combining Partial Content . . . . . . . . . . . . . . . . 8 88 4. Constructing Responses from Caches . . . . . . . . . . . . . . 8 89 4.1. Calculating Secondary Keys with Vary . . . . . . . . . . . 9 90 4.2. Freshness . . . . . . . . . . . . . . . . . . . . . . . . 10 91 4.2.1. Calculating Freshness Lifetime . . . . . . . . . . . . 12 92 4.2.2. Calculating Heuristic Freshness . . . . . . . . . . . 12 93 4.2.3. Calculating Age . . . . . . . . . . . . . . . . . . . 13 94 4.2.4. Serving Stale Responses . . . . . . . . . . . . . . . 15 95 4.3. Validation . . . . . . . . . . . . . . . . . . . . . . . . 15 96 4.3.1. Sending a Validation Request . . . . . . . . . . . . . 15 97 4.3.2. Handling a Received Validation Request . . . . . . . . 16 98 4.3.3. Handling a Validation Response . . . . . . . . . . . . 17 99 4.3.4. Freshening Stored Responses upon Validation . . . . . 18 100 4.3.5. Freshening Responses via HEAD . . . . . . . . . . . . 19 101 4.4. Invalidation . . . . . . . . . . . . . . . . . . . . . . . 19 102 5. Header Field Definitions . . . . . . . . . . . . . . . . . . . 20 103 5.1. Age . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 104 5.2. Cache-Control . . . . . . . . . . . . . . . . . . . . . . 21 105 5.2.1. Request Cache-Control Directives . . . . . . . . . . . 21 106 5.2.2. Response Cache-Control Directives . . . . . . . . . . 23 107 5.2.3. Cache Control Extensions . . . . . . . . . . . . . . . 26 108 5.3. Expires . . . . . . . . . . . . . . . . . . . . . . . . . 27 109 5.4. Pragma . . . . . . . . . . . . . . . . . . . . . . . . . . 28 110 5.5. Warning . . . . . . . . . . . . . . . . . . . . . . . . . 29 111 5.5.1. Warning: 110 - "Response is Stale" . . . . . . . . . . 30 112 5.5.2. Warning: 111 - "Revalidation Failed" . . . . . . . . . 31 113 5.5.3. Warning: 112 - "Disconnected Operation" . . . . . . . 31 114 5.5.4. Warning: 113 - "Heuristic Expiration" . . . . . . . . 31 115 5.5.5. Warning: 199 - "Miscellaneous Warning" . . . . . . . . 31 116 5.5.6. Warning: 214 - "Transformation Applied" . . . . . . . 31 117 5.5.7. Warning: 299 - "Miscellaneous Persistent Warning" . . 31 118 6. History Lists . . . . . . . . . . . . . . . . . . . . . . . . 31 119 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 120 7.1. Cache Directive Registry . . . . . . . . . . . . . . . . . 32 121 7.1.1. Procedure . . . . . . . . . . . . . . . . . . . . . . 32 122 7.1.2. Considerations for New Cache Control Directives . . . 32 123 7.1.3. Registrations . . . . . . . . . . . . . . . . . . . . 32 124 7.2. Warn Code Registry . . . . . . . . . . . . . . . . . . . . 33 125 7.2.1. Procedure . . . . . . . . . . . . . . . . . . . . . . 33 126 7.2.2. Registrations . . . . . . . . . . . . . . . . . . . . 33 127 7.3. Header Field Registration . . . . . . . . . . . . . . . . 34 128 8. Security Considerations . . . . . . . . . . . . . . . . . . . 34 129 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 35 130 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 35 131 10.1. Normative References . . . . . . . . . . . . . . . . . . . 35 132 10.2. Informative References . . . . . . . . . . . . . . . . . . 36 133 Appendix A. Changes from RFC 2616 . . . . . . . . . . . . . . . . 36 134 Appendix B. Imported ABNF . . . . . . . . . . . . . . . . . . . . 38 135 Appendix C. Collected ABNF . . . . . . . . . . . . . . . . . . . 38 136 Appendix D. Change Log (to be removed by RFC Editor before 137 publication) . . . . . . . . . . . . . . . . . . . . 39 138 D.1. Since draft-ietf-httpbis-p6-cache-24 . . . . . . . . . . . 40 139 D.2. Since draft-ietf-httpbis-p6-cache-25 . . . . . . . . . . . 40 140 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 142 1. Introduction 144 HTTP is typically used for distributed information systems, where 145 performance can be improved by the use of response caches. This 146 document defines aspects of HTTP/1.1 related to caching and reusing 147 response messages. 149 An HTTP cache is a local store of response messages and the subsystem 150 that controls storage, retrieval, and deletion of messages in it. A 151 cache stores cacheable responses in order to reduce the response time 152 and network bandwidth consumption on future, equivalent requests. 153 Any client or server MAY employ a cache, though a cache cannot be 154 used by a server that is acting as a tunnel. 156 A shared cache is a cache that stores responses to be reused by more 157 than one user; shared caches are usually (but not always) deployed as 158 a part of an intermediary. A private cache, in contrast, is 159 dedicated to a single user; often, they are deployed as a component 160 of a user agent. 162 The goal of caching in HTTP/1.1 is to significantly improve 163 performance by reusing a prior response message to satisfy a current 164 request. A stored response is considered "fresh", as defined in 165 Section 4.2, if the response can be reused without "validation" 166 (checking with the origin server to see if the cached response 167 remains valid for this request). A fresh response can therefore 168 reduce both latency and network overhead each time it is reused. 169 When a cached response is not fresh, it might still be reusable if it 170 can be freshened by validation (Section 4.3) or if the origin is 171 unavailable (Section 4.2.4). 173 1.1. Conformance and Error Handling 175 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 176 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 177 document are to be interpreted as described in [RFC2119]. 179 Conformance criteria and considerations regarding error handling are 180 defined in Section 2.5 of [Part1]. 182 1.2. Syntax Notation 184 This specification uses the Augmented Backus-Naur Form (ABNF) 185 notation of [RFC5234] with a list extension, defined in Section 7 of 186 [Part1], that allows for compact definition of comma-separated lists 187 using a '#' operator (similar to how the '*' operator indicates 188 repetition). Appendix B describes rules imported from other 189 documents. Appendix C shows the collected grammar with all list 190 operators expanded to standard ABNF notation. 192 1.2.1. Delta Seconds 194 The delta-seconds rule specifies a non-negative integer, representing 195 time in seconds. 197 delta-seconds = 1*DIGIT 199 A recipient parsing a delta-seconds value and converting it to binary 200 form ought to use an arithmetic type of at least 31 bits of non- 201 negative integer range. If a cache receives a delta-seconds value 202 greater than the greatest integer it can represent, or if any of its 203 subsequent calculations overflows, the cache MUST consider the value 204 to be either 2147483648 (2^31) or the greatest positive integer it 205 can conveniently represent. 207 Note: The value 2147483648 is here for historical reasons, 208 effectively represents infinity (over 68 years), and does not need 209 to be stored in binary form; an implementation could produce it as 210 a canned string if any overflow occurs, even if the calculations 211 are performed with an arithmetic type incapable of directly 212 representing that number. What matters here is that an overflow 213 be detected and not treated as a negative value in later 214 calculations. 216 2. Overview of Cache Operation 218 Proper cache operation preserves the semantics of HTTP transfers 219 ([Part2]) while eliminating the transfer of information already held 220 in the cache. Although caching is an entirely OPTIONAL feature of 221 HTTP, it can be assumed that reusing a cached response is desirable 222 and that such reuse is the default behavior when no requirement or 223 local configuration prevents it. Therefore, HTTP cache requirements 224 are focused on preventing a cache from either storing a non-reusable 225 response or reusing a stored response inappropriately, rather than 226 mandating that caches always store and reuse particular responses. 228 Each cache entry consists of a cache key and one or more HTTP 229 responses corresponding to prior requests that used the same key. 230 The most common form of cache entry is a successful result of a 231 retrieval request: i.e., a 200 (OK) response to a GET request, which 232 contains a representation of the resource identified by the request 233 target (Section 4.3.1 of [Part2]). However, it is also possible to 234 cache permanent redirects, negative results (e.g., 404 (Not Found)), 235 incomplete results (e.g., 206 (Partial Content)), and responses to 236 methods other than GET if the method's definition allows such caching 237 and defines something suitable for use as a cache key. 239 The primary cache key consists of the request method and target URI. 240 However, since HTTP caches in common use today are typically limited 241 to caching responses to GET, many caches simply decline other methods 242 and use only the URI as the primary cache key. 244 If a request target is subject to content negotiation, its cache 245 entry might consist of multiple stored responses, each differentiated 246 by a secondary key for the values of the original request's selecting 247 header fields (Section 4.1). 249 3. Storing Responses in Caches 251 A cache MUST NOT store a response to any request, unless: 253 o The request method is understood by the cache and defined as being 254 cacheable, and 256 o the response status code is understood by the cache, and 258 o the "no-store" cache directive (see Section 5.2) does not appear 259 in request or response header fields, and 261 o the "private" response directive (see Section 5.2.2.6) does not 262 appear in the response, if the cache is shared, and 264 o the Authorization header field (see Section 4.2 of [Part7]) does 265 not appear in the request, if the cache is shared, unless the 266 response explicitly allows it (see Section 3.2), and 268 o the response either: 270 * contains an Expires header field (see Section 5.3), or 272 * contains a max-age response directive (see Section 5.2.2.8), or 274 * contains a s-maxage response directive (see Section 5.2.2.9) 275 and the cache is shared, or 277 * contains a Cache Control Extension (see Section 5.2.3) that 278 allows it to be cached, or 280 * has a status code that is defined as cacheable by default (see 281 Section 4.2.2), or 283 * contains a public response directive (see Section 5.2.2.5). 