-
Notifications
You must be signed in to change notification settings - Fork 43
/
rfc9111.xml
2407 lines (2294 loc) · 101 KB
/
rfc9111.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?xml version="1.0" encoding="utf-8"?>
<?xml-stylesheet type='text/xsl' href='lib/myxml2rfc.xslt'?>
<!DOCTYPE rfc [
<!ENTITY MAY "<bcp14>MAY</bcp14>">
<!ENTITY MUST "<bcp14>MUST</bcp14>">
<!ENTITY MUST-NOT "<bcp14>MUST NOT</bcp14>">
<!ENTITY NOT-RECOMMENDED "<bcp14>NOT RECOMMENDED</bcp14>">
<!ENTITY OPTIONAL "<bcp14>OPTIONAL</bcp14>">
<!ENTITY RECOMMENDED "<bcp14>RECOMMENDED</bcp14>">
<!ENTITY REQUIRED "<bcp14>REQUIRED</bcp14>">
<!ENTITY SHALL "<bcp14>SHALL</bcp14>">
<!ENTITY SHALL-NOT "<bcp14>SHALL NOT</bcp14>">
<!ENTITY SHOULD "<bcp14>SHOULD</bcp14>">
<!ENTITY SHOULD-NOT "<bcp14>SHOULD NOT</bcp14>">
<!ENTITY ID-VERSION "latest">
<!ENTITY mdash "—">
<!ENTITY uuml "ü">
<!ENTITY Note "<x:h xmlns:x='http://purl.org/net/xml2rfc/ext'>Note:</x:h>">
]>
<?rfc compact="yes"?>
<?rfc subcompact="no" ?>
<?rfc linkmailto="no" ?>
<?rfc editing="no" ?>
<?rfc comments="yes"?>
<?rfc inline="yes"?>
<?rfc rfcedstyle="yes"?>
<?rfc-ext allow-markup-in-artwork="yes" ?>
<?rfc-ext map-dfn="none" ?>
<?rfc-ext html-pretty-print="prettyprint https://cdn.rawgit.com/google/code-prettify/master/loader/run_prettify.js"?>
<?rfc-ext include-references-in-index="yes" ?>
<?rfc-ext xml2rfc-backend="202007"?>
<?github-issue-label cache?>
<rfc category="std" docName="draft-ietf-httpbis-cache-&ID-VERSION;" ipr="pre5378Trust200902"
number="9111" seriesNo="98"
obsoletes="7234" x:maturity-level="internet" xmlns:x="http://purl.org/net/xml2rfc/ext" xmlns:rdf='http://www.w3.org/1999/02/22-rdf-syntax-ns#'
version="3" tocDepth="4" sortRefs="true">
<x:feedback template="mailto:[email protected]?subject={docname},%20%22{section}%22&body=<{ref}>:"/>
<front>
<title>HTTP Caching</title>
<author fullname="Roy T. Fielding" initials="R." surname="Fielding" role="editor">
<organization>Adobe</organization>
<address>
<postal>
<postalLine>345 Park Ave</postalLine>
<postalLine>San Jose, CA 95110</postalLine>
<country>United States of America</country>
</postal>
<email>[email protected]</email>
<uri>https://roy.gbiv.com/</uri>
</address>
</author>
<author fullname="Mark Nottingham" initials="M." surname="Nottingham" role="editor">
<organization>Fastly</organization>
<address>
<postal>
<postalLine>Prahran</postalLine>
<country>Australia</country>
</postal>
<email>[email protected]</email>
<uri>https://www.mnot.net/</uri>
</address>
</author>
<author fullname="Julian Reschke" initials="J." surname="Reschke" role="editor">
<organization abbrev="greenbytes">greenbytes GmbH</organization>
<address>
<postal>
<postalLine>Hafenweg 16</postalLine>
<postalLine>48155 Münster</postalLine>
<country>Germany</country>
</postal>
<email>[email protected]</email>
<uri>https://greenbytes.de/tech/webdav/</uri>
</address>
</author>
<date year="2022" month="June"/>
<area>Applications and Real-Time</area>
<workgroup>HTTP</workgroup>
<keyword>Hypertext Transfer Protocol</keyword>
<keyword>HTTP</keyword>
<keyword>HTTP Caching</keyword>
<abstract>
<t>
The Hypertext Transfer Protocol (HTTP) is a stateless application-level
protocol for distributed, collaborative, hypertext information systems.
This document defines HTTP caches and the associated header fields that
control cache behavior or indicate cacheable response messages.
</t>
<t>
This document obsoletes RFC 7234.
</t>
</abstract>
</front>
<middle>
<section title="Introduction" anchor="caching">
<t>
The Hypertext Transfer Protocol (HTTP) is a stateless application-level
request/response protocol that uses extensible semantics and
self-descriptive messages for flexible interaction with network-based
hypertext information systems. It is typically used for distributed information systems, where
the use of response caches can improve performance. This document
defines aspects of HTTP related to caching and reusing response
messages.
