You are viewing the legacy StackPath SecureCDN Help Center. Please use if you signed up after July 1, 2018 or log in through

StackPath Support

Using Cache-Control Headers

​Cache-control headers (CCH) are pieces of file information that make it possible to define how your pages are handled by caches. Servers and clients can use them to interact with each other through the file, or to create some action with the file itself. SCD clients and system administrators who manage system interaction through HTTP need to understand CCH.

​When talking about caching, you have to consider CCH because these headers are responsible for how different systems deal with the local cache and files.

Examples of Cache-Control Headers

max-age=(time in seconds)

The override expires header sets a new value to define the length of time, in seconds, to cache the file or resource. Typically this header is applied everywhere between source and destination. When the resource is passed from origin through Nginx (the proxy StackPath uses), the header is applied and the file is cached for the defined duration defined. Nginx then passes the value to browsers as well.

s-maxage=(time in seconds)

This header also defines the SCD caching time. You can override max-age and expires headers to define a new value for SCD caching. Keep in mind that Nginx usuall doesn't honor this header so it won’t take effect on our servers. But Nginx does work with X-Accel-Expires that does the same thing.


This header prevents the caching of a resource if no other parameter is defined alongside no-cache. When using SCD, it's best to remove no-cache from the list of headers so it doesn't increase the amount of cache misses.


This cuases all intermediate servers to drop the caching for resources. They will not cache a request for that file or resource.


This header forces caching systems to validate the requested asset upon each request before the file is served. This header overrides caching rules and makes sure that no stale content is ever served. This header is not always honored and has an aggressive nature so some admins, like Nginx, ignore it to preserve a good HIT percentage.


This is compared against must-revalidate then instructs SCD servers to behave as described. While must-revalidate can be applied on user’s agents, proxy-revalidate is only valid on intermediate servers (SCD's).

Return to top