[ADP-371] HTTP Caching: Cache-Control

API-Specific Cache-Control Directives

For header specific principles, refer ADP-124

Best Practices for API Caching

1. Use Cache-Control Headers Consistently: Always include appropriate Cache-Control headers in API responses.

2. Consider Resource Volatility: Adjust caching directives based on how frequently the resource changes.

3. Secure Sensitive Data: Use no-store for responses containing sensitive information.

4. Optimize for Performance: Utilize caching for frequently accessed, rarely changing resources to reduce server load and improve response times.

5. Version-Aware Caching: Include API version in the cache key to prevent serving outdated data across versions.

6. Implement ETag Support: Use ETags in conjunction with Cache-Control for efficient validation of cached resources.

Example Implementations

Caching for Public, Read-Only Data

Cache-Control: public, max-age=3600

This allows caching by any cache for one hour, suitable for public, frequently accessed, and infrequently updated resources.

Private, User-Specific Data

Cache-Control: private, max-age=3600

This allows caching by the browser client for one hour, suitable for user-specific data that should not be shared across users.

Frequently Changing Resources

Cache-Control: no-store

This prevents caching of the response, suitable for resources that change frequently or contain sensitive information.

Reference

• https://datatracker.ietf.org/doc/html/rfc7234
• https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control