Is max age relative to last-modified date or request time?

Question

When a server gives Cache-Control: max-age=4320000,

Is the freshness considered 4320000 seconds after the time of request, or after the last modified date?

Answer 1

RFC 2616 section 14.9.3:

When the max-age cache-control directive is present in a cached response, the response is stale if its current age is greater than the age value given (in seconds) at the time of a new request for that resource. The max-age directive on a response implies that the response is cacheable (i.e., "public") unless some other, more restrictive cache directive is also present.

It is always based on the time of request, not the last modified date. You can confirm this behavior by testing on the major browsers.

Answer 2

tl;dr: the age of a cached object is either the time it was stored by any cache or now() - "Date" response header, whichever is bigger.

Full response:

The accepted response is incorrect. The mentioned rfc 2616 states on section 13.2.4 that:

In order to decide whether a response is fresh or stale, we need to compare its freshness lifetime to its age. The age is calculated as described in section 13.2.3.

And on section 13.2.3 it is state that:

corrected_received_age = max(now - date_value, age_value)

date_value is the response header Date:

HTTP/1.1 requires origin servers to send a Date header, if possible, with every response, giving the time at which the response was generated [...] We use the term "date_value" to denote the value of the Date header.

age_value is for how long the item is stored on any cache:

In essence, the Age value is the sum of the time that the response has been resident in each of the caches along the path from the origin server, plus the amount of time it has been in transit along network paths.

This is why good cache providers will include a header called Age every time they cache an item, to tell any upstream caches for how long they cached the item. If an upstream cache decides to store that item, its age must start with that value.

A practical example: a item is stored on the cache. It was stored 5 days ago, and when this item was fetched, the response headers included:

Date: Sat, 1 Jan 2022 11:05:05 GMT
Cache-Control: max-age={30 days in seconds}
Age: {10 days in seconds}

Assuming now() is Feb 3 2022, the age of the item must be calculated like (rounding up a bit for clarity):

• age_value=10 days + 5 days (age when received + age on this cache)
• now - date_value = Feb 3 2022 - 1 Jan 2022 = 34 days

The corrected age is the biggest value, that is 34 days. That means that the item is expired and can't be used, since max-age is 30 days.

The RFC presents a tiny additional correction that compensates for the request latency (see section 3, "corrected_initial_age").

Unfortunately not all cache servers will include the "Age" response header, so it is very important to make sure all responses that use max-age also include the "date" header, allowing the age to always be calculated.