285 Note that any of the requirements listed above can be overridden by a 286 cache-control extension; see Section 5.2.3. 288 In this context, a cache has "understood" a request method or a 289 response status code if it recognizes it and implements all specified 290 caching-related behavior. 292 Note that, in normal operation, some caches will not store a response 293 that has neither a cache validator nor an explicit expiration time, 294 as such responses are not usually useful to store. However, caches 295 are not prohibited from storing such responses. 297 3.1. Storing Incomplete Responses 299 A response message is considered complete when all of the octets 300 indicated by the message framing ([Part1]) are received prior to the 301 connection being closed. If the request method is GET, the response 302 status code is 200 (OK), and the entire response header section has 303 been received, a cache MAY store an incomplete response message body 304 if the cache entry is recorded as incomplete. Likewise, a 206 305 (Partial Content) response MAY be stored as if it were an incomplete 306 200 (OK) cache entry. However, a cache MUST NOT store incomplete or 307 partial content responses if it does not support the Range and 308 Content-Range header fields or if it does not understand the range 309 units used in those fields. 311 A cache MAY complete a stored incomplete response by making a 312 subsequent range request ([Part5]) and combining the successful 313 response with the stored entry, as defined in Section 3.3. A cache 314 MUST NOT use an incomplete response to answer requests unless the 315 response has been made complete or the request is partial and 316 specifies a range that is wholly within the incomplete response. A 317 cache MUST NOT send a partial response to a client without explicitly 318 marking it as such using the 206 (Partial Content) status code. 320 3.2. Storing Responses to Authenticated Requests 322 A shared cache MUST NOT use a cached response to a request with an 323 Authorization header field (Section 4.2 of [Part7]) to satisfy any 324 subsequent request unless a cache directive that allows such 325 responses to be stored is present in the response. 327 In this specification, the following Cache-Control response 328 directives (Section 5.2.2) have such an effect: must-revalidate, 329 public, s-maxage. 331 Note that cached responses that contain the "must-revalidate" and/or 332 "s-maxage" response directives are not allowed to be served stale 333 (Section 4.2.4) by shared caches. In particular, a response with 334 either "max-age=0, must-revalidate" or "s-maxage=0" cannot be used to 335 satisfy a subsequent request without revalidating it on the origin 336 server. 338 3.3. Combining Partial Content 340 A response might transfer only a partial representation if the 341 connection closed prematurely or if the request used one or more 342 Range specifiers ([Part5]). After several such transfers, a cache 343 might have received several ranges of the same representation. A 344 cache MAY combine these ranges into a single stored response, and 345 reuse that response to satisfy later requests, if they all share the 346 same strong validator and the cache complies with the client 347 requirements in Section 4.3 of [Part5]. 349 When combining the new response with one or more stored responses, a 350 cache MUST: 352 o delete any Warning header fields in the stored response with warn- 353 code 1xx (see Section 5.5); 355 o retain any Warning header fields in the stored response with warn- 356 code 2xx; and, 358 o use other header fields provided in the new response, aside from 359 Content-Range, to replace all instances of the corresponding 360 header fields in the stored response. 362 4. Constructing Responses from Caches 364 When presented with a request, a cache MUST NOT reuse a stored 365 response, unless: 367 o The presented effective request URI (Section 5.5 of [Part1]) and 368 that of the stored response match, and 370 o the request method associated with the stored response allows it 371 to be used for the presented request, and 373 o selecting header fields nominated by the stored response (if any) 374 match those presented (see Section 4.1), and 376 o the presented request does not contain the no-cache pragma 377 (Section 5.4), nor the no-cache cache directive (Section 5.2.1), 378 unless the stored response is successfully validated 379 (Section 4.3), and 381 o the stored response does not contain the no-cache cache directive 382 (Section 5.2.2.2), unless it is successfully validated 383 (Section 4.3), and 385 o the stored response is either: 387 * fresh (see Section 4.2), or 389 * allowed to be served stale (see Section 4.2.4), or 391 * successfully validated (see Section 4.3). 393 Note that any of the requirements listed above can be overridden by a 394 cache-control extension; see Section 5.2.3. 396 When a stored response is used to satisfy a request without 397 validation, a cache MUST generate an Age header field (Section 5.1), 398 replacing any present in the response with a value equal to the 399 stored response's current_age; see Section 4.2.3. 401 A cache MUST write through requests with methods that are unsafe 402 (Section 4.2.1 of [Part2]) to the origin server; i.e., a cache is not 403 allowed to generate a reply to such a request before having forwarded 404 the request and having received a corresponding response. 406 Also, note that unsafe requests might invalidate already stored 407 responses; see Section 4.4. 409 When more than one suitable response is stored, a cache MUST use the 410 most recent response (as determined by the Date header field). It 411 can also forward the request with "Cache-Control: max-age=0" or 412 "Cache-Control: no-cache" to disambiguate which response to use. 414 A cache that does not have a clock available MUST NOT use stored 415 responses without revalidating them upon every use. 417 4.1. Calculating Secondary Keys with Vary 419 When a cache receives a request that can be satisfied by a stored 420 response that has a Vary header field (Section 7.1.4 of [Part2]), it 421 MUST NOT use that response unless all of the selecting header fields 422 nominated by the Vary header field match in both the original request 423 (i.e., that associated with the stored response), and the presented 424 request. 426 The selecting header fields from two requests are defined to match if 427 and only if those in the first request can be transformed to those in 428 the second request by applying any of the following: 430 o adding or removing whitespace, where allowed in the header field's 431 syntax 433 o combining multiple header fields with the same field name (see 434 Section 3.2 of [Part1]) 436 o normalizing both header field values in a way that is known to 437 have identical semantics, according to the header field's 438 specification (e.g., re-ordering field values when order is not 439 significant; case-normalization, where values are defined to be 440 case-insensitive) 442 If (after any normalization that might take place) a header field is 443 absent from a request, it can only match another request if it is 444 also absent there. 446 A Vary header field-value of "*" always fails to match. 448 The stored response with matching selecting header fields is known as 449 the selected response. 451 If multiple selected responses are available (potentially including 452 responses without a Vary header field), the cache will need to choose 453 one to use. When a selecting header field has a known mechanism for 454 doing so (e.g., qvalues on Accept and similar request header fields), 455 that mechanism MAY be used to select preferred responses; of the 456 remainder, the most recent response (as determined by the Date header 457 field) is used, as per Section 4. 459 If no selected response is available, the cache cannot satisfy the 460 presented request. Typically, it is forwarded to the origin server 461 in a (possibly conditional; see Section 4.3) request. 463 4.2. Freshness 465 A fresh response is one whose age has not yet exceeded its freshness 466 lifetime. Conversely, a stale response is one where it has. 468 A response's freshness lifetime is the length of time between its 469 generation by the origin server and its expiration time. An explicit 470 expiration time is the time at which the origin server intends that a 471 stored response can no longer be used by a cache without further 472 validation, whereas a heuristic expiration time is assigned by a 473 cache when no explicit expiration time is available. 475 A response's age is the time that has passed since it was generated 476 by, or successfully validated with, the origin server. 478 When a response is "fresh" in the cache, it can be used to satisfy 479 subsequent requests without contacting the origin server, thereby 480 improving efficiency. 482 The primary mechanism for determining freshness is for an origin 483 server to provide an explicit expiration time in the future, using 484 either the Expires header field (Section 5.3) or the max-age response 485 directive (Section 5.2.2.8). Generally, origin servers will assign 486 future explicit expiration times to responses in the belief that the 487 representation is not likely to change in a semantically significant 488 way before the expiration time is reached. 490 If an origin server wishes to force a cache to validate every 491 request, it can assign an explicit expiration time in the past to 492 indicate that the response is already stale. Compliant caches will 493 normally validate a stale cached response before reusing it for 494 subsequent requests (see Section 4.2.4). 