</t>
<iref item="cache" />
<t>
An HTTP <x:dfn>cache</x:dfn> is a local store of response messages and the
subsystem that controls storage, retrieval, and deletion of messages in it.
A cache stores cacheable responses to reduce the response time and
network bandwidth consumption on future equivalent requests. Any client or
server &MAY; use a cache, though not when acting as a tunnel (<xref target="intermediaries"/>).
</t>
<iref item="shared cache" />
<iref item="private cache" />
<t anchor="shared.and.private.caches">
A <x:dfn>shared cache</x:dfn> is a cache that stores responses for reuse
by more than one user; shared caches are usually (but not always) deployed
as a part of an intermediary. A <x:dfn>private cache</x:dfn>, in contrast,
is dedicated to a single user; often, they are deployed as a component of
a user agent.
</t>
<t>
The goal of HTTP caching is significantly improving performance
by reusing a prior response message to satisfy a current request.
A cache considers a stored response "fresh", as defined in
<xref target="expiration.model" />, if it can be reused without
"validation" (checking with the origin server to see if the cached response
remains valid for this request). A fresh response can therefore
reduce both latency and network overhead each time the cache reuses it.
When a cached response is not fresh, it might still be reusable if validation
can freshen it (<xref target="validation.model" />) or if the
origin is unavailable (<xref target="serving.stale.responses" />).
</t>
<t>
This document obsoletes <xref target="RFC7234" format="none">RFC 7234</xref>,
with the changes being summarized in <xref target="changes.from.rfc.7234"/>.
</t>
<section title="Requirements Notation" anchor="requirements.notation">
<t>
The key words "&MUST;", "&MUST-NOT;", "&REQUIRED;", "&SHALL;", "&SHALL-NOT;",
"&SHOULD;", "&SHOULD-NOT;", "&RECOMMENDED;", "&NOT-RECOMMENDED;",
"&MAY;", and "&OPTIONAL;" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.
</t>
<t>
<xref target="HTTP" x:rel="#conformance"/> defines conformance criteria and contains considerations regarding error handling.
</t>
</section>
<section title="Syntax Notation" anchor="notation">
<iref primary="true" item="Grammar" subitem="DIGIT"/>
<t>
This specification uses the Augmented Backus-Naur Form (ABNF) notation of
<xref target="RFC5234"/>, extended with the notation for case-sensitivity
in strings defined in <xref target="RFC7405"/>.
</t>
<t>
It also uses a list extension, defined in <xref target="abnf.extension"/>,
that allows for compact definition of comma-separated lists using a "#"
operator (similar to how the "*" operator indicates repetition). <xref
target="collected.abnf"/> shows the collected grammar with all list
operators expanded to standard ABNF notation.
</t>
<section title="Imported Rules" anchor="abnf.imported">
<t anchor="core.rules">
<x:anchor-alias value="DIGIT"/>
The following core rule is included by
reference, as defined in <xref target="RFC5234" x:fmt="," x:sec="B.1"/>:
DIGIT (decimal 0-9).
</t>
<t anchor="imported.rules">
<x:anchor-alias value="HTTP-date"/>
<x:anchor-alias value="OWS"/>
<x:anchor-alias value="field-name"/>
<x:anchor-alias value="quoted-string"/>
<x:anchor-alias value="token"/>
<xref target="HTTP"/> defines the following rules:
</t>
<sourcecode type="abnf7230">
<x:ref>HTTP-date</x:ref> = <HTTP-date, see <xref target="http.date"/>>
<x:ref>OWS</x:ref> = <OWS, see <xref target="whitespace"/>>
<x:ref>field-name</x:ref> = <field-name, see <xref target="fields.names"/>>
<x:ref>quoted-string</x:ref> = <quoted-string, see <xref target="quoted.strings"/>>
<x:ref>token</x:ref> = <token, see <xref target="tokens"/>>
</sourcecode>
</section>
<section title="Delta Seconds" anchor="delta-seconds">
<t>
The delta-seconds rule specifies a non-negative integer, representing time
in seconds.
</t>
<sourcecode type="abnf7230"><iref item="Grammar" primary="true" subitem="delta-seconds" />
<x:ref>delta-seconds</x:ref> = 1*<x:ref>DIGIT</x:ref>
</sourcecode>
<t>
A recipient parsing a delta-seconds value and converting it to binary form
ought to use an arithmetic type of at least 31 bits of non-negative integer
range.
If a cache receives a delta-seconds value greater than the greatest integer
it can represent, or if any of its subsequent calculations overflows,
the cache &MUST; consider the value to be 2147483648
(2<sup>31</sup>) or the greatest positive integer it can conveniently
represent.
</t>
<aside>
<t>
&Note; The value 2147483648 is here for historical reasons,
represents infinity (over 68 years), and does not need to be stored in
binary form; an implementation could produce it as a string if
any overflow occurs, even if the calculations are performed with an
arithmetic type incapable of directly representing that number.
What matters here is that an overflow be detected and not treated as a
negative value in later calculations.
