Private vs Public in Cache-Control

ppolyzos picture ppolyzos · Aug 16, 2010 · Viewed 56.1k times · Source

Can you please describe an example indicating difference between Public and Private Cache-Control in asp.net applications hosted in IIS.

I read in MSDN that the difference is the following:

Public: Sets Cache-Control: public to specify that the response is cacheable by clients and shared (proxy) caches.

Private: Default value. Sets Cache-Control: private to specify that the response is cacheable only on the client and not by shared (proxy server) caches.

I am not sure I have completely understood the pros and cons from each choice. An example for when to or not to use it would be great.

For example what should I do if i have two web servers hosting the same application? Is there anything to watch out if I choose Private or Public?

Answer

salgiza picture salgiza · Aug 16, 2010

The only difference is that with Private you are not allowing proxies to cache the data that travels through them. In the end, it all boils down to the data contained in the pages/files you are sending.

For example, your ISP could have an invisible proxy between you and the Internet, that is caching web pages to reduce the amount of bandwidth needed and lower costs. By using cache-control:private, you are specifying that it shouldn't cache the page (but allowing the final user to do so). If you use cache-control: public, you are saying that it's okay for everyone to cache the page, and so the proxy would keep a copy.

As a rule of thumb, if it's something everybody can access (for example, the logo in this page) cache-control: public might be better, because the more people that cache it, the less bandwidth you'll need. If it's something that is related to the connected user (for example, the HTML in this page includes my username, so it won't be useful to anyone else) cache-control: private will be better, as the proxies would be caching data that won't be requested by other users, and they might also be keeping data that you don't want to be kept in servers that you don't trust.

And, of course, everything that is not public should have a private cache. Otherwise the data might be stored in a middle proxy server, were it could be accessed by anyone with access to it.