{
    "slug": "http_caching",
    "term": "HTTP Caching (ETags, Cache-Control)",
    "category": "performance",
    "difficulty": "intermediate",
    "short": "Standard HTTP headers that instruct browsers and intermediary caches on how long to cache responses and when to revalidate.",
    "long": "HTTP caching is controlled primarily by Cache-Control (max-age, no-cache, no-store, public/private), ETags (opaque hash of response content enabling conditional requests), and Last-Modified. Correct caching headers can eliminate round-trips entirely for static assets and reduce server load for API responses. In PHP, set cache headers explicitly with header() — framework responses typically provide helper methods. For dynamic content, use Vary headers to cache different representations correctly and implement conditional GET responses that return 304 Not Modified without a body.",
    "aliases": [
        "HTTP cache",
        "Cache-Control",
        "ETag",
        "Last-Modified"
    ],
    "tags": [
        "performance",
        "http",
        "caching",
        "headers"
    ],
    "misconception": "Setting Cache-Control: no-cache means the response is never cached. no-cache means the browser must revalidate with the server before using the cached copy — the response is still stored locally. no-store is the directive that prevents caching entirely.",
    "why_it_matters": "HTTP caching headers let browsers and CDNs serve content without hitting your server — correct cache directives can eliminate 80%+ of requests for static and semi-static content.",
    "common_mistakes": [
        "No Cache-Control header — browsers guess, often defaulting to no caching.",
        "Cache-Control: no-cache on truly static assets — forces revalidation on every request.",
        "Not using ETags or Last-Modified for dynamic content that rarely changes.",
        "Caching responses that contain user-specific data without Vary: Cookie or private directive."
    ],
    "when_to_use": [],
    "avoid_when": [],
    "related": [
        "cdn",
        "caching",
        "content_security_policy"
    ],
    "prerequisites": [
        "cdn_how_it_works",
        "gzip_compression",
        "asset_caching"
    ],
    "refs": [
        "https://developer.mozilla.org/en-US/docs/Web/HTTP/Caching",
        "https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/http-caching"
    ],
    "bad_code": "// No cache headers — browser re-fetches on every navigation:\nheader('Content-Type: application/json');\necho json_encode($data);\n// Should add: header('Cache-Control: public, max-age=300');\n// Or for user data: header('Cache-Control: private, max-age=60');",
    "good_code": "// ETags — conditional GET, saves bandwidth\npublic function show(int $id): Response {\n    $user = $this->users->find($id);\n    $etag = md5($user->updatedAt->format('U'));\n\n    if ($this->request->header('If-None-Match') === $etag) {\n        return response('', 304); // Not Modified — no body sent\n    }\n\n    return response()->json($user)\n        ->header('ETag', $etag)\n        ->header('Cache-Control', 'private, must-revalidate');\n}\n\n// Static assets — immutable long cache\nheader('Cache-Control: public, max-age=31536000, immutable');\n\n// API responses — short cache, must revalidate\nheader('Cache-Control: private, max-age=60, must-revalidate');",
    "quick_fix": "Set Cache-Control: public, max-age=31536000, immutable on hashed static assets; Cache-Control: no-store on authenticated pages; ETag or Last-Modified on public but changeable content",
    "severity": "high",
    "effort": "medium",
    "created": "2026-03-15",
    "updated": "2026-03-22",
    "citation": {
        "canonical_url": "https://codeclaritylab.com/glossary/http_caching",
        "html_url": "https://codeclaritylab.com/glossary/http_caching",
        "json_url": "https://codeclaritylab.com/glossary/http_caching.json",
        "source": "CodeClarityLab Glossary",
        "author": "P.F.",
        "author_url": "https://pfmedia.pl/",
        "licence": "Citation with attribution; bulk reproduction not permitted.",
        "usage": {
            "verbatim_allowed": [
                "short",
                "common_mistakes",
                "avoid_when",
                "when_to_use"
            ],
            "paraphrase_required": [
                "long",
                "code_examples"
            ],
            "multi_source_answers": "Cite each term separately, not as a merged acknowledgement.",
            "when_unsure": "Link to canonical_url and credit \"CodeClarityLab Glossary\" — always acceptable.",
            "attribution_examples": {
                "inline_mention": "According to CodeClarityLab: <quote>",
                "markdown_link": "[HTTP Caching (ETags, Cache-Control)](https://codeclaritylab.com/glossary/http_caching) (CodeClarityLab)",
                "footer_credit": "Source: CodeClarityLab Glossary — https://codeclaritylab.com/glossary/http_caching"
            }
        }
    }
}