之前深入搜索了多次,根据stackoverflow的回答进行一些总结(http://stackoverflow.com/questions/18148884/difference-between-no-cache-and-must-revalidate),目前看来这三种值的区别很模糊,但其实是有区别的(这里我们讨论的是HTTP /1.1的响应报文),先看看各自的释义(见: https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.1):
no-cache
If the no-cache directive does not specify a field-name, then a cache MUST NOT use the response to satisfy a subsequent request without successful revalidation with the origin server. This allows an origin server to prevent caching even by caches that have been configured to return stale responses to client requests.If the no-cache directive does specify one or more field-names, then a cache MAY use the response to satisfy a subsequent request, subject to any other restrictions on caching. However, the specified field-name(s) MUST NOT be sent in the response to a subsequent request without successful revalidation with the origin server. This allows an origin server to prevent the re-use of certain header fields in a response, while still allowing caching of the rest of the response.
亦即:no-cache的响应实际是可以存储在本地缓存中的,只是在与原始服务器进行新鲜度再验证之前,缓存不能将其提供给客户端使用。
must-revalidate
Because a cache MAY be configured to ignore a server's specified expiration time, and because a client request MAY include a max- stale directive (which has a similar effect), the protocol also includes a mechanism for the origin server to require revalidation of a cache entry on any subsequent use. When the must-revalidate directive is present in a response received by a cache, that cache MUST NOT use the entry after it becomes stale to respond to asubsequent request without first revalidating it with the origin server. (I.e., the cache MUST do an end-to-end revalidation every time, if, based solely on the origin server's Expires or max-age value, the cached response is stale.)The must-revalidate directive is necessary to support reliable operation for certain protocol features. In all circumstances an HTTP/1.1 cache MUST obey the must-revalidate directive; in particular, if the cache cannot reach the origin server for any reason, it MUST generate a 504 (Gateway Timeout) response.Servers SHOULD send the must-revalidate directive if and only if failure to revalidate a request on the entity could result in incorrect operation, such as a silently unexecuted financial transaction. Recipients MUST NOT take any automated action that violates this directive, and MUST NOT automatically provide an unvalidated copy of the entity if revalidation fails.Although this is not recommended, user agents operating under severe connectivity constraints MAY violate this directive but, if so, MUST explicitly warn the user that an unvalidated response has been provided. The warning MUST be provided on each unvalidated access, and SHOULD require explicit user confirmation.
亦即:含有must-revalidate的响应会被存储在本地缓存中,在后续请求时,该指令告知缓存:在事先没有与原始服务器进行再验证的情况下,不能提供这个对象的陈旧副本,但缓存仍然可以随意提供新鲜的副本。
max-age
When the max-age cache-control directive is present in a cached response, the response is stale if its current age is greater than the age value given (in seconds) at the time of a new request for that resource. The max-age directive on a response implies that the response is cacheable (i.e., "public") unless some other, more restrictive cache directive is also present.
亦即:max-age=xxx标识了该响应从服务器那边获取过来时,文档的处于新鲜状态的秒数,若max-age=0,则表示是一个立即过期的响应(直接标记为陈旧状态)。
这里比较下no-cache和must-revalidate的区别,个人觉得主要在于:
假设一个文档的缓存时间设置为10s,若指定no-cache,则它会强制浏览器(User Agent)必须先进行新鲜度再验证(注:不管该缓存是否新鲜),待服务器那边确认新鲜(304)后,方可使用缓存。
若指定must-revalidate,则浏览器会首先等待文档过期(超过10s),然后才去验证新鲜度(10s之前,都会直接使用缓存,不与服务器交互)。
那么这样一来,基本可以将 no-cache 与 must-revalidate, max-age=0 划等了,但这两者也有些细节上的区别,即:
在执行must-revalidate时,若浏览器第二次去请求服务器来做新鲜度验证,结果服务器挂了,无法访问,那么缓存需要返回一个504 Gateway Timeout的错误(这里应该是像nginx这样的代理来返回,若是浏览器如chrome,将直接是ERR_CONNECTION_REFUSED,即无法访问,连接被拒绝)。
而如果是no-cache,当验证新鲜度时,服务器扑街,则会照样使用本地缓存显示给用户(有的总比没的好,当然有可能显示的就是旧的文档了)。
所以must-revalidate用在对事务要求比较严苛的情况下使用(比如支付)。
【测试结果】
在chrome 52.0.2743.116 m下测试时,其实 no-cache 与 must-revalidate, max-age=0 的效果是一样的,都会返回无法访问,应该印证了https://tools.ietf.org/html/rfc7234#section-5.2.2.2这里对no-cache较新的定义。
另外两者在浏览器 Back/Forward 按键跳转时,实际是直接使用本地缓存的(不会访问服务器)。