I'm writing a small wrapper in PHP for the Cache-Control headers. I wanted to get a few details straight before I commit to a particular implementation.
I'm aware of all the directives and what they do, but it seems like a few of them could conflict. I'm assuming that if no-cache is present, than no other Cache-Control directive should be present (and also not set Pragma: no-cache, as it's actually a request header).
Does the presence of s-maxage imply public? And a private directive should remove public as well as s-maxage. Are there any caveats with setting no-store, no-transform, must-revalidate or proxy-revalidate in this manner? Are there other directives that conflict with each other?
And would no-cache and the gang conflict with any non-cache-control directive, such as Expires, etc?
From my experience, even if you get all cache headers and directives theoretically right, whether or not the browsers and proxies do as they are told is another matter. I don't think there is a way around testing (which is painful). Especially with so many tablet and mobile devices around. http://www.procata.com/cachetest/ may help a bit. I am not aware of a reliable cache testing framework.
Then there is a certain confusion between HTTP 1.0 and HTTP 1.1 directives. Generally, backwards compatibility exists (but that should be tested as well). I would consider ignoring HTTP 1.0 directives entirely (which are: Pragma: No-cache and Expires) and focus on HTTP 1.1.
The hierarchy of the cache directives is explained in http://palisade.plynt.com/issues/2008Jul/cache-control-attributes/. Some of your questions are answered there.