HTTP Cache-Control: What is acceptable default behavior when it's not present?

Question

I'm running into some HTTP caching issues, caused by some downstream apps not putting Cache-Control headers on time-sensitive data. I need to make the case that this is a broken situation.

Is there any succinct statement available online about permissible or common response-handling behaviors by caches and agents when the Cache-Control header is not present for HTTP 1.1? I see RFC2616, but it doesn't seem to include any normative or SHOULD statements about responses without a Cache-Control header.

Answer 1

There's no way to know what the proxies are doing or even which ones your customers are hitting, but if there's no Cache-Control header, they may well be sending a cached result. What you can do is add the header from the client-side (if thats an option), so the client would send the request for the resource with a header like this: Cache-Control:no-cache

More info on caching here:

https://developers.google.com/speed/docs/best-practices/caching#LeverageBrowserCaching

And here's a related stack-overflow question:

Why is Cache-Control attribute sent in request header (client to server)?

Hope it helps!

Answer 2

I think when this directive is missing it is up to the browser to determine what it wants to do. (In this case your server may be the browser)

This is a pretty good write up of the way various browsers handled the issue:

http://www.f5.com/pdf/white-papers/browser-behavior-wp.pdf

Hope that helps.