Google Chrome does not revalidate etag on back/forth

http browser-cache cache-control etag
Dennis picture Dennis · Apr 23, 2013 · Viewed 13k times · Source

Even though I send "cache-control: must-revalidate" Google Chrome uses a locally cached page when using the back and forth button in the browser.

This is part of the original response:

HTTP/1.1 200 OK
cache-control: private, must-revalidate
etag: "c9239b5d4b98949f8469a05062e05bb999d7512e"
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

If I refresh the page I get a "HTTP/1.1 304 Not Modified" response but when I use the back button I get the following response:

Request URL:example.com
Request Method:GET
Status Code:200 OK (from cache)

The response I'm looking for is 304 or 200 OK, is it possible to achieve this?

Answer

James Holderness picture James Holderness · May 12, 2013

When using the back and forward buttons, the key Cache-Control directive to prevent the browser returning a cached copy of the page is no-store.

Nothing else will help, and nothing else is needed. Your Cache-Control header can simply be:

Cache-Control: no-store

There are two exceptions to this though.

  1. Opera and Safari won't revalidate no matter what headers you set (at least the versions I've tested). If you open the page in a new tab, that copy will be fresh, but the original tab will continue to show the stale version when navigating back and forth until you refresh or re-enter the url.
  2. Firefox appears to have a bug in the caching of the first page that is opened (i.e. when there is no back button). All subsequent instances of the page will refresh as you navigate back and forth, but once you backup all the way to the topmost page, it can often still be showing its initial stale copy.

Finally, I should note that using this directive is not advisable in general, since it obviously has a significant impact on bandwidth usage. The browser can't even take advantage of Etags to get a 304 Not Modified response, because it will have no stored copy to use in the event a 304 response is received.

Related questions

What's the difference between Cache-Control: max-age=0 and no-cache?

The header Cache-Control: max-age=0 implies that the content is considered stale (and must be re-fetched) immediately, which is in effect the same thing as Cache-Control: no-cache.

Read More
What is Cache-Control: private?

When I visit chesseng.herokuapp.com I get a response header that looks like Cache-Control:private Connection:keep-alive Content-Encoding:gzip Content-Type:text/css Date:Tue, 16 Oct 2012 06:37:53 GMT Last-Modified:Tue, 16 Oct 2012 03:13:38 GMT Status:200 OK transfer-encoding:chunked Vary:Accept-Encoding X-Rack-Cache:miss and …

Read More
"no-cache" ​vs "max-age=0, must-revalidate, proxy-revalidate"

What's the​ difference between a HTTP response with Cache-Control: no-cache vs Cache-Control: max-age=0, must-revalidate, proxy-revalidate? Do browsers treat that as identical?

Read More