496 Since origin servers do not always provide explicit expiration times, 497 caches are also allowed to use a heuristic to determine an expiration 498 time under certain circumstances (see Section 4.2.2). 500 The calculation to determine if a response is fresh is: 502 response_is_fresh = (freshness_lifetime > current_age) 504 freshness_lifetime is defined in Section 4.2.1; current_age is 505 defined in Section 4.2.3. 507 Clients can send the max-age or min-fresh cache directives in a 508 request to constrain or relax freshness calculations for the 509 corresponding response (Section 5.2.1). 511 When calculating freshness, to avoid common problems in date parsing: 513 o Although all date formats are specified to be case-sensitive, a 514 cache recipient SHOULD match day, week, and timezone names case- 515 insensitively. 517 o If a cache recipient's internal implementation of time has less 518 resolution than the value of an HTTP-date, the recipient MUST 519 internally represent a parsed Expires date as the nearest time 520 equal to or earlier than the received value. 522 o A cache recipient MUST NOT allow local time zones to influence the 523 calculation or comparison of an age or expiration time. 525 o A cache recipient SHOULD consider a date with a zone abbreviation 526 other than GMT or UTC to be invalid for calculating expiration. 528 Note that freshness applies only to cache operation; it cannot be 529 used to force a user agent to refresh its display or reload a 530 resource. See Section 6 for an explanation of the difference between 531 caches and history mechanisms. 533 4.2.1. Calculating Freshness Lifetime 535 A cache can calculate the freshness lifetime (denoted as 536 freshness_lifetime) of a response by using the first match of: 538 o If the cache is shared and the s-maxage response directive 539 (Section 5.2.2.9) is present, use its value, or 541 o If the max-age response directive (Section 5.2.2.8) is present, 542 use its value, or 544 o If the Expires response header field (Section 5.3) is present, use 545 its value minus the value of the Date response header field, or 547 o Otherwise, no explicit expiration time is present in the response. 548 A heuristic freshness lifetime might be applicable; see 549 Section 4.2.2. 551 Note that this calculation is not vulnerable to clock skew, since all 552 of the information comes from the origin server. 554 When there is more than one value present for a given directive 555 (e.g., two Expires header fields, multiple Cache-Control: max-age 556 directives), the directive's value is considered invalid. Caches are 557 encouraged to consider responses that have invalid freshness 558 information to be stale. 560 4.2.2. Calculating Heuristic Freshness 562 Since origin servers do not always provide explicit expiration times, 563 a cache MAY assign a heuristic expiration time when an explicit time 564 is not specified, employing algorithms that use other header field 565 values (such as the Last-Modified time) to estimate a plausible 566 expiration time. This specification does not provide specific 567 algorithms, but does impose worst-case constraints on their results. 569 A cache MUST NOT use heuristics to determine freshness when an 570 explicit expiration time is present in the stored response. Because 571 of the requirements in Section 3, this means that, effectively, 572 heuristics can only be used on responses without explicit freshness 573 whose status codes are defined as cacheable by default (see Section 574 6.1 of [Part2]), and those responses without explicit freshness that 575 have been marked as explicitly cacheable (e.g., with a "public" 576 response directive). 578 If the response has a Last-Modified header field (Section 2.2 of 579 [Part4]), caches are encouraged to use a heuristic expiration value 580 that is no more than some fraction of the interval since that time. 581 A typical setting of this fraction might be 10%. 583 When a heuristic is used to calculate freshness lifetime, a cache 584 SHOULD generate a Warning header field with a 113 warn-code (see 585 Section 5.5.4) in the response if its current_age is more than 24 586 hours and such a warning is not already present. 588 Note: Section 13.9 of [RFC2616] prohibited caches from calculating 589 heuristic freshness for URIs with query components (i.e., those 590 containing '?'). In practice, this has not been widely 591 implemented. Therefore, origin servers are encouraged to send 592 explicit directives (e.g., Cache-Control: no-cache) if they wish 593 to preclude caching. 595 4.2.3. Calculating Age 597 The Age header field is used to convey an estimated age of the 598 response message when obtained from a cache. The Age field value is 599 the cache's estimate of the number of seconds since the response was 600 generated or validated by the origin server. In essence, the Age 601 value is the sum of the time that the response has been resident in 602 each of the caches along the path from the origin server, plus the 603 amount of time it has been in transit along network paths. 605 The following data is used for the age calculation: 607 age_value 609 The term "age_value" denotes the value of the Age header field 610 (Section 5.1), in a form appropriate for arithmetic operation; or 611 0, if not available. 613 date_value 615 The term "date_value" denotes the value of the Date header field, 616 in a form appropriate for arithmetic operations. See Section 617 7.1.1.2 of [Part2] for the definition of the Date header field, 618 and for requirements regarding responses without it. 620 now 622 The term "now" means "the current value of the clock at the host 623 performing the calculation". A host ought to use NTP ([RFC5905]) 624 or some similar protocol to synchronize its clocks to Coordinated 625 Universal Time. 627 request_time 629 The current value of the clock at the host at the time the request 630 resulting in the stored response was made. 632 response_time 634 The current value of the clock at the host at the time the 635 response was received. 637 A response's age can be calculated in two entirely independent ways: 639 1. the "apparent_age": response_time minus date_value, if the local 640 clock is reasonably well synchronized to the origin server's 641 clock. If the result is negative, the result is replaced by 642 zero. 644 2. the "corrected_age_value", if all of the caches along the 645 response path implement HTTP/1.1. A cache MUST interpret this 646 value relative to the time the request was initiated, not the 647 time that the response was received. 649 apparent_age = max(0, response_time - date_value); 651 response_delay = response_time - request_time; 652 corrected_age_value = age_value + response_delay; 654 These are combined as 656 corrected_initial_age = max(apparent_age, corrected_age_value); 658 unless the cache is confident in the value of the Age header field 659 (e.g., because there are no HTTP/1.0 hops in the Via header field), 660 in which case the corrected_age_value MAY be used as the 661 corrected_initial_age. 663 The current_age of a stored response can then be calculated by adding 664 the amount of time (in seconds) since the stored response was last 665 validated by the origin server to the corrected_initial_age. 667 resident_time = now - response_time; 668 current_age = corrected_initial_age + resident_time; 670 4.2.4. Serving Stale Responses 672 A "stale" response is one that either has explicit expiry information 673 or is allowed to have heuristic expiry calculated, but is not fresh 674 according to the calculations in Section 4.2. 676 A cache MUST NOT generate a stale response if it is prohibited by an 677 explicit in-protocol directive (e.g., by a "no-store" or "no-cache" 678 cache directive, a "must-revalidate" cache-response-directive, or an 679 applicable "s-maxage" or "proxy-revalidate" cache-response-directive; 680 see Section 5.2.2). 682 A cache MUST NOT send stale responses unless it is disconnected 683 (i.e., it cannot contact the origin server or otherwise find a 684 forward path) or doing so is explicitly allowed (e.g., by the max- 685 stale request directive; see Section 5.2.1). 687 A cache SHOULD generate a Warning header field with the 110 warn-code 688 (see Section 5.5.1) in stale responses. Likewise, a cache SHOULD 689 generate a 112 warn-code (see Section 5.5.3) in stale responses if 690 the cache is disconnected. 692 A cache SHOULD NOT generate a new Warning header field when 693 forwarding a response that does not have an Age header field, even if 694 the response is already stale. A cache need not validate a response 695 that merely became stale in transit. 697 4.3. Validation 699 When a cache has one or more stored responses for a requested URI, 700 but cannot serve any of them (e.g., because they are not fresh, or 701 one cannot be selected; see Section 4.1), it can use the conditional 702 request mechanism [Part4] in the forwarded request to give the next 703 inbound server an opportunity to select a valid stored response to 704 use, updating the stored metadata in the process, or to replace the 705 stored response(s) with a new response. This process is known as 706 "validating" or "revalidating" the stored response. 708 4.3.1. Sending a Validation Request 710 When sending a conditional request for cache validation, a cache 711 sends one or more precondition header fields containing validator 712 metadata from its stored response(s), which is then compared by 713 recipients to determine whether a stored response is equivalent to a 714 current representation of the resource. 716 One such validator is the timestamp given in a Last-Modified header 717 field (Section 2.2 of [Part4]), which can be used in an If-Modified- 718 Since header field for response validation, or in an If-Unmodified- 719 Since or If-Range header field for representation selection (i.e., 720 the client is referring specifically to a previously obtained 721 representation with that timestamp). 