Contrib.social

Consider removing "public" cache-control header for non-HTTP-authenticated responses.

Open on Drupal.org β†’
Created on 31 January 2016, over 9 years ago
Updated 8 July 2025, 4 days ago

I would like to propose removing the 'public' cache-control header for non-HTTP-authenticated responses. Reduction in bytes over the wire and cleaner header output is the benefit. An analysis of of NBC.com which is on Drupal 7 states:

Problem/Motivation

Mark Nottingham, Chair of the HTTP Working Group (amongst many other things), states via RED, the Resource Expert Droid, at https://redbot.org:

The Cache-Control: public directive makes a response cacheable even when the request had an Authorization header (i.e., HTTP authentication was in use).
Therefore, HTTP-authenticated (NOT cookie-authenticated) resources may have use for public to improve cacheability, if used judiciously.

However, other responses do not need to contain public; it does not make the response "more cacheable", and only makes the response headers larger.

A local analysis of a Drupal 8.0.3 site also says the same, "Cache-Control: public is rarely necessary."

Proposed resolution

Remove 'public' from our headers.

Remaining tasks

User interface changes

API changes

Data model changes

πŸ“Œ Task
Status

Postponed: needs info

Version

11.0 πŸ”₯

Component

cache system

Created by

πŸ‡ΊπŸ‡ΈUnited States Elijah Lynn Portland, Oregon

Live updates comments and jobs are added and updated live.
  • Performance

    It affects performance. It is often combined with the Needs profiling tag.

  • stale-issue-cleanup

    To track issues in the developing policy for closing stale issues, [Policy, no patch] closing older issues

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 4 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States smustgrave

    Thank you for creating this issue to improve Drupal.

    We are working to decide if this task is still relevant to a currently supported version of Drupal. There hasn't been any discussion here for over 8 years which suggests that this has either been implemented or is no longer relevant. Your thoughts on this will allow a decision to be made.

    Since we need more information to move forward with this issue, the status is now Postponed (maintainer needs more info). If we don't receive additional information to help with the issue, it may be closed after three months.

    Thanks!

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024