[ADP-143] Expires

Guidance

• SHOULD NOT use Expires header as it is not commonly recommended in modern API design.

Design Considerations

• The Expires header can be manipulated by changing the system time, potentially invalidating its intended purpose.
• Browsers typically ignore the Expires header if max-age is set (as a directive in Cache-Control).
• The Expires header may affect the behavior of Last-Modified.

Best Practices

• Use Cache-Control header with max-age directive instead of Expires for more precise and reliable cache control.
• If Expires must be used, combine it with Cache-Control to ensure consistent behavior across different clients.
• Always consider the security implications of caching, especially for sensitive or frequently updated resources.

Implementation Example

Cache-Control: max-age=3600, public

Reference

Design references

• https://jakearchibald.com/2016/caching-best-practices/
• https://pjchender.dev/webdev/note-http-cache/#不建議expires較舊的用法時間未到不會向伺服器發送請求