之前深入搜索了多次,根據stackoverflow的回答進行一些總結(http://stackoverflow.com/questions/18148884/difference-between-no-cache-and-must-revalidate),目前看來這三種值的區別很模糊,但其實是有區別的(這里我們討論的是HTTP /1.1的響應報文),先看看各自的釋義(見: https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.1):
no-cache
If the no-cache directive does not specify a field-name, then a cache MUST NOT use the response to satisfy a subsequent request without successful revalidation with the origin server. This allows an origin server to prevent caching even by caches that have been configured to return stale responses to client requests.If the no-cache directive does specify one or more field-names, then a cache MAY use the response to satisfy a subsequent request, subject to any other restrictions on caching. However, the specified field-name(s) MUST NOT be sent in the response to a subsequent request without successful revalidation with the origin server. This allows an origin server to prevent the re-use of certain header fields in a response, while still allowing caching of the rest of the response.
亦即:no-cache的響應實際是可以存儲在本地緩存中的,只是在與原始服務器進行新鮮度再驗證之前,緩存不能將其提供給客戶端使用。
must-revalidate
Because a cache MAY be configured to ignore a server's specified expiration time, and because a client request MAY include a max- stale directive (which has a similar effect), the protocol also includes a mechanism for the origin server to require revalidation of a cache entry on any subsequent use. When the must-revalidate directive is present in a response received by a cache, that cache MUST NOT use the entry after it becomes stale to respond to asubsequent request without first revalidating it with the origin server. (I.e., the cache MUST do an end-to-end revalidation every time, if, based solely on the origin server's Expires or max-age value, the cached response is stale.)The must-revalidate directive is necessary to support reliable operation for certain protocol features. In all circumstances an HTTP/1.1 cache MUST obey the must-revalidate directive; in particular, if the cache cannot reach the origin server for any reason, it MUST generate a 504 (Gateway Timeout) response.Servers SHOULD send the must-revalidate directive if and only if failure to revalidate a request on the entity could result in incorrect operation, such as a silently unexecuted financial transaction. Recipients MUST NOT take any automated action that violates this directive, and MUST NOT automatically provide an unvalidated copy of the entity if revalidation fails.Although this is not recommended, user agents operating under severe connectivity constraints MAY violate this directive but, if so, MUST explicitly warn the user that an unvalidated response has been provided. The warning MUST be provided on each unvalidated access, and SHOULD require explicit user confirmation.
亦即:含有must-revalidate的響應會被存儲在本地緩存中,在后續請求時,該指令告知緩存:在事先沒有與原始服務器進行再驗證的情況下,不能提供這個對象的陳舊副本,但緩存仍然可以隨意提供新鮮的副本。
max-age
When the max-age cache-control directive is present in a cached response, the response is stale if its current age is greater than the age value given (in seconds) at the time of a new request for that resource. The max-age directive on a response implies that the response is cacheable (i.e., "public") unless some other, more restrictive cache directive is also present.
亦即:max-age=xxx標識了該響應從服務器那邊獲取過來時,文檔的處於新鮮狀態的秒數,若max-age=0,則表示是一個立即過期的響應(直接標記為陳舊狀態)。
這里比較下no-cache和must-revalidate的區別,個人覺得主要在於:
假設一個文檔的緩存時間設置為10s,若指定no-cache,則它會強制瀏覽器(User Agent)必須先進行新鮮度再驗證(注:不管該緩存是否新鮮),待服務器那邊確認新鮮(304)后,方可使用緩存。
若指定must-revalidate,則瀏覽器會首先等待文檔過期(超過10s),然后才去驗證新鮮度(10s之前,都會直接使用緩存,不與服務器交互)。
那么這樣一來,基本可以將 no-cache 與 must-revalidate, max-age=0 划等了,但這兩者也有些細節上的區別,即:
在執行must-revalidate時,若瀏覽器第二次去請求服務器來做新鮮度驗證,結果服務器掛了,無法訪問,那么緩存需要返回一個504 Gateway Timeout的錯誤(這里應該是像nginx這樣的代理來返回,若是瀏覽器如chrome,將直接是ERR_CONNECTION_REFUSED,即無法訪問,連接被拒絕)。
而如果是no-cache,當驗證新鮮度時,服務器撲街,則會照樣使用本地緩存顯示給用戶(有的總比沒的好,當然有可能顯示的就是舊的文檔了)。
所以must-revalidate用在對事務要求比較嚴苛的情況下使用(比如支付)。
【測試結果】
在chrome 52.0.2743.116 m下測試時,其實 no-cache 與 must-revalidate, max-age=0 的效果是一樣的,都會返回無法訪問,應該印證了https://tools.ietf.org/html/rfc7234#section-5.2.2.2這里對no-cache較新的定義。
另外兩者在瀏覽器 Back/Forward 按鍵跳轉時,實際是直接使用本地緩存的(不會訪問服務器)。