723 Another validator is the entity-tag given in an ETag header field 724 (Section 2.3 of [Part4]). One or more entity-tags, indicating one or 725 more stored responses, can be used in an If-None-Match header field 726 for response validation, or in an If-Match or If-Range header field 727 for representation selection (i.e., the client is referring 728 specifically to one or more previously obtained representations with 729 the listed entity-tags). 731 4.3.2. Handling a Received Validation Request 733 Each client in the request chain may have its own cache, so it is 734 common for a cache at an intermediary to receive conditional requests 735 from other (outbound) caches. Likewise, some user agents make use of 736 conditional requests to limit data transfers to recently modified 737 representations or to complete the transfer of a partially retrieved 738 representation. 740 If a cache receives a request that can be satisfied by reusing one of 741 its stored 200 (OK) or 206 (Partial Content) responses, the cache 742 SHOULD evaluate any applicable conditional header field preconditions 743 received in that request with respect to the corresponding validators 744 contained within the selected response. A cache MUST NOT evaluate 745 conditional header fields that are only applicable to an origin 746 server, found in a request with semantics that cannot be satisfied 747 with a cached response, or applied to a target resource for which it 748 has no stored responses; such preconditions are likely intended for 749 some other (inbound) server. 751 The proper evaluation of conditional requests by a cache depends on 752 the received precondition header fields and their precedence, as 753 defined in Section 6 of [Part4]. The If-Match and If-Unmodified- 754 Since conditional header fields are not applicable to a cache. 756 A request containing an If-None-Match header field (Section 3.2 of 757 [Part4]) indicates that the client wants to validate one or more of 758 its own stored responses in comparison to whichever stored response 759 is selected by the cache. If the field-value is "*", or if the 760 field-value is a list of entity-tags and at least one of them match 761 the entity-tag of the selected stored response, a cache recipient 762 SHOULD generate a 304 (Not Modified) response (using the metadata of 763 the selected stored response) instead of sending that stored 764 response. 766 When a cache decides to revalidate its own stored responses for a 767 request that contains an If-None-Match list of entity-tags, the cache 768 MAY combine the received list with a list of entity-tags from its own 769 stored set of responses (fresh or stale) and send the union of the 770 two lists as a replacement If-None-Match header field value in the 771 forwarded request. If a stored response contains only partial 772 content, the cache MUST NOT include its entity-tag in the union 773 unless the request is for a range that would be fully satisfied by 774 that partial stored response. If the response to the forwarded 775 request is 304 (Not Modified) and has an ETag header field value with 776 an entity-tag that is not in the client's list, the cache MUST 777 generate a 200 (OK) response for the client by reusing its 778 corresponding stored response, as updated by the 304 response 779 metadata (Section 4.3.4). 781 If an If-None-Match header field is not present, a request containing 782 an If-Modified-Since header field (Section 3.3 of [Part4]) indicates 783 that the client wants to validate one or more of its own stored 784 responses by modification date. A cache recipient SHOULD generate a 785 304 (Not Modified) response (using the metadata of the selected 786 stored response) if one of the following cases is true: 1) the 787 selected stored response has a Last-Modified field-value that is 788 earlier than or equal to the conditional timestamp; 2) no Last- 789 Modified field is present in the selected stored response, but it has 790 a Date field-value that is earlier than or equal to the conditional 791 timestamp; or, 3) neither Last-Modified nor Date is present in the 792 selected stored response, but the cache recorded it as having been 793 received at a time earlier than or equal to the conditional 794 timestamp. 796 A cache that implements partial responses to range requests, as 797 defined in [Part5], also needs to evaluate a received If-Range header 798 field (Section 3.2 of [Part5]) with respect to its selected stored 799 response. 801 4.3.3. Handling a Validation Response 803 Cache handling of a response to a conditional request is dependent 804 upon its status code: 806 o A 304 (Not Modified) response status code indicates that the 807 stored response can be updated and reused; see Section 4.3.4. 809 o A full response (i.e., one with a payload body) indicates that 810 none of the stored responses nominated in the conditional request 811 is suitable. Instead, the cache MUST use the full response to 812 satisfy the request and MAY replace the stored response(s). 814 o However, if a cache receives a 5xx (Server Error) response while 815 attempting to validate a response, it can either forward this 816 response to the requesting client, or act as if the server failed 817 to respond. In the latter case, the cache MAY send a previously 818 stored response (see Section 4.2.4). 820 4.3.4. Freshening Stored Responses upon Validation 822 When a cache receives a 304 (Not Modified) response and already has 823 one or more stored 200 (OK) responses for the same cache key, the 824 cache needs to identify which of the stored responses are updated by 825 this new response and then update the stored response(s) with the new 826 information provided in the 304 response. 828 The stored response to update is identified by using the first match 829 (if any) of: 831 o If the new response contains a strong validator (see Section 2.1 832 of [Part4]), then that strong validator identifies the selected 833 representation for update. All of the stored responses with the 834 same strong validator are selected. If none of the stored 835 responses contain the same strong validator, then the cache MUST 836 NOT use the new response to update any stored responses. 838 o If the new response contains a weak validator and that validator 839 corresponds to one of the cache's stored responses, then the most 840 recent of those matching stored responses is selected for update. 842 o If the new response does not include any form of validator (such 843 as in the case where a client generates an If-Modified-Since 844 request from a source other than the Last-Modified response header 845 field), and there is only one stored response, and that stored 846 response also lacks a validator, then that stored response is 847 selected for update. 849 If a stored response is selected for update, the cache MUST: 851 o delete any Warning header fields in the stored response with warn- 852 code 1xx (see Section 5.5); 854 o retain any Warning header fields in the stored response with warn- 855 code 2xx; and, 857 o use other header fields provided in the 304 (Not Modified) 858 response to replace all instances of the corresponding header 859 fields in the stored response. 861 4.3.5. Freshening Responses via HEAD 863 A response to the HEAD method is identical to what an equivalent 864 request made with a GET would have been, except it lacks a body. 865 This property of HEAD responses can be used to invalidate or update a 866 cached GET response if the more efficient conditional GET request 867 mechanism is not available (due to no validators being present in the 868 stored response) or if transmission of the representation body is not 869 desired even if it has changed. 871 When a cache makes an inbound HEAD request for a given request target 872 and receives a 200 (OK) response, the cache SHOULD update or 873 invalidate each of its stored GET responses that could have been 874 selected for that request (see Section 4.1). 876 For each of the stored responses that could have been selected, if 877 the stored response and HEAD response have matching values for any 878 received validator fields (ETag and Last-Modified) and, if the HEAD 879 response has a Content-Length header field, the value of Content- 880 Length matches that of the stored response, the cache SHOULD update 881 the stored response as described below; otherwise, the cache SHOULD 882 consider the stored response to be stale. 884 If a cache updates a stored response with the metadata provided in a 885 HEAD response, the cache MUST: 887 o delete any Warning header fields in the stored response with warn- 888 code 1xx (see Section 5.5); 890 o retain any Warning header fields in the stored response with warn- 891 code 2xx; and, 893 o use other header fields provided in the HEAD response to replace 894 all instances of the corresponding header fields in the stored 895 response and append new header fields to the stored response's 896 header section unless otherwise restricted by the Cache-Control 897 header field. 899 4.4. Invalidation 901 Because unsafe request methods (Section 4.2.1 of [Part2]) such as 902 PUT, POST or DELETE have the potential for changing state on the 903 origin server, intervening caches can use them to keep their contents 904 up-to-date. 906 A cache MUST invalidate the effective Request URI (Section 5.5 of 907 [Part1]) as well as the URI(s) in the Location and Content-Location 908 response header fields (if present) when a non-error status code is 909 received in response to an unsafe request method. 911 However, a cache MUST NOT invalidate a URI from a Location or 912 Content-Location response header field if the host part of that URI 913 differs from the host part in the effective request URI (Section 5.5 914 of [Part1]). This helps prevent denial of service attacks. 916 A cache MUST invalidate the effective request URI (Section 5.5 of 917 [Part1]) when it receives a non-error response to a request with a 918 method whose safety is unknown. 