</t>
</aside>
</section>
</section>
</section>
<section title="Overview of Cache Operation" anchor="caching.overview">
<iref item="cache key" />
<t>
Proper cache operation preserves the semantics of HTTP transfers
while reducing the transmission of information already held in the
cache. See <xref target="HTTP" x:fmt="of" x:rel="#terminology"/>
for the general terminology and core concepts of HTTP.
</t>
<t>
Although caching is an entirely &OPTIONAL; feature of HTTP, it can be
assumed that reusing a cached response is desirable and that such reuse
is the default behavior when no requirement or local configuration
prevents it. Therefore, HTTP cache requirements are focused
on preventing a cache from either storing a non-reusable response or
reusing a stored response inappropriately, rather than mandating that
caches always store and reuse particular responses.
</t>
<iref item="cache key" />
<t>
The <x:dfn>cache key</x:dfn> is the information a cache uses to choose a response and
is composed from, at a minimum, the request method and target
URI used to retrieve the stored response; the method determines under which
circumstances that response can be used to satisfy a subsequent request. However, many
HTTP caches in common use today only cache GET responses and therefore only
use the URI as the cache key.
</t>
<t>
A cache might store multiple responses for a request target that is
subject to content negotiation. Caches differentiate these responses
by incorporating some of the original request's header fields
into the cache key as well, using information in the <x:ref>Vary</x:ref>
response header field, as per <xref target="caching.negotiated.responses"/>.
</t>
<t>
Caches might incorporate additional material into the cache key.
For example, user agent caches might include the referring site's identity,
thereby "double keying" the cache to avoid some privacy risks (see <xref
target="security.timing"/>).
</t>
<t>
Most commonly, caches store the successful result of a retrieval
request: i.e., a <x:ref>200 (OK)</x:ref> response to a GET request, which
contains a representation of the target resource
(<xref target="GET"/>). However, it is also possible to store
redirects, negative results (e.g., <x:ref>404 (Not Found)</x:ref>),
incomplete results (e.g., <x:ref>206 (Partial Content)</x:ref>), and
responses to methods other than GET if the method's definition allows such
caching and defines something suitable for use as a cache key.
</t>
<t>
A cache is <x:dfn>disconnected</x:dfn> when it cannot contact the origin
server or otherwise find a forward path for a request. A
disconnected cache can serve stale responses in some circumstances (<xref
target="serving.stale.responses"/>).
</t>
</section>
<section title="Storing Responses in Caches" anchor="response.cacheability">
<t>
A cache &MUST-NOT; store a response to a request unless:
</t>
<ul>
<li><t>the request method is understood by the cache;</t></li>
<li><t>the response status code is final (see
<xref target="status.codes"/>);</t></li>
<li><t>if the response status code is 206 or 304, or the must-understand cache directive (see <xref
target="cache-response-directive.must-understand"/>) is present: the cache understands the response status code;</t></li>
<li><t>the no-store cache directive is not present in the response
(see <xref target="cache-response-directive.no-store"/>);</t></li>
<li><t>if the cache is shared: the private response directive is either not
present or allows a shared cache to store a modified response;
see <xref target="cache-response-directive.private" />);</t></li>
<li><t>if the cache is shared: the <x:ref>Authorization</x:ref> header field
is not present in the request
(see <xref target="field.authorization"/>) or a
response directive is present that explicitly allows shared caching
(see <xref target="caching.authenticated.responses" />);
and</t></li>
<li><t>the response contains at least one of the following:</t>
<ul>
<li>a public response directive
(see <xref target="cache-response-directive.public"/>);</li>
<li>a private response directive, if the cache is not shared
(see <xref target="cache-response-directive.private"/>);</li>
<li>an <x:ref>Expires</x:ref> header field
(see <xref target="field.expires"/>);</li>
<li>a max-age response directive
(see <xref target="cache-response-directive.max-age" />);</li>
<li>if the cache is shared: an s-maxage response directive
(see <xref target="cache-response-directive.s-maxage" />);</li>
<li>a cache extension that allows it to be cached
(see <xref target="cache.control.extensions" />); or</li>
<li>a status code that is defined as heuristically cacheable
(see <xref target="heuristic.freshness" />).</li>
</ul>
</li>
</ul>
<t>
Note that a cache extension can override any of the requirements
listed; see <xref target="cache.control.extensions" />.
</t>
<t>
In this context, a cache has "understood" a request method or a response
status code if it recognizes it and implements all specified
caching-related behavior.
</t>
<t>
Note that, in normal operation, some caches will not store a response that
has neither a cache validator nor an explicit expiration time, as such
responses are not usually useful to store. However, caches are not
prohibited from storing such responses.
