HTTP Headers: Is Cache-Control enough, or do I still need Expires?

HTTP 1.1 introduced a new class of headers, Cache-Control response headers, to give Web publishers more control over their content, and to address the limitations of Expires.

Expires is kind of a pain due to its limitations. First, because there’s an absolute date involved, the clocks on the Web server and the client's cache must be synchronized; if they have a different idea of the time, the intended results won’t be achieved, and caches might wrongly consider stale content as fresh.

Another problem with Expires is that it’s easy to forget that you’ve set some content to expire at a particular time. If you don’t update an Expires time before it passes, each and every request will go back to your Web server, increasing load and latency.

So, do we need to use Expires anymore, or is Cache-Control (specifically, max-age set to some far future num开发者_运维百科ber of seconds) enough for my static content? I'd like to avoid using Expires, but should I set both?

Generally speaking, it's considered a best-practice to use both, as Expires will be understood by even HTTP/1.0 proxies and clients (rare though they may be).

Almost all server platforms will dynamically calculate the Expires header for you.