920 Here, a "non-error response" is one with a 2xx (Successful) or 3xx 921 (Redirection) status code. "Invalidate" means that the cache will 922 either remove all stored responses related to the effective request 923 URI, or will mark these as "invalid" and in need of a mandatory 924 validation before they can be sent in response to a subsequent 925 request. 927 Note that this does not guarantee that all appropriate responses are 928 invalidated. For example, a state-changing request might invalidate 929 responses in the caches it travels through, but relevant responses 930 still might be stored in other caches that it has not. 932 5. Header Field Definitions 934 This section defines the syntax and semantics of HTTP/1.1 header 935 fields related to caching. 937 5.1. Age 939 The "Age" header field conveys the sender's estimate of the amount of 940 time since the response was generated or successfully validated at 941 the origin server. Age values are calculated as specified in 942 Section 4.2.3. 944 Age = delta-seconds 946 The Age field-value is a non-negative integer, representing time in 947 seconds (see Section 1.2.1). 949 The presence of an Age header field implies that the response was not 950 generated or validated by the origin server for this request. 951 However, lack of an Age header field does not imply the origin was 952 contacted, since the response might have been received from an 953 HTTP/1.0 cache that does not implement Age. 955 5.2. Cache-Control 957 The "Cache-Control" header field is used to specify directives for 958 caches along the request/response chain. Such cache directives are 959 unidirectional in that the presence of a directive in a request does 960 not imply that the same directive is to be given in the response. 962 A cache MUST obey the requirements of the Cache-Control directives 963 defined in this section. See Section 5.2.3 for information about how 964 Cache-Control directives defined elsewhere are handled. 966 Note: Some HTTP/1.0 caches might not implement Cache-Control. 968 A proxy, whether or not it implements a cache, MUST pass cache 969 directives through in forwarded messages, regardless of their 970 significance to that application, since the directives might be 971 applicable to all recipients along the request/response chain. It is 972 not possible to target a directive to a specific cache. 974 Cache directives are identified by a token, to be compared case- 975 insensitively, and have an optional argument, that can use both token 976 and quoted-string syntax. For the directives defined below that 977 define arguments, recipients ought to accept both forms, even if one 978 is documented to be preferred. For any directive not defined by this 979 specification, a recipient MUST accept both forms. 981 Cache-Control = 1#cache-directive 983 cache-directive = token [ "=" ( token / quoted-string ) ] 985 For the cache directives defined below, no argument is defined (nor 986 allowed) unless stated otherwise. 988 5.2.1. Request Cache-Control Directives 990 5.2.1.1. max-age 992 Argument syntax: 994 delta-seconds (see Section 1.2.1) 996 The "max-age" request directive indicates that the client is 997 unwilling to accept a response whose age is greater than the 998 specified number of seconds. Unless the max-stale request directive 999 is also present, the client is not willing to accept a stale 1000 response. 1002 This directive uses the token form of the argument syntax; e.g., 1003 'max-age=5', not 'max-age="5"'. A sender SHOULD NOT generate the 1004 quoted-string form. 1006 5.2.1.2. max-stale 1008 Argument syntax: 1010 delta-seconds (see Section 1.2.1) 1012 The "max-stale" request directive indicates that the client is 1013 willing to accept a response that has exceeded its freshness 1014 lifetime. If max-stale is assigned a value, then the client is 1015 willing to accept a response that has exceeded its freshness lifetime 1016 by no more than the specified number of seconds. If no value is 1017 assigned to max-stale, then the client is willing to accept a stale 1018 response of any age. 1020 This directive uses the token form of the argument syntax; e.g., 1021 'max-stale=10', not 'max-stale="10"'. A sender SHOULD NOT generate 1022 the quoted-string form. 1024 5.2.1.3. min-fresh 1026 Argument syntax: 1028 delta-seconds (see Section 1.2.1) 1030 The "min-fresh" request directive indicates that the client is 1031 willing to accept a response whose freshness lifetime is no less than 1032 its current age plus the specified time in seconds. That is, the 1033 client wants a response that will still be fresh for at least the 1034 specified number of seconds. 1036 This directive uses the token form of the argument syntax; e.g., 1037 'min-fresh=20', not 'min-fresh="20"'. A sender SHOULD NOT generate 1038 the quoted-string form. 1040 5.2.1.4. no-cache 1042 The "no-cache" request directive indicates that a cache MUST NOT use 1043 a stored response to satisfy the request without successful 1044 validation on the origin server. 1046 5.2.1.5. no-store 1048 The "no-store" request directive indicates that a cache MUST NOT 1049 store any part of either this request or any response to it. This 1050 directive applies to both private and shared caches. "MUST NOT 1051 store" in this context means that the cache MUST NOT intentionally 1052 store the information in non-volatile storage, and MUST make a best- 1053 effort attempt to remove the information from volatile storage as 1054 promptly as possible after forwarding it. 1056 This directive is NOT a reliable or sufficient mechanism for ensuring 1057 privacy. In particular, malicious or compromised caches might not 1058 recognize or obey this directive, and communications networks might 1059 be vulnerable to eavesdropping. 1061 Note that if a request containing this directive is satisfied from a 1062 cache, the no-store request directive does not apply to the already 1063 stored response. 1065 5.2.1.6. no-transform 1067 The "no-transform" request directive indicates that an intermediary 1068 (whether or not it implements a cache) MUST NOT transform the 1069 payload, as defined in Section 5.7.2 of [Part1]. 1071 5.2.1.7. only-if-cached 1073 The "only-if-cached" request directive indicates that the client only 1074 wishes to obtain a stored response. If it receives this directive, a 1075 cache SHOULD either respond using a stored response that is 1076 consistent with the other constraints of the request, or respond with 1077 a 504 (Gateway Timeout) status code. If a group of caches is being 1078 operated as a unified system with good internal connectivity, a 1079 member cache MAY forward such a request within that group of caches. 1081 5.2.2. Response Cache-Control Directives 1083 5.2.2.1. must-revalidate 1085 The "must-revalidate" response directive indicates that once it has 1086 become stale, a cache MUST NOT use the response to satisfy subsequent 1087 requests without successful validation on the origin server. 1089 The must-revalidate directive is necessary to support reliable 1090 operation for certain protocol features. In all circumstances a 1091 cache MUST obey the must-revalidate directive; in particular, if a 1092 cache cannot reach the origin server for any reason, it MUST generate 1093 a 504 (Gateway Timeout) response. 1095 The must-revalidate directive ought to be used by servers if and only 1096 if failure to validate a request on the representation could result 1097 in incorrect operation, such as a silently unexecuted financial 1098 transaction. 1100 5.2.2.2. no-cache 1102 Argument syntax: 1104 #field-name 1106 The "no-cache" response directive indicates that the response MUST 1107 NOT be used to satisfy a subsequent request without successful 1108 validation on the origin server. This allows an origin server to 1109 prevent a cache from using it to satisfy a request without contacting 1110 it, even by caches that have been configured to send stale responses. 1112 If the no-cache response directive specifies one or more field-names, 1113 then a cache MAY use the response to satisfy a subsequent request, 1114 subject to any other restrictions on caching. However, any header 1115 fields in the response that have the field-name(s) listed MUST NOT be 1116 sent in the response to a subsequent request without successful 1117 revalidation with the origin server. This allows an origin server to 1118 prevent the re-use of certain header fields in a response, while 1119 still allowing caching of the rest of the response. 1121 The field-names given are not limited to the set of header fields 1122 defined by this specification. Field names are case-insensitive. 1124 This directive uses the quoted-string form of the argument syntax. A 1125 sender SHOULD NOT generate the token form (even if quoting appears 1126 not to be needed for single-entry lists). 1128 Note: Although it has been back-ported to many implementations, some 1129 HTTP/1.0 caches will not recognize or obey this directive. Also, no- 1130 cache response directives with field-names are often handled by 1131 caches as if an unqualified no-cache directive was received; i.e., 1132 the special handling for the qualified form is not widely 1133 implemented. 1135 5.2.2.3. no-store 1137 The "no-store" response directive indicates that a cache MUST NOT 1138 store any part of either the immediate request or response. This 1139 directive applies to both private and shared caches. "MUST NOT 1140 store" in this context means that the cache MUST NOT intentionally 1141 store the information in non-volatile storage, and MUST make a best- 1142 effort attempt to remove the information from volatile storage as 1143 promptly as possible after forwarding it. 1145 This directive is NOT a reliable or sufficient mechanism for ensuring 1146 privacy. In particular, malicious or compromised caches might not 1147 recognize or obey this directive, and communications networks might 1148 be vulnerable to eavesdropping. 1150 5.2.2.4. no-transform 1152 The "no-transform" response directive indicates that an intermediary 1153 (regardless of whether it implements a cache) MUST NOT transform the 1154 payload, as defined in Section 5.7.2 of [Part1]. 