发表新帖
发表新帖

What is Cache-Control: private?

前端 未结
关注
4 1658
后悔当初
后悔当初 2020-12-02 07:25

When I visit chesseng.herokuapp.com I get a response header that looks like

Cache-Control:private
Connection:keep-alive
Content-Encoding:gzip
Content-Type:te
4条回答
  • 庸人自扰
    庸人自扰 (楼主)
    2020-12-02 07:36

    RFC 2616, section 14.9.1:

    Indicates that all or part of the response message is intended for a single user and MUST NOT be cached by a shared cache...A private (non-shared) cache MAY cache the response.

    Browsers could use this information. Of course, the current "user" may mean many things: OS user, a browser user (e.g. Chrome's profiles), etc. It's not specified.

    For me, a more concrete example of Cache-Control: private is that proxy servers (which typically have many users) won't cache it. It is meant for the end user, and no one else.

    FYI, the RFC makes clear that this does not provide security. It is about showing the correct content, not securing content.

    This usage of the word private only controls where the response may be cached, and cannot ensure the privacy of the message content.

    0 讨论(0)
 看不清?
提交回复
热议问题