must-revalidate Directive Explained

What Does must-revalidate Do?

must-revalidate is a Cache-Control directive that tells caches: once a response becomes stale, you must not serve it without first revalidating with the origin server. Without this directive, caches are allowed (by the HTTP spec) to serve stale responses in certain situations, such as when the origin server is unreachable.

The Problem It Solves

By default, HTTP caches may serve stale content if the origin server is down. This is a resilience feature — users get something rather than nothing. But for some content, serving outdated data is worse than showing an error.

Cache-Control: max-age=3600, must-revalidate

With this header:

1. For the first 3600 seconds, the cache serves the response without contacting the server
2. After 3600 seconds, the response is stale
3. The cache must contact the origin server to revalidate
4. If the server is unreachable, the cache returns a 504 Gateway Timeout instead of stale content

Common Combinations

max-age=0, must-revalidate — Forces revalidation on every request. Similar to no-cache, but with a subtle difference: no-cache prevents serving from cache without revalidation even during disconnected scenarios, while max-age=0, must-revalidate explicitly transitions through the stale state.

public, max-age=3600, must-revalidate — Cache for 1 hour, then absolutely require revalidation. Good for content that tolerates being 1 hour old but must not be served if older than that.

must-revalidate vs proxy-revalidate

must-revalidate applies to all caches (browser and shared). proxy-revalidate applies only to shared/proxy caches — the browser cache may still serve stale content. Use proxy-revalidate when you want strict CDN behavior but lenient browser behavior.