1156 5.2.2.5. public 1158 The "public" response directive indicates that any cache MAY store 1159 the response, even if the response would normally be non-cacheable or 1160 cacheable only within a private cache. (See Section 3.2 for 1161 additional details related to the use of public in response to a 1162 request containing Authorization, and Section 3 for details of how 1163 public affects responses that would normally not be stored, due to 1164 their status codes not being defined as cacheable by default; see 1165 Section 4.2.2.) 1167 5.2.2.6. private 1169 Argument syntax: 1171 #field-name 1173 The "private" response directive indicates that the response message 1174 is intended for a single user and MUST NOT be stored by a shared 1175 cache. A private cache MAY store the response and reuse it for later 1176 requests, even if the response would normally be non-cacheable. 1178 If the private response directive specifies one or more field-names, 1179 this requirement is limited to the field-values associated with the 1180 listed response header fields. That is, a shared cache MUST NOT 1181 store the specified field-names(s), whereas it MAY store the 1182 remainder of the response message. 1184 The field-names given are not limited to the set of header fields 1185 defined by this specification. Field names are case-insensitive. 1187 This directive uses the quoted-string form of the argument syntax. A 1188 sender SHOULD NOT generate the token form (even if quoting appears 1189 not to be needed for single-entry lists). 1191 Note: This usage of the word "private" only controls where the 1192 response can be stored; it cannot ensure the privacy of the message 1193 content. Also, private response directives with field-names are 1194 often handled by caches as if an unqualified private directive was 1195 received; i.e., the special handling for the qualified form is not 1196 widely implemented. 1198 5.2.2.7. proxy-revalidate 1200 The "proxy-revalidate" response directive has the same meaning as the 1201 must-revalidate response directive, except that it does not apply to 1202 private caches. 1204 5.2.2.8. max-age 1206 Argument syntax: 1208 delta-seconds (see Section 1.2.1) 1210 The "max-age" response directive indicates that the response is to be 1211 considered stale after its age is greater than the specified number 1212 of seconds. 1214 This directive uses the token form of the argument syntax; e.g., 1215 'max-age=5', not 'max-age="5"'. A sender SHOULD NOT generate the 1216 quoted-string form. 1218 5.2.2.9. s-maxage 1220 Argument syntax: 1222 delta-seconds (see Section 1.2.1) 1224 The "s-maxage" response directive indicates that, in shared caches, 1225 the maximum age specified by this directive overrides the maximum age 1226 specified by either the max-age directive or the Expires header 1227 field. The s-maxage directive also implies the semantics of the 1228 proxy-revalidate response directive. 1230 This directive uses the token form of the argument syntax; e.g., 1231 's-maxage=10', not 's-maxage="10"'. A sender SHOULD NOT generate the 1232 quoted-string form. 1234 5.2.3. Cache Control Extensions 1236 The Cache-Control header field can be extended through the use of one 1237 or more cache-extension tokens, each with an optional value. A cache 1238 MUST ignore unrecognized cache directives. 1240 Informational extensions (those that do not require a change in cache 1241 behavior) can be added without changing the semantics of other 1242 directives. 1244 Behavioral extensions are designed to work by acting as modifiers to 1245 the existing base of cache directives. Both the new directive and 1246 the old directive are supplied, such that applications that do not 1247 understand the new directive will default to the behavior specified 1248 by the old directive, and those that understand the new directive 1249 will recognize it as modifying the requirements associated with the 1250 old directive. In this way, extensions to the existing cache-control 1251 directives can be made without breaking deployed caches. 1253 For example, consider a hypothetical new response directive called 1254 "community" that acts as a modifier to the private directive: in 1255 addition to private caches, any cache that is shared only by members 1256 of the named community is allowed to cache the response. An origin 1257 server wishing to allow the UCI community to use an otherwise private 1258 response in their shared cache(s) could do so by including 1260 Cache-Control: private, community="UCI" 1262 A cache that recognizes such a community cache-extension could 1263 broaden its behavior in accordance with that extension. A cache that 1264 does not recognize the community cache-extension would ignore it and 1265 adhere to the private directive. 1267 5.3. Expires 1269 The "Expires" header field gives the date/time after which the 1270 response is considered stale. See Section 4.2 for further discussion 1271 of the freshness model. 1273 The presence of an Expires field does not imply that the original 1274 resource will change or cease to exist at, before, or after that 1275 time. 1277 The Expires value is an HTTP-date timestamp, as defined in Section 1278 7.1.1.1 of [Part2]. 1280 Expires = HTTP-date 1282 For example 1284 Expires: Thu, 01 Dec 1994 16:00:00 GMT 1286 A cache recipient MUST interpret invalid date formats, especially the 1287 value "0", as representing a time in the past (i.e., "already 1288 expired"). 1290 If a response includes a Cache-Control field with the max-age 1291 directive (Section 5.2.2.8), a recipient MUST ignore the Expires 1292 field. Likewise, if a response includes the s-maxage directive 1293 (Section 5.2.2.9), a shared cache recipient MUST ignore the Expires 1294 field. In both these cases, the value in Expires is only intended 1295 for recipients that have not yet implemented the Cache-Control field. 1297 An origin server without a clock MUST NOT generate an Expires field 1298 unless its value represents a fixed time in the past (always expired) 1299 or its value has been associated with the resource by a system or 1300 user with a reliable clock. 1302 Historically, HTTP required the Expires field-value to be no more 1303 than a year in the future. While longer freshness lifetimes are no 1304 longer prohibited, extremely large values have been demonstrated to 1305 cause problems (e.g., clock overflows due to use of 32-bit integers 1306 for time values), and many caches will evict a response far sooner 1307 than that. 1309 5.4. Pragma 1311 The "Pragma" header field allows backwards compatibility with 1312 HTTP/1.0 caches, so that clients can specify a "no-cache" request 1313 that they will understand (as Cache-Control was not defined until 1314 HTTP/1.1). When the Cache-Control header field is also present and 1315 understood in a request, Pragma is ignored. 1317 In HTTP/1.0, Pragma was defined as an extensible field for 1318 implementation-specified directives for recipients. This 1319 specification deprecates such extensions to improve interoperability. 1321 Pragma = 1#pragma-directive 1322 pragma-directive = "no-cache" / extension-pragma 1323 extension-pragma = token [ "=" ( token / quoted-string ) ] 1325 When the Cache-Control header field is not present in a request, 1326 caches MUST consider the no-cache request pragma-directive as having 1327 the same effect as if "Cache-Control: no-cache" were present (see 1328 Section 5.2.1). 1330 When sending a no-cache request, a client ought to include both the 1331 pragma and cache-control directives, unless Cache-Control: no-cache 1332 is purposefully omitted to target other Cache-Control response 1333 directives at HTTP/1.1 caches. For example: 1335 GET / HTTP/1.1 1336 Host: www.example.com 1337 Cache-Control: max-age=30 1338 Pragma: no-cache 1340 will constrain HTTP/1.1 caches to serve a response no older than 30 1341 seconds, while precluding implementations that do not understand 1342 Cache-Control from serving a cached response. 1344 Note: Because the meaning of "Pragma: no-cache" in responses is 1345 not specified, it does not provide a reliable replacement for 1346 "Cache-Control: no-cache" in them. 1348 5.5. Warning 1350 The "Warning" header field is used to carry additional information 1351 about the status or transformation of a message that might not be 1352 reflected in the status code. This information is typically used to 1353 warn about possible incorrectness introduced by caching operations or 1354 transformations applied to the payload of the message. 1356 Warnings can be used for other purposes, both cache-related and 1357 otherwise. The use of a warning, rather than an error status code, 1358 distinguishes these responses from true failures. 1360 Warning header fields can in general be applied to any message, 1361 however some warn-codes are specific to caches and can only be 1362 applied to response messages. 1364 Warning = 1#warning-value 1366 warning-value = warn-code SP warn-agent SP warn-text 1367 [ SP warn-date ] 1369 warn-code = 3DIGIT 1370 warn-agent = ( uri-host [ ":" port ] ) / pseudonym 1371 ; the name or pseudonym of the server adding 1372 ; the Warning header field, for use in debugging 1373 ; a single "-" is recommended when agent unknown 1374 warn-text = quoted-string 1375 warn-date = DQUOTE HTTP-date DQUOTE 1377 Multiple warnings can be generated in a response (either by the 1378 origin server or by a cache), including multiple warnings with the 1379 same warn-code number that only differ in warn-text. 1381 A user agent that receives one or more Warning header fields SHOULD 1382 inform the user of as many of them as possible, in the order that 1383 they appear in the response. Senders that generate multiple Warning 1384 header fields are encouraged to order them with this user agent 1385 behavior in mind. A sender that generates new Warning header fields 1386 MUST append them after any existing Warning header fields. 