Timestamps in HTTP Headers

HTTP uses timestamps in several headers to control caching, conditional requests, and content freshness. Understanding these headers is essential for building performant web applications and APIs.

Key timestamp headers:

Date: Mon, 15 Jan 2024 09:30:00 GMT
Last-Modified: Sun, 14 Jan 2024 20:00:00 GMT
Expires: Tue, 16 Jan 2024 09:30:00 GMT

All HTTP timestamp headers use a subset of RFC 2822 format, specifically the "preferred" format from RFC 7231: Day, DD Mon YYYY HH:MM:SS GMT. The timezone must always be GMT (which is functionally equivalent to UTC for this purpose).

How each header works:

Date — The time the server generated the response. Set automatically by most web servers. Used by caches to calculate the age of a response.

Last-Modified — When the resource was last changed. Enables conditional requests: the client sends If-Modified-Since with this value, and the server returns 304 Not Modified if nothing changed, saving bandwidth.

# Client request
GET /api/data HTTP/1.1
If-Modified-Since: Sun, 14 Jan 2024 20:00:00 GMT

# Server response (no changes)
HTTP/1.1 304 Not Modified

Expires — When the response becomes stale. After this time, the cache must revalidate. Largely superseded by Cache-Control: max-age which is specified in seconds rather than an absolute date.

Cache-Control — Uses relative seconds, not formatted dates:

Cache-Control: max-age=3600    # Fresh for 1 hour
Cache-Control: s-maxage=86400  # CDN can cache for 1 day

Common pitfalls:

Sending a Last-Modified value in the future causes undefined behavior in caches. Sending an Expires date in the past tells caches the response is already stale (sometimes used intentionally to disable caching). If both Expires and Cache-Control: max-age are present, max-age takes precedence.

ETag vs. Last-Modified: For resources that change more than once per second, Last-Modified lacks the precision to detect changes. Use ETag (a hash or version identifier) instead. Many systems use both for maximum compatibility.