HTTP Caching Strategies for APIs and Web Applications

Cache-Control headers, ETags, CDN caching, and cache invalidation.

Updated March 29, 2026 0 views

Cache-Control header

Cache-Control: public, max-age=3600, stale-while-revalidate=86400

public — CDNs and proxies may cache this.
private — only the browser may cache (user-specific data).
max-age — seconds until the cached response is stale.
stale-while-revalidate — serve stale while fetching fresh in the background. Eliminates cache miss latency spikes.
no-store — never cache (sensitive data).

ETags for conditional requests

The server returns an ETag (hash of the response). The client sends it back as If-None-Match. If the resource has not changed, the server returns 304 Not Modified with no body — saves bandwidth.

CDN cache key design

Default CDN cache key is the URL. Vary by Accept-Encoding and Accept-Language where needed. Avoid Vary on Cookie — it bypasses CDN caching entirely for every logged-in user.

Cache invalidation

Hard problem. Strategies: short TTLs (accept some staleness), surrogate cache tags (tag resources and purge by tag on mutation), or event-driven purging via CDN API on data change.

HTTP Caching Strategies for APIs and Web Applications

Cache-Control header

ETags for conditional requests

CDN cache key design

Cache invalidation

Related articles

Database Schema Migration Strategies

REST API design principles we follow

JWT Authentication — Implementation and Security Patterns

Multi-Tenancy Patterns — Database-per-Tenant, Schema-per-Tenant, and Row-Level