1388 Warnings are assigned three digit warn-codes. The first digit 1389 indicates whether the Warning is required to be deleted from a stored 1390 response after validation: 1392 o 1xx warn-codes describe the freshness or validation status of the 1393 response, and so MUST be deleted by a cache after validation. 1394 They can only be generated by a cache when validating a cached 1395 entry, and MUST NOT be generated in any other situation. 1397 o 2xx warn-codes describe some aspect of the representation that is 1398 not rectified by a validation (for example, a lossy compression of 1399 the representation) and MUST NOT be deleted by a cache after 1400 validation, unless a full response is sent, in which case they 1401 MUST be. 1403 If a sender generates one or more 1xx warn-codes in a message to be 1404 sent to a recipient known to implement only HTTP/1.0, the sender MUST 1405 include in each corresponding warning-value a warn-date that matches 1406 the Date header field in the message. For example: 1408 HTTP/1.1 200 OK 1409 Date: Sat, 25 Aug 2012 23:34:45 GMT 1410 Warning: 112 - "network down" "Sat, 25 Aug 2012 23:34:45 GMT" 1412 Warnings have accompanying warn-text that describes the error, e.g., 1413 for logging. It is advisory only, and its content does not affect 1414 interpretation of the warn-code. 1416 If a recipient that uses, evaluates, or displays Warning header 1417 fields receives a warn-date that is different from the Date value in 1418 the same message, the recipient MUST exclude the warning-value 1419 containing that warn-date before storing, forwarding, or using the 1420 message. This allows recipients to exclude warning-values that were 1421 improperly retained after a cache validation. If all of the warning- 1422 values are excluded, the recipient MUST exclude the Warning header 1423 field as well. 1425 The following warn-codes are defined by this specification, each with 1426 a recommended warn-text in English, and a description of its meaning. 1427 The procedure for defining additional warn codes is described in 1428 Section 7.2.1. 1430 5.5.1. Warning: 110 - "Response is Stale" 1432 A cache SHOULD generate this whenever the sent response is stale. 1434 5.5.2. Warning: 111 - "Revalidation Failed" 1436 A cache SHOULD generate this when sending a stale response because an 1437 attempt to validate the response failed, due to an inability to reach 1438 the server. 1440 5.5.3. Warning: 112 - "Disconnected Operation" 1442 A cache SHOULD generate this if it is intentionally disconnected from 1443 the rest of the network for a period of time. 1445 5.5.4. Warning: 113 - "Heuristic Expiration" 1447 A cache SHOULD generate this if it heuristically chose a freshness 1448 lifetime greater than 24 hours and the response's age is greater than 1449 24 hours. 1451 5.5.5. Warning: 199 - "Miscellaneous Warning" 1453 The warning text can include arbitrary information to be presented to 1454 a human user, or logged. A system receiving this warning MUST NOT 1455 take any automated action, besides presenting the warning to the 1456 user. 1458 5.5.6. Warning: 214 - "Transformation Applied" 1460 MUST be added by a proxy if it applies any transformation to the 1461 representation, such as changing the content-coding, media-type, or 1462 modifying the representation data, unless this Warning code already 1463 appears in the response. 1465 5.5.7. Warning: 299 - "Miscellaneous Persistent Warning" 1467 The warning text can include arbitrary information to be presented to 1468 a human user, or logged. A system receiving this warning MUST NOT 1469 take any automated action. 1471 6. History Lists 1473 User agents often have history mechanisms, such as "Back" buttons and 1474 history lists, that can be used to redisplay a representation 1475 retrieved earlier in a session. 1477 The freshness model (Section 4.2) does not necessarily apply to 1478 history mechanisms. I.e., a history mechanism can display a previous 1479 representation even if it has expired. 1481 This does not prohibit the history mechanism from telling the user 1482 that a view might be stale, or from honoring cache directives (e.g., 1483 Cache-Control: no-store). 1485 7. IANA Considerations 1487 7.1. Cache Directive Registry 1489 The HTTP Cache Directive Registry defines the name space for the 1490 cache directives. It will be created and maintained at (the 1491 suggested URI) 1492 . 1494 7.1.1. Procedure 1496 A registration MUST include the following fields: 1498 o Cache Directive Name 1500 o Pointer to specification text 1502 Values to be added to this name space require IETF Review (see 1503 [RFC5226], Section 4.1). 1505 7.1.2. Considerations for New Cache Control Directives 1507 New extension directives ought to consider defining: 1509 o What it means for a directive to be specified multiple times, 1511 o When the directive does not take an argument, what it means when 1512 an argument is present, 1514 o When the directive requires an argument, what it means when it is 1515 missing, 1517 o Whether the directive is specific to requests, responses, or able 1518 to be used in either. 1520 See also Section 5.2.3. 1522 7.1.3. Registrations 1524 The HTTP Cache Directive Registry shall be populated with the 1525 registrations below: 1527 +------------------------+----------------------------------+ 1528 | Cache Directive | Reference | 1529 +------------------------+----------------------------------+ 1530 | max-age | Section 5.2.1.1, Section 5.2.2.8 | 1531 | max-stale | Section 5.2.1.2 | 1532 | min-fresh | Section 5.2.1.3 | 1533 | must-revalidate | Section 5.2.2.1 | 1534 | no-cache | Section 5.2.1.4, Section 5.2.2.2 | 1535 | no-store | Section 5.2.1.5, Section 5.2.2.3 | 1536 | no-transform | Section 5.2.1.6, Section 5.2.2.4 | 1537 | only-if-cached | Section 5.2.1.7 | 1538 | private | Section 5.2.2.6 | 1539 | proxy-revalidate | Section 5.2.2.7 | 1540 | public | Section 5.2.2.5 | 1541 | s-maxage | Section 5.2.2.9 | 1542 | stale-if-error | [RFC5861], Section 4 | 1543 | stale-while-revalidate | [RFC5861], Section 3 | 1544 +------------------------+----------------------------------+ 1546 7.2. Warn Code Registry 1548 The HTTP Warn Code Registry defines the name space for warn codes. 1549 It will be created and maintained at (the suggested URI) 1550 . 1552 7.2.1. Procedure 1554 A registration MUST include the following fields: 1556 o Warn Code (3 digits) 1558 o Short Description 1560 o Pointer to specification text 1562 Values to be added to this name space require IETF Review (see 1563 [RFC5226], Section 4.1). 1565 7.2.2. Registrations 1567 The HTTP Warn Code Registry shall be populated with the registrations 1568 below: 1570 +-----------+----------------------------------+---------------+ 1571 | Warn Code | Short Description | Reference | 1572 +-----------+----------------------------------+---------------+ 1573 | 110 | Response is Stale | Section 5.5.1 | 1574 | 111 | Revalidation Failed | Section 5.5.2 | 1575 | 112 | Disconnected Operation | Section 5.5.3 | 1576 | 113 | Heuristic Expiration | Section 5.5.4 | 1577 | 199 | Miscellaneous Warning | Section 5.5.5 | 1578 | 214 | Transformation Applied | Section 5.5.6 | 1579 | 299 | Miscellaneous Persistent Warning | Section 5.5.7 | 1580 +-----------+----------------------------------+---------------+ 1582 7.3. Header Field Registration 1584 HTTP header fields are registered within the Message Header Field 1585 Registry maintained at . 1588 This document defines the following HTTP header fields, so their 1589 associated registry entries shall be updated according to the 1590 permanent registrations below (see [BCP90]): 1592 +-------------------+----------+----------+-------------+ 1593 | Header Field Name | Protocol | Status | Reference | 1594 +-------------------+----------+----------+-------------+ 1595 | Age | http | standard | Section 5.1 | 1596 | Cache-Control | http | standard | Section 5.2 | 1597 | Expires | http | standard | Section 5.3 | 1598 | Pragma | http | standard | Section 5.4 | 1599 | Warning | http | standard | Section 5.5 | 1600 +-------------------+----------+----------+-------------+ 1602 The change controller is: "IETF (iesg@ietf.org) - Internet 1603 Engineering Task Force". 1605 8. Security Considerations 1607 This section is meant to inform developers, information providers, 1608 and users of known security concerns specific to HTTP caching. More 1609 general security considerations are addressed in HTTP messaging 1610 [Part1] and semantics [Part2]. 1612 Caches expose additional potential vulnerabilities, since the 1613 contents of the cache represent an attractive target for malicious 1614 exploitation. Because cache contents persist after an HTTP request 1615 is complete, an attack on the cache can reveal information long after 1616 a user believes that the information has been removed from the 1617 network. Therefore, cache contents need to be protected as sensitive 1618 information. 1620 In particular, various attacks might be amplified by being stored in 1621 a shared cache; such "cache poisoning" attacks use the cache to 1622 distribute a malicious payload to many clients, and are especially 1623 effective when an attacker can use implementation flaws, elevated 1624 privileges, or other techniques to insert such a response into a 1625 cache. One common attack vector for cache poisoning is to exploit 1626 differences in message parsing on proxies and in user agents; see 1627 Section 3.3.3 of [Part1] for the relevant requirements. 1629 Likewise, implementation flaws (as well as misunderstanding of cache 1630 operation) might lead to caching of sensitive information (e.g., 1631 authentication credentials) that is thought to be private, exposing 1632 it to unauthorized parties. 1634 Furthermore, the very use of a cache can bring about privacy 1635 concerns. For example, if two users share a cache, and the first one 1636 browses to a site, the second may be able to detect that the other 1637 has been to that site, because the resources from it load more 1638 quickly, thanks to the cache. 