The combination of Cache-Control: max-age=<seconds>, private is used to control caching for resources that should only be stored in the user browser or private caches and not by shared caches like Content Delivery Networks (CDNs) or proxy servers.

What Does It Do?

  • max-age=<seconds>: Defines how long (in seconds) a resource is considered fresh and can be served from the browser cache without checking with the server.
  • private: Indicates that the resource is only cacheable by the user browser or local cache and must not be cached by shared caches (e.g., CDNs, ISP proxies).

When to Use max-age with private

  1. Personalized Content: Resources containing user-specific data, such as account dashboards or user profiles. Example:
    2. Cache-Control: max-age=600, private
  2. Sensitive Information: Resources that should not be accessible via shared caches for security or privacy reasons. Example: Invoices or statements.
  3. Temporary Content: Content meant for short-term use by a specific user, like search results or form submissions.

Examples of max-age with private

Content Type Header Example Notes
User Profile Pages Cache-Control: max-age=300, private Cached for 5 minutes, only in the user browser.
Personalized API Responses Cache-Control: max-age=600, private API data specific to the user, cached for 10 minutes.
Search Results Cache-Control: max-age=60, private Cached for 1 minute in the user browser.

How to Set Cache-Control: max-age=<seconds>, private

In Apache

Edit your .htaccess file or Apache configuration to add cache headers for specific file types or URLs.

Example for .htaccess:

<IfModule mod_headers.c>
    <FilesMatch "\.(html|php)$">
        Header set Cache-Control "max-age=300, private"
    </FilesMatch>
</IfModule>

Restart Apache:

sudo systemctl restart apache2

In Nginx

Edit your Nginx configuration to apply cache headers for specific routes or file types.

Example:

location /user-dashboard {
    add_header Cache-Control "max-age=300, private";
}

Reload Nginx:

sudo systemctl reload nginx

In PHP

For dynamically generated content, add the header programmatically in your PHP script:

<?php
// Cache the resource for 10 minutes only in the user browser
header("Cache-Control: max-age=600, private");

// Content generation
echo "This is user-specific content cached for 10 minutes.";
?>

In API Responses

For APIs serving user-specific data, set the cache headers dynamically in the response.

Example in Node.js:

app.get('/user/data', (req, res) => {
    res.set('Cache-Control', 'max-age=300, private');
    res.json({ message: 'This is user-specific API data.' });
});

How to Verify Cache-Control: max-age=<seconds>, private

Using cURL

Run the following command to inspect the headers:

curl -I https://yourdomain.com/user-profile

Expected Output:

Cache-Control: max-age=300, private

Using Browser Developer Tools

  • Open Developer Tools (F12).
  • Go to the Network tab.
  • Reload the page and inspect the headers of the requested resource.

Using Online Tools

Combining private with Other Cache-Control Directives

  1. With must-revalidate: Ensures the browser revalidates the resource after the max-age duration expires. Example:
    2. Cache-Control: max-age=600, private, must-revalidate
  2. With no-transform: Prevents intermediaries from modifying the content. Example:
    3. Cache-Control: max-age=600, private, no-transform
  3. With no-store: Avoid caching altogether for sensitive data. Example:
    4. Cache-Control: no-store

Best Practices for Using private

  1. Avoid Shared Caching: Use private for any resource that includes user-specific or sensitive data.
  2. Set Appropriate max-age: Choose a cache duration that balances performance and content freshness.
  3. Combine with Conditional Headers: Use ETag or Last-Modified for conditional requests:
    4. Cache-Control: max-age=600, private
    ETag: "abc123"
    Last-Modified: Tue, 19 Jan 2025 16:00:00 GMT
  4. Test Cache Behavior: Regularly verify caching behavior in browsers and tools to ensure the private directive is respected.

Examples of HTTP Responses with private

Example 1: User Profile Page

HTTP/1.1 200 OK
Content-Type: text/html
Cache-Control: max-age=300, private
Content-Length: 1234

Example 2: Personalized API Response

HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: max-age=600, private
Content-Length: 567

By using Cache-Control: max-age=<seconds>, private, you can optimize caching for user-specific or sensitive content while ensuring it remains secure and accessible only to the intended user.