no-cache vs no-store: What's the Difference?
Clarify the most commonly confused Cache-Control directives. Learn why no-cache does not mean 'never cache' and when to use no-store for true cache prevention.
Detailed Explanation
The Most Misunderstood Directives
Despite their names, no-cache and no-store do very different things. Confusing them is one of the most common HTTP caching mistakes.
no-cache
Cache-Control: no-cache
no-cache does NOT mean "don't cache." It means: "You may cache this response, but you must revalidate with the origin server before serving it." The browser stores the response locally but sends a conditional request (using ETag or Last-Modified) on every access.
Flow with no-cache:
- Browser receives response and caches it
- On next request, browser sends
If-None-Match: "etag-value" - If content hasn't changed, server responds
304 Not Modified(no body) - Browser serves the cached version
This is efficient because a 304 response is tiny (just headers), saving bandwidth when the content hasn't actually changed.
no-store
Cache-Control: no-store
no-store means "never cache ANY part of this response." The browser must not write the response to disk or keep it in memory beyond the immediate request. Every request goes to the origin server for a full response.
Comparison
| Feature | no-cache | no-store |
|---|---|---|
| Response stored in cache? | Yes | No |
| Conditional requests (304)? | Yes | No |
| Bandwidth savings? | Yes (304 responses) | No |
| Full network request every time? | No (if 304) | Yes |
| Privacy level | Moderate | Maximum |
When to Use Each
Use no-cache when:
- Content changes frequently but you want 304 optimization
- You need to guarantee freshness without sacrificing performance
- Server supports ETag or Last-Modified headers
Use no-store when:
- Response contains highly sensitive data (banking, medical)
- You must prevent any trace from being written to disk
- Compliance requirements mandate zero caching
Use Case
Online banking applications should use 'no-store' on pages displaying account balances and transaction history to prevent sensitive financial data from being written to the browser's disk cache. A news website's homepage, on the other hand, benefits from 'no-cache' because it needs to be fresh on every visit, but a 304 response saves bandwidth when the content hasn't changed between page views.