December 23, 2025
Cache me if you can
HTTP Caching, a Refresher
Is caching dead in the HTTPS era—or is the 'Vary' rule the real chaos agent
TLDR: A fresh guide to web caching sparked a brawl: some say it’s pointless in an HTTPS world, others say skipping the crucial “Vary” rule—and claims CDNs ignore it—is the real scandal. It matters because caching rules decide whether sites feel instant, accurate, or like a slow, wrong-page mess.
An explainer on HTTP caching—the web’s “save it so you don’t fetch it again” rulebook—should’ve been a quiet refresher. Instead, the comments turned into a mini food fight. The article walks through how servers tell browsers and middlemen like content delivery networks when a page is still “fresh” using headers like Cache-Control, how “stale” pages get checked with ETags (unique tags) or “Last-Modified” dates, and why a quick “304 Not Modified” response can save time and bandwidth.
But the community? Spicy. One camp waved it off: “irrelevant these days with https everywhere,” arguing that encrypted pages killed the old world of shared proxy caches. Others shot back that HTTPS hides content from snoops, not caches—CDNs still live and die by these rules.
Then came the real drama: the missing Vary header. Commenters fumed that any caching explainer that skips Vary—the thing that tells caches to keep different versions for, say, mobile vs desktop or different languages—is asking for chaos. One user even claimed some CDNs, “like Cloudflare,” ignore Vary altogether, linking receipts on HN. Cue gasps.
So is caching boring plumbing or a booby-trapped maze? The crowd couldn’t agree. What they did agree on: get caching wrong, and your site is either slow, or worse, serving the wrong thing to the wrong people.
Key Points
- •RFC 9111 (2022) specifies how HTTP caching works across private and shared caches.
- •Cache-Control directives in requests and responses govern storage and reuse of content; some directives target shared caches.
- •Freshness is determined by comparing a response’s age (including Age header) to a freshness timeline set by max-age, Expires/Date, or heuristics from Last-Modified.
- •For shared caches, s-maxage overrides other freshness indicators.
- •Stale responses are validated via conditional requests using ETag/Last-Modified, mapping to If-None-Match/If-Modified-Since, with If-None-Match evaluated when both are present.