Cache-control: private and public

Question

What should a http client do if server returned Cache-Control: private, public ?

I have a feeling private should override public, but I can't find a confirmation in the RFC (other than MUST in private and MAY in public).

Answer 1

From a pragmatic point of view, err on the side of caution and treat it "private".

That way you cause a little extra network traffic for the lousy server, but keep your user's (potentially private) data safe.

Answer 2

I believe http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p6-cache-20.html#rfc.section.3 is pretty clear -- if it's labeled "private" it needs to be considered private, no matter whether "public" appears as well

Answer 3

Private cache control is used in this context to cache and store the data for a single user machine and not to be served with the entire network.

Whereas the Public Cache control is used to store the data in the client machine from the server and share it across the network on which the client machine is connected to.

Answer 4

Private cache control is used in this context to cache and store the data for a single user machine and not to be served with the entire network.

Whereas the Public Cache control is used to store the data in the client machine from the server and share it across the network on which the client machine is connected to.

Please refer the below example contains the details of http://www.totalworkflow.co.uk/ Server response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Set-Cookie: .ASPXANONYMOUS=TV4owqs-zQEkAAAAZmFhNDI5NDQtZmFmMi00Y2Q3LWI4NDctYTE0NDg5MzAwNjg20; expires=Wed, 30-May-2012 21:32:48 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=x12csr3ac4jp03jugqawke2d; path=/; HttpOnly
X-AspNet-Version: 2.0.5072