</t>
<section title="Storing Header and Trailer Fields" anchor="storing.fields">
<t>
Caches &MUST; include all received response header fields — including
unrecognized ones — when storing a response; this assures that new HTTP
header fields can be successfully deployed. However, the following exceptions
are made:
</t>
<ul>
<li>The Connection header field and fields whose names are listed in it are
required by <xref target="field.connection"/> to be removed before
forwarding the message. This &MAY; be implemented by doing so
before storage.</li>
<li>Likewise, some fields' semantics require them to be removed
before forwarding the message, and this &MAY; be implemented by doing so
before storage; see <xref target="field.connection"/> for some
examples.</li>
<li>The no-cache (<xref target="cache-response-directive.no-cache"/>) and
private (<xref target="cache-response-directive.private"/>) cache
directives can have arguments that prevent storage of header fields by all
caches and shared caches, respectively.</li>
<li>Header fields that are specific to the proxy that a cache uses when forwarding a request
&MUST-NOT; be stored, unless the cache incorporates the identity of the
proxy into the cache key. Effectively, this is limited to Proxy-Authenticate
(<xref target="field.proxy-authenticate"/>), Proxy-Authentication-Info
(<xref target="field.proxy-authentication-info"/>), and Proxy-Authorization
(<xref target="field.proxy-authorization"/>).</li>
</ul>
<t>
Caches &MAY; either store trailer fields separate from header fields or
discard them. Caches &MUST-NOT; combine trailer fields with header fields.
</t>
</section>
<section title="Updating Stored Header Fields" anchor="update">
<t>
Caches are required to update a stored response's header fields from another
(typically newer) response in several situations; for example, see Sections <xref
target="combining.responses" format="counter"/>, <xref target="freshening.responses" format="counter"/>, and
<xref target="head.effects" format="counter"/>.
</t>
<t>
When doing so, the cache &MUST; add each header field in the provided response
to the stored response, replacing field values that are already present,
with the following exceptions:
</t>
<ul>
<li>Header fields excepted from storage in <xref target="storing.fields"/>,</li>
<li>Header fields that the cache's stored response depends upon, as described below,</li>
<li>Header fields that are automatically processed and removed by the recipient, as described below, and</li>
<li>The <x:ref>Content-Length</x:ref> header field.</li>
</ul>
<t>
In some cases, caches (especially in user agents) store the results of
processing the received response, rather than the response itself,
and updating header fields that affect that processing can result in
inconsistent behavior and security issues. Caches in this situation &MAY;
omit these header fields from updating stored responses on an
exceptional basis but &SHOULD; limit such omission to those fields
necessary to assure integrity of the stored response.
</t>
<t>
For example, a browser might decode the content coding of a response
while it is being received, creating a disconnect between the data it has
stored and the response's original metadata.
Updating that stored metadata with a different <x:ref>Content-Encoding</x:ref>
header field would be problematic. Likewise, a browser might store a
post-parse HTML tree rather than the content received in
the response; updating the <x:ref>Content-Type</x:ref> header field would not be workable
in this case because any assumptions about the format made in parsing would
now be invalid.
</t>
<t>
Furthermore, some fields are automatically processed and removed by the
HTTP implementation, such as the <x:ref>Content-Range</x:ref> header field.
Implementations &MAY; automatically omit such header fields from updates,
even when the processing does not actually occur.
</t>
<t>
Note that the Content-* prefix is not a signal that a header field is omitted
from update; it is a convention for MIME header fields, not HTTP.
</t>
</section>
<section title="Storing Incomplete Responses" anchor="incomplete.responses">
<t>
If the request method is GET, the response status code is <x:ref>200
(OK)</x:ref>, and the entire response header section has been received, a
cache &MAY; store a response that is not complete (<xref target="message.framing"/>) provided that the stored response
is recorded as being incomplete. Likewise, a <x:ref>206 (Partial
Content)</x:ref> response &MAY; be stored as if it were an incomplete
<x:ref>200 (OK)</x:ref> response. However, a cache &MUST-NOT; store
incomplete or partial-content responses if it does not support the
<x:ref>Range</x:ref> and <x:ref>Content-Range</x:ref> header fields or if
it does not understand the range units used in those fields.
</t>
<t>
A cache &MAY; complete a stored incomplete response by making a subsequent
range request (<xref target="field.range"/>) and combining the successful response with the
stored response, as defined in <xref target="combining.responses"/>. A cache
&MUST-NOT; use an incomplete response to answer requests unless the
response has been made complete, or the request is partial and specifies a
range wholly within the incomplete response. A cache &MUST-NOT;
send a partial response to a client without explicitly marking it
using the <x:ref>206 (Partial Content)</x:ref> status code.
</t>
</section>
<section title="Combining Partial Content" anchor="combining.responses">
<t>
A response might transfer only a partial representation if the
connection closed prematurely or if the request used one or more Range
specifiers (<xref target="field.range"/>). After several such transfers, a cache might have
received several ranges of the same representation. A cache &MAY; combine
these ranges into a single stored response, and reuse that response to
satisfy later requests, if they all share the same strong validator and
the cache complies with the client requirements in <xref target="combining.byte.ranges"/>.
</t>
<t>
When combining the new response with one or more stored responses, a cache
&MUST; update the stored response header fields using the header fields
provided in the new response, as per <xref target="update"/>.
