Will web browsers cache content over https

Security issues in software development, development environment, standards, techniques and tools available.
Renata Freitas
Posts: 24
Joined: 09 Dec 2014 11:54

Will web browsers cache content over https

Post by Renata Freitas » 10 Dec 2014 10:53

Will content requested over https still be cached by web browsers or do they consider this insecure behaviour? If this is the case is there anyway to tell them it's ok to cache?

Júlio César Mendes
Posts: 16
Joined: 09 Dec 2014 12:17

Re: Will web browsers cache content over https

Post by Júlio César Mendes » 10 Dec 2014 10:53

By default web browsers should cache content over HTTPS the same as over HTTP, unless explicitly told otherwise via the HTTP Headers received.

This link is a good introduction to setting cache setting in HTTP headers.


is there anyway to tell them it's ok to cache?


This can be achieved by setting the max-age value in the Cache-Control header to a non-zero value, e.g.

Cache-Control: max-age=3600


will tell the browser that this page can be cached for 3600 seconds (1 hour)

Felipe Monteiro
Posts: 17
Joined: 02 Dec 2014 17:49

Re: Will web browsers cache content over https

Post by Felipe Monteiro » 10 Dec 2014 10:53

As of 2010, all modern, current-ish browsers cache HTTPS content by default, unless explicitly told not to.

It is not required to set cache-control:public for this to happen.

Source: Chrome, IE, Firefox.

BUTTON_POST_REPLY