ToolBelt

Cache-Control Builder

Compose the HTTP Cache-Control header from directives.

Open tool

Overview

The Cache-Control builder composes a valid Cache-Control: HTTP header from individual directives — public, private, max-age, s-maxage, no-cache, no-store, immutable, stale-while-revalidate, and the rest. Tick the boxes that match your caching policy and the builder emits a single header line that can be pasted directly into a response or a CDN configuration.

Web developers tuning page-load performance, CDN operators writing edge rules, and API teams deciding what to cache and for how long all need to assemble Cache-Control headers correctly. Long-tail keywords covered: build Cache-Control header for static assets, when to use stale-while-revalidate vs max-age, and difference between no-cache and no-store.

How it works

Cache-Control is defined in RFC 9111. The header is a comma-separated list of directives that govern both browser and intermediary caches. Some directives are response-only (max-age, public), some are request-only (only-if-cached), and a handful (no-cache, no-store) apply to both. Numeric directives carry a delta-seconds value; flag directives stand alone.

Order does not matter, but combinations do. public, max-age=31536000, immutable tells every cache the asset will never change in the next year. private, no-store forbids any cache from retaining the response at all. CDNs often override the browser policy using s-maxage, which only edge caches honour.

Examples

  • public, max-age=31536000, immutable — for fingerprinted static assets (CSS, JS, images).
  • no-cache, no-store, must-revalidate — for sensitive pages that must never be cached.
  • public, max-age=60, stale-while-revalidate=600 — fresh for 60 s, then served stale while revalidating in the background for up to 10 minutes.
  • private, max-age=0, must-revalidate — browser caches the response but revalidates on every navigation.

FAQ

What is the difference between no-cache and no-store?

no-cache allows storing the response but requires revalidation with the origin before each reuse. no-store forbids storing it anywhere, including disk — use this for anything sensitive.

When should I use immutable?

For static assets whose URL changes whenever their content changes (e.g. app.abc123.js). The browser then skips conditional requests entirely during the freshness window.

Does max-age override Expires?

Yes. When both are present, Cache-Control: max-age wins. Modern servers can omit Expires entirely.

What does s-maxage actually do?

It sets a freshness lifetime that only shared caches (CDNs, proxies) honour. Browsers ignore it and fall back to max-age for their own cache.

Try Cache-Control Builder

An unhandled error has occurred. Reload ×