1640 Note that the Set-Cookie response header field [RFC6265] does not 1641 inhibit caching; a cacheable response with a Set-Cookie header field 1642 can be (and often is) used to satisfy subsequent requests to caches. 1643 Servers who wish to control caching of these responses are encouraged 1644 to emit appropriate Cache-Control response header fields. 1646 9. Acknowledgments 1648 See Section 10 of [Part1]. 1650 10. References 1652 10.1. Normative References 1654 [Part1] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 1655 Protocol (HTTP/1.1): Message Syntax and Routing", 1656 draft-ietf-httpbis-p1-messaging-26 (work in progress), 1657 February 2014. 1659 [Part2] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 1660 Protocol (HTTP/1.1): Semantics and Content", 1661 draft-ietf-httpbis-p2-semantics-26 (work in progress), 1662 February 2014. 1664 [Part4] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 1665 Protocol (HTTP/1.1): Conditional Requests", 1666 draft-ietf-httpbis-p4-conditional-26 (work in progress), 1667 February 2014. 1669 [Part5] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed., 1670 "Hypertext Transfer Protocol (HTTP/1.1): Range Requests", 1671 draft-ietf-httpbis-p5-range-26 (work in progress), 1672 February 2014. 1674 [Part7] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 1675 Protocol (HTTP/1.1): Authentication", 1676 draft-ietf-httpbis-p7-auth-26 (work in progress), 1677 February 2014. 1679 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1680 Requirement Levels", BCP 14, RFC 2119, March 1997. 1682 [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax 1683 Specifications: ABNF", STD 68, RFC 5234, January 2008. 1685 10.2. Informative References 1687 [BCP90] Klyne, G., Nottingham, M., and J. Mogul, "Registration 1688 Procedures for Message Header Fields", BCP 90, RFC 3864, 1689 September 2004. 1691 [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., 1692 Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext 1693 Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. 1695 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1696 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 1697 May 2008. 1699 [RFC5861] Nottingham, M., "HTTP Cache-Control Extensions for Stale 1700 Content", RFC 5861, April 2010. 1702 [RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, 1703 "Network Time Protocol Version 4: Protocol and Algorithms 1704 Specification", RFC 5905, June 2010. 1706 [RFC6265] Barth, A., "HTTP State Management Mechanism", RFC 6265, 1707 April 2011. 1709 Appendix A. Changes from RFC 2616 1711 The specification has been substantially rewritten for clarity. 1713 The conditions under which an authenticated response can be cached 1714 have been clarified. (Section 3.2) 1716 New status codes can now define that caches are allowed to use 1717 heuristic freshness with them. Caches are now allowed to calculate 1718 heuristic freshness for URIs with query components. (Section 4.2.2) 1720 The algorithm for calculating age is now less conservative. Caches 1721 are now required to handle dates with timezones as if they're 1722 invalid, because it's not possible to accurately guess. 1723 (Section 4.2.3) 1725 The Content-Location response header field is no longer used to 1726 determine the appropriate response to use when validating. 1727 (Section 4.3) 1729 The algorithm for selecting a cached negotiated response to use has 1730 been clarified in several ways. In particular, it now explicitly 1731 allows header-specific canonicalization when processing selecting 1732 header fields. (Section 4.1) 1734 Requirements regarding denial of service attack avoidance when 1735 performing invalidation have been clarified. (Section 4.4) 1737 Cache invalidation only occurs when a successful response is 1738 received. (Section 4.4) 1740 Cache directives are explicitly defined to be case-insensitive. 1741 Handling of multiple instances of cache directives when only one is 1742 expected is now defined. (Section 5.2) 1744 The "no-store" request directive doesn't apply to responses; i.e., a 1745 cache can satisfy a request with no-store on it, and does not 1746 invalidate it. (Section 5.2.1.5) 1748 The qualified forms of the private and no-cache cache directives are 1749 noted to not be widely implemented; e.g., "private=foo" is 1750 interpreted by many caches as simply "private". Additionally, the 1751 meaning of the qualified form of no-cache has been clarified. 1752 (Section 5.2.2) 1754 The "no-cache" response directive's meaning has been clarified. 1755 (Section 5.2.2.2) 1757 The one-year limit on Expires header field values has been removed; 1758 instead, the reasoning for using a sensible value is given. 1759 (Section 5.3) 1761 The Pragma header field is now only defined for backwards 1762 compatibility; future pragmas are deprecated. (Section 5.4) 1764 Some requirements regarding production and processing of the Warning 1765 header fields have been relaxed, as it is not widely implemented. 1766 Furthermore, the Warning header field no longer uses RFC 2047 1767 encoding, nor allows multiple languages, as these aspects were not 1768 implemented. (Section 5.5) 1770 This specification introduces the Cache Directive and Warn Code 1771 Registries, and defines considerations for new cache directives. 1772 (Section 7.1 and Section 7.2) 1774 Appendix B. Imported ABNF 1776 The following core rules are included by reference, as defined in 1777 Appendix B.1 of [RFC5234]: ALPHA (letters), CR (carriage return), 1778 CRLF (CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double 1779 quote), HEXDIG (hexadecimal 0-9/A-F/a-f), LF (line feed), OCTET (any 1780 8-bit sequence of data), SP (space), and VCHAR (any visible US-ASCII 1781 character). 1783 The rules below are defined in [Part1]: 1785 OWS = 1786 field-name = 1787 quoted-string = 1788 token = 1790 port = 1791 pseudonym = 1792 uri-host = 1794 The rules below are defined in other parts: 1796 HTTP-date = 1798 Appendix C. Collected ABNF 1800 In the collected ABNF below, list rules are expanded as per Section 1801 1.2 of [Part1]. 1803 Age = delta-seconds 1805 Cache-Control = *( "," OWS ) cache-directive *( OWS "," [ OWS 1806 cache-directive ] ) 1808 Expires = HTTP-date 1810 HTTP-date = 1812 OWS = 1814 Pragma = *( "," OWS ) pragma-directive *( OWS "," [ OWS 1815 pragma-directive ] ) 1817 Warning = *( "," OWS ) warning-value *( OWS "," [ OWS warning-value ] 1818 ) 1820 cache-directive = token [ "=" ( token / quoted-string ) ] 1822 delta-seconds = 1*DIGIT 1824 extension-pragma = token [ "=" ( token / quoted-string ) ] 1826 field-name = 1828 port = 1829 pragma-directive = "no-cache" / extension-pragma 1830 pseudonym = 1832 quoted-string = 1834 token = 1836 uri-host = 1838 warn-agent = ( uri-host [ ":" port ] ) / pseudonym 1839 warn-code = 3DIGIT 1840 warn-date = DQUOTE HTTP-date DQUOTE 1841 warn-text = quoted-string 1842 warning-value = warn-code SP warn-agent SP warn-text [ SP warn-date 1843 ] 1845 Appendix D. Change Log (to be removed by RFC Editor before publication) 1847 Changes up to the IETF Last Call draft are summarized in . 1850 D.1. Since draft-ietf-httpbis-p6-cache-24 1852 Closed issues: 1854 o : "RFC 1305 ref 1855 needs to be updated to 5905" 1857 o : "dangling 1858 reference to cacheable status codes" 1860 o : "APPSDIR 1861 review of draft-ietf-httpbis-p6-cache-24" 1863 D.2. Since draft-ietf-httpbis-p6-cache-25 1865 Closed issues: 1867 o : "IESG ballot 1868 on draft-ietf-httpbis-p6-cache-25" 1870 o : "add 1871 'stateless' to Abstract" 1873 o : "improve 1874 introduction of list rule" 1876 o : "augment 1877 security considerations with pointers to current research" 1879 Index 1881 1 1882 110 (warn-code) 30 1883 111 (warn-code) 31 1884 112 (warn-code) 31 1885 113 (warn-code) 31 1886 199 (warn-code) 31 1888 2 1889 214 (warn-code) 31 1890 299 (warn-code) 31 1892 A 1893 age 10 1894 Age header field 20 1896 C 1897 cache 4 1898 cache entry 5 1899 cache key 5 1900 Cache-Control header field 21 1902 D 1903 Disconnected Operation (warn-text) 31 1905 E 1906 Expires header field 27 1907 explicit expiration time 10 1909 F 1910 fresh 10 1911 freshness lifetime 10 1913 G 1914 Grammar 1915 Age 20 1916 Cache-Control 21 1917 cache-directive 21 1918 delta-seconds 5 1919 Expires 27 1920 extension-pragma 28 1921 Pragma 28 1922 pragma-directive 28 1923 warn-agent 29 1924 warn-code 29 1925 warn-date 29 1926 warn-text 29 1927 Warning 29 1928 warning-value 29 1930 H 1931 Heuristic Expiration (warn-text) 31 1932 heuristic expiration time 10 1934 M 1935 max-age (cache directive) 21, 26 1936 max-stale (cache directive) 22 1937 min-fresh (cache directive) 22 1938 Miscellaneous Persistent Warning (warn-text) 31 1939 Miscellaneous Warning (warn-text) 31 1940 must-revalidate (cache directive) 23 1942 N 1943 no-cache (cache directive) 22, 24 1944 no-store (cache directive) 22, 24 1945 no-transform (cache directive) 23, 25 1947 O 1948 only-if-cached (cache directive) 23 1950 P 1951 Pragma header field 28 1952 private (cache directive) 25 1953 private cache 4 1954 proxy-revalidate (cache directive) 26 1955 public (cache directive) 25 1957 R 1958 Response is Stale (warn-text) 30 1959 Revalidation Failed (warn-text) 31 1961 S 1962 s-maxage (cache directive) 26 1963 shared cache 4 1964 stale 10 1965 strong validator 18 1967 T 1968 Transformation Applied (warn-text) 31 1970 V 1971 validator 15 1973 W 1974 Warning header field 29 1976 Authors' Addresses 1978 Roy T. Fielding (editor) 1979 Adobe Systems Incorporated 1980 345 Park Ave 1981 San Jose, CA 95110 1982 USA 1984 EMail: fielding@gbiv.com 1985 URI: http://roy.gbiv.com/ 1987 Mark Nottingham (editor) 1988 Akamai 1990 EMail: mnot@mnot.net 1991 URI: http://www.mnot.net/ 1992 Julian F. Reschke (editor) 1993 greenbytes GmbH 1994 Hafenweg 16 1995 Muenster, NW 48155 1996 Germany 1998 EMail: julian.reschke@greenbytes.de 1999 URI: http://greenbytes.de/tech/webdav/