</t>
</section>
<section title="Storing Responses to Authenticated Requests" anchor="caching.authenticated.responses">
<t>
A shared cache &MUST-NOT; use a cached response to a request with an
<x:ref>Authorization</x:ref> header field (<xref target="field.authorization"/>) to
satisfy any subsequent request unless the response contains a
<x:ref>Cache-Control</x:ref> field with a response directive
(<xref target="cache-response-directive"/>) that allows it to be stored by
a shared cache, and the cache conforms to the requirements of that
directive for that response.
</t>
<t>
In this specification, the following response directives have such an effect:
must-revalidate (<xref target="cache-response-directive.must-revalidate"/>),
public (<xref target="cache-response-directive.public"/>), and
s-maxage (<xref target="cache-response-directive.s-maxage"/>).
</t>
</section>
</section>
<section title="Constructing Responses from Caches" anchor="constructing.responses.from.caches">
<t>
When presented with a request, a cache &MUST-NOT; reuse a stored response
unless:
</t>
<ul>
<li><t>the presented target URI (<xref target="target.resource"/>) and
that of the stored response match, and</t></li>
<li><t>the request method associated with the stored response allows it to
be used for the presented request, and</t></li>
<li><t>request header fields nominated by the stored response (if any)
match those presented (see <xref target="caching.negotiated.responses"
/>), and</t></li>
<li><t>the stored response does not contain the no-cache directive
(<xref target="cache-response-directive.no-cache"/>), unless it is
successfully validated (<xref target="validation.model"/>), and</t></li>
<li><t>the stored response is one of the following:</t>
<ul>
<li>fresh (see <xref target="expiration.model" />), or</li>
<li>allowed to be served stale (see <xref
target="serving.stale.responses" />), or</li>
<li>successfully validated (see <xref target="validation.model"
/>).</li>
</ul>
</li>
</ul>
<t>
Note that a cache extension can override any of the requirements
listed; see <xref target="cache.control.extensions" />.
</t>
<t>
When a stored response is used to satisfy a request without validation, a
cache &MUST; generate an <x:ref>Age</x:ref> header field (<xref
target="field.age"/>), replacing any present in the response with a value
equal to the stored response's current_age; see <xref
target="age.calculations" />.
</t>
<t>
A cache &MUST; write through requests with methods that are unsafe
(<xref target="safe.methods"/>) to the origin server; i.e., a cache is not allowed to
generate a reply to such a request before having forwarded the request and
having received a corresponding response.
</t>
<t>
Also, note that unsafe requests might invalidate already-stored responses;
see <xref target="invalidation" />.
</t>
<iref item="collapsed requests" />
<t>
A cache can use a response that is stored or storable to satisfy
multiple requests, provided that it is allowed to reuse that response
for the requests in question. This enables a cache to <x:dfn>collapse
requests</x:dfn> — or combine multiple incoming requests into a single forward
request upon a cache miss — thereby reducing load on the origin server
and network. Note, however, that if the cache cannot use the returned
response for some or all of the collapsed requests, it will need to
forward the requests in order to satisfy them, potentially introducing
additional latency.
</t>
<t>
When more than one suitable response is stored, a cache &MUST; use the
most recent one (as determined by the <x:ref>Date</x:ref> header
field). It can also forward the request with "Cache-Control: max-age=0" or
"Cache-Control: no-cache" to disambiguate which response to use.
</t>
<t>
A cache without a clock (<xref target="http.date"/>) &MUST; revalidate
stored responses upon every use.
</t>
<section title="Calculating Cache Keys with the Vary Header Field" anchor="caching.negotiated.responses">
<t>
When a cache receives a request that can be satisfied by a stored response
and that stored response contains a <x:ref>Vary</x:ref> header field
(<xref target="field.vary"/>),
the cache &MUST-NOT; use that stored response without revalidation unless
all the presented request header fields nominated by that Vary field value
match those fields in the original request (i.e., the
request that caused the cached response to be stored).
</t>
<t>
The header fields from two requests are defined to match if
and only if those in the first request can be transformed to those in the
second request by applying any of the following:
</t>
<ul>
<li>
adding or removing whitespace, where allowed in the header field's
syntax
</li>
<li>
combining multiple header field lines with the same field name
(see <xref target="field.lines"/>)
</li>
<li>
normalizing both header field values in a way that is known to have
identical semantics, according to the header field's specification
(e.g., reordering field values when order is not significant;
case-normalization, where values are defined to be case-insensitive)
</li>
</ul>
<t>
If (after any normalization that might take place) a header field is absent
from a request, it can only match another request if it is also absent
there.
</t>
<t>
A stored response with a <x:ref>Vary</x:ref> header field value containing
a member "*" always fails to match.
</t>
<t>
If multiple stored responses match,
the cache will need to choose one to use.
When a nominated request header field has a known mechanism for ranking preference
(e.g., qvalues on <x:ref>Accept</x:ref> and similar request header
fields), that mechanism &MAY; be used to choose a preferred response.
If such a mechanism is not available, or leads to equally preferred
responses, the most recent
response (as determined by the <x:ref>Date</x:ref> header field) is
chosen, as
per <xref target="constructing.responses.from.caches"/>.
