I'm trying to understand which values for Cache-Control
are to be used in the request and which are to be used in the response.
This is a good answer, but it doesn't mention if you should use those values in the response.
For example, should no-store
be used in the request or the response?
Is no-cache
only to be used in the request?
What would happen if it was used in the response instead of the request?
Is there any point in it being used in both the request and response?
It is indeed confusing that the same header name and directive can mean different things depending on whether it appears in a request or a response. This was acknowledged by one of the standard's editors, who wrote: "If we were designing Cache-Control
from scratch today, we’d probably use a different name for the field in requests to help avoid this kind of confusion."
Fortunately, RFC 7234 describes Cache-Control
request directives and response directives separately, so you can probably find the answers to your questions there. For example:
no-store
can be used in either the request or the response. The meaning is basically the same, it's just a question of whether it's the client or the server who wants nothing to be stored.
no-cache
can also be used in either the request or the response, but the meaning is different. If used in a request it means that the response to this request should not come from the cache (without validation). If used on a response, it means that future requests should not be satisfied with this response (without validation).