</t>
<t>
Some resources mistakenly omit the Vary header field from their default
response (i.e., the one sent when the request does not express any preferences),
with the effect of choosing it for subsequent requests to that resource
even when more preferable responses are available. When a cache has
multiple stored responses for a target URI and one or more omits the Vary
header field, the cache &SHOULD; choose the most recent
(see <xref target="age.calculations"/>) stored response with a valid Vary
field value.
</t>
<t>
If no stored response matches, the cache cannot satisfy the presented
request. Typically, the request is forwarded to the origin server,
potentially with preconditions added to describe what responses the cache
has already stored (<xref target="validation.model"/>).
</t>
</section>
<section title="Freshness" anchor="expiration.model">
<iref item="fresh" />
<iref item="stale" />
<t>
A <x:dfn>fresh</x:dfn> response is one whose age has not yet exceeded its
freshness lifetime. Conversely, a <x:dfn>stale</x:dfn>
response is one where it has.
</t>
<iref item="freshness lifetime" />
<iref item="explicit expiration time" />
<iref item="heuristic expiration time" />
<t>
A response's <x:dfn>freshness lifetime</x:dfn> is the length of time
between its generation by the origin server and its expiration time. An
<x:dfn>explicit expiration time</x:dfn> is the time at which the origin
server intends that a stored response can no longer be used by a cache
without further validation, whereas a <x:dfn>heuristic expiration
time</x:dfn> is assigned by a cache when no explicit expiration time is
available.
</t>
<iref item="age" />
<t>
A response's <x:dfn>age</x:dfn> is the time that has passed since it was
generated by, or successfully validated with, the origin server.
</t>
<t>
When a response is fresh, it can be used to satisfy
subsequent requests without contacting the origin server, thereby improving
efficiency.
</t>
<t>
The primary mechanism for determining freshness is for an origin server to
provide an explicit expiration time in the future, using either the
<x:ref>Expires</x:ref> header field (<xref target="field.expires" />) or
the max-age response directive (<xref
target="cache-response-directive.max-age" />). Generally, origin servers
will assign future explicit expiration times to responses in the belief
that the representation is not likely to change in a semantically
significant way before the expiration time is reached.
</t>
<t>
If an origin server wishes to force a cache to validate every request, it
can assign an explicit expiration time in the past to indicate that the
response is already stale. Compliant caches will normally validate a stale
cached response before reusing it for subsequent requests (see <xref
target="serving.stale.responses" />).
</t>
<t>
Since origin servers do not always provide explicit expiration times,
caches are also allowed to use a heuristic to determine an expiration time
under certain circumstances (see <xref target="heuristic.freshness"/>).
</t>
<t>
The calculation to determine if a response is fresh is:
</t>
<sourcecode type="pseudocode">
response_is_fresh = (freshness_lifetime > current_age)
</sourcecode>
<t>
freshness_lifetime is defined in <xref
target="calculating.freshness.lifetime" />; current_age is defined in
<xref target="age.calculations" />.
</t>
<t>
Clients can send the max-age or min-fresh request directives (<xref
target="cache-request-directive" />) to suggest limits on the freshness
calculations for the corresponding response. However, caches are not
required to honor them.
</t>
<t>
When calculating freshness, to avoid common problems in date parsing:
</t>
<ul>
<li>Although all date formats are specified to be case-sensitive,
a cache recipient &SHOULD; match the field value
case-insensitively.</li>
<li>If a cache recipient's internal implementation of time has less
resolution than the value of an HTTP-date, the recipient &MUST;
internally represent a parsed <x:ref>Expires</x:ref> date as the
nearest time equal to or earlier than the received value.</li>
<li>A cache recipient &MUST-NOT; allow local time zones to influence the
calculation or comparison of an age or expiration time.</li>
<li>A cache recipient &SHOULD; consider a date with a zone abbreviation
other than "GMT" to be invalid for calculating expiration.</li>
</ul>
<t>
Note that freshness applies only to cache operation; it cannot be used to
force a user agent to refresh its display or reload a resource. See <xref
target="history.lists" /> for an explanation of the difference between
caches and history mechanisms.
</t>
<section title="Calculating Freshness Lifetime" anchor="calculating.freshness.lifetime">
<t>
A cache can calculate the freshness lifetime (denoted as
freshness_lifetime) of a response by evaluating the following rules and using the first match:
</t>
<ul>
<li>If the cache is shared and the s-maxage response directive
(<xref target="cache-response-directive.s-maxage" />) is present, use its value,
or</li>
<li>If the max-age response directive (<xref
target="cache-response-directive.max-age" />) is present, use its value, or</li>
<li>If the <x:ref>Expires</x:ref> response header field
(<xref target="field.expires" />) is present, use its value minus the
value of the <x:ref>Date</x:ref> response header field
(using the time the message was received if it is not present, as per <xref target="field.date"/>), or</li>
<li>Otherwise, no explicit expiration time is present in the response. A
heuristic freshness lifetime might be applicable; see <xref
target="heuristic.freshness" />.</li>
</ul>
<t>
Note that this calculation is intended to reduce clock skew by using the
clock information provided by the origin server whenever possible.
</t>
<t>
When there is more than one value present for a given directive (e.g., two
<x:ref>Expires</x:ref> header field lines or multiple Cache-Control: max-age
directives), either the first occurrence should be used or the response should
be considered stale. If directives conflict (e.g.,
both max-age and no-cache are present), the most restrictive directive should
be honored. Caches are encouraged to consider responses that have
invalid freshness information (e.g., a max-age directive with non-integer content) to
be stale.
</t>
</section>
<section title="Calculating Heuristic Freshness" anchor="heuristic.freshness">
<iref item="heuristically cacheable"/>
<t>
Since origin servers do not always provide explicit expiration times, a
cache &MAY; assign a heuristic expiration time when an explicit time is not
specified, employing algorithms that use other field values (such as
the <x:ref>Last-Modified</x:ref> time) to estimate a plausible expiration
time. This specification does not provide specific algorithms, but it does
impose worst-case constraints on their results.
</t>
<t>
A cache &MUST-NOT; use heuristics to determine freshness when an explicit
expiration time is present in the stored response. Because of the
requirements in <xref target="response.cacheability"/>,
heuristics can only be used on responses without explicit
freshness whose status codes are defined as <x:dfn>heuristically cacheable</x:dfn> (e.g., see
<xref target="overview.of.status.codes"/>) and on responses without
explicit freshness that have been marked as explicitly cacheable (e.g.,
with a public response directive).
</t>
<t>
Note that in previous specifications, heuristically cacheable response status
codes were called "cacheable by default".
</t>
<t>
If the response has a <x:ref>Last-Modified</x:ref> header field
(<xref target="field.last-modified"/>), caches are encouraged to use a heuristic
expiration value that is no more than some fraction of the interval since
that time. A typical setting of this fraction might be 10%.
</t>
<aside>
<t>
&Note;
A previous version of the HTTP specification
(<xref target="RFC2616" x:fmt="of" x:sec="13.9"/>) prohibited caches
from calculating heuristic freshness for URIs with query components
(i.e., those containing "?"). In practice, this has not been widely
implemented. Therefore, origin servers are encouraged to send explicit
directives (e.g., Cache-Control: no-cache) if they wish to prevent
caching.
</t>
</aside>
</section>
<section title="Calculating Age" anchor="age.calculations">
<t>
The <x:ref>Age</x:ref> header field is used to convey an estimated
age of the response message when obtained from a cache. The Age field value
is the cache's estimate of the number of seconds since the origin server generated
or validated the response. The Age value is therefore
the sum of the time that the response has been resident in each of the
caches along the path from the origin server, plus the time it
has been in transit along network paths.
</t>
<t>
Age calculation uses the following data:
</t>
<dl newline="true">
<dt><x:dfn>age_value</x:dfn></dt>
<dd>
The term "age_value" denotes the value of the <x:ref>Age</x:ref>
header field (<xref target="field.age"/>), in a form appropriate for
arithmetic operation; or 0, if not available.
</dd>
<dt><x:dfn>date_value</x:dfn></dt>
<dd>
The term "date_value" denotes the value of
the Date header field, in a form appropriate for arithmetic
operations. See <xref target="field.date"/> for the definition of the Date header
field and for requirements regarding responses without it.
</dd>
<dt><x:dfn>now</x:dfn></dt>
<dd>
The term "now" means the current value of this implementation's clock
(<xref target="http.date"/>).
</dd>
<dt><x:dfn>request_time</x:dfn></dt>
<dd>
The value of the clock at the time of the request that
resulted in the stored response.
</dd>
<dt><x:dfn>response_time</x:dfn></dt>
<dd>
The value of the clock at the time the response
was received.
</dd>
</dl>
<t>
A response's age can be calculated in two entirely independent ways:
</t>
<ol>
<li>the "apparent_age": response_time minus date_value, if the
implementation's
clock is reasonably well synchronized to the origin server's clock. If
the result is negative, the result is replaced by zero.</li>
<li>the "corrected_age_value", if all of the caches along the response
path implement HTTP/1.1 or greater. A cache &MUST; interpret this value
relative to the time the request was initiated, not the time that the
response was received.</li>
</ol>
<sourcecode type="pseudocode">
apparent_age = max(0, response_time - date_value);
response_delay = response_time - request_time;
corrected_age_value = age_value + response_delay;
</sourcecode>
<t>
The corrected_age_value &MAY; be used as the corrected_initial_age. In
circumstances where very old cache implementations that might not correctly
insert <x:ref>Age</x:ref> are present, corrected_initial_age can be calculated
more conservatively as
</t>
<sourcecode type="pseudocode">
corrected_initial_age = max(apparent_age, corrected_age_value);
</sourcecode>
<t>
The current_age of a stored response can then be calculated by adding the
time (in seconds) since the stored response was last validated by
the origin server to the corrected_initial_age.
</t>
<sourcecode type="pseudocode">
resident_time = now - response_time;
current_age = corrected_initial_age + resident_time;
</sourcecode>
</section>
<section title="Serving Stale Responses" anchor="serving.stale.responses">
<t>
A "stale" response is one that either has explicit expiry information or is
allowed to have heuristic expiry calculated, but is not fresh according to
the calculations in <xref target="expiration.model" />.
</t>
<t>
A cache &MUST-NOT; generate a stale response if it is prohibited by an
explicit in-protocol directive (e.g., by a no-cache response
directive, a must-revalidate response directive, or an applicable
s-maxage or proxy-revalidate response directive; see <xref
target="cache-response-directive"/>).
</t>
<t>
A cache &MUST-NOT; generate a stale response unless it is disconnected
or doing so is explicitly permitted by the client or origin server
(e.g., by the max-stale request directive in <xref
target="cache-request-directive" />, extension directives such as those
defined in <xref target="RFC5861"/>, or configuration in accordance
with an out-of-band contract).
</t>
</section>
</section>
<section title="Validation" anchor="validation.model">
<t>
When a cache has one or more stored responses for a requested URI, but
cannot serve any of them (e.g., because they are not fresh, or one cannot
be chosen; see <xref target="caching.negotiated.responses"/>), it can use
the conditional request mechanism (<xref target="conditional.requests"/>) in the forwarded request to
give the next inbound server an opportunity to choose a valid stored
response to use, updating the stored metadata in the process, or to replace
the stored response(s) with a new response. This process is known as
<x:dfn>validating</x:dfn> or <x:dfn>revalidating</x:dfn> the stored
response.
</t>
<section title="Sending a Validation Request" anchor="validation.sent"><iref item="validator" />
<t>
When generating a conditional request for validation, a cache either starts with
a request it is attempting to satisfy or — if it is initiating
the request independently — synthesizes a request using a stored
response by copying the method, target URI, and request header fields
identified by the Vary header field (<xref
target="caching.negotiated.responses"/>).
</t>
<t>
It then updates that request with one or more precondition header fields.
These contain validator metadata sourced from a stored response(s) that has
the same URI. Typically, this will include only the stored response(s) that
has the same cache key, although a cache is allowed to validate
a response that it cannot choose with the request header fields it is sending
(see <xref target="caching.negotiated.responses"/>).
</t>
<t>
The precondition header fields are then compared by recipients to
determine whether any stored response is equivalent to a current
representation of the resource.
</t>
<t>
One such validator is the timestamp given in a <x:ref>Last-Modified</x:ref>
header field (<xref target="field.last-modified"/>), which can be used in an
<x:ref>If-Modified-Since</x:ref> header field for response validation, or
in an <x:ref>If-Unmodified-Since</x:ref> or <x:ref>If-Range</x:ref> header
field for representation selection (i.e., the client is referring
specifically to a previously obtained representation with that timestamp).
</t>
<t>
Another validator is the entity tag given in an <x:ref>ETag</x:ref>
field (<xref target="field.etag"/>). One or more entity tags, indicating one or more
stored responses, can be used in an <x:ref>If-None-Match</x:ref> header
field for response validation, or in an <x:ref>If-Match</x:ref> or
<x:ref>If-Range</x:ref> header field for representation selection (i.e.,
the client is referring specifically to one or more previously obtained
representations with the listed entity tags).
</t>
<t>
When generating a conditional request for validation, a cache:
</t>
<ul>
<li>&MUST; send the relevant entity tags
(using <x:ref>If-Match</x:ref>, <x:ref>If-None-Match</x:ref>, or
<x:ref>If-Range</x:ref>) if the entity tags were provided in the
stored response(s) being validated.</li>
<li>&SHOULD; send the <x:ref>Last-Modified</x:ref> value (using
<x:ref>If-Modified-Since</x:ref>) if the request is not for a subrange,
a single stored response is being validated, and that response
contains a Last-Modified value.</li>
<li>&MAY; send the <x:ref>Last-Modified</x:ref> value (using
<x:ref>If-Unmodified-Since</x:ref> or <x:ref>If-Range</x:ref>) if
the request is for a subrange, a single stored response is being
validated, and that response contains only a Last-Modified value
(not an entity tag).</li>
</ul>
<t>
In most cases, both validators are generated in cache validation requests,
even when entity tags are clearly superior, to allow old intermediaries
that do not understand entity tag preconditions to respond appropriately.
</t>
</section>
<section title="Handling a Received Validation Request" anchor="validation.received">
<t>
Each client in the request chain may have its own cache, so it is common
for a cache at an intermediary to receive conditional requests from other
(outbound) caches. Likewise, some user agents make use of conditional
requests to limit data transfers to recently modified representations or to
complete the transfer of a partially retrieved representation.
</t>
<t>
If a cache receives a request that can be satisfied by reusing a stored
<x:ref>200 (OK)</x:ref> or <x:ref>206 (Partial Content)</x:ref>
response, as per <xref target="constructing.responses.from.caches"/>,
the cache &SHOULD; evaluate any applicable conditional header
field preconditions received in that request with respect to the