Does the "no-store" directive also apply to .css, .js files and images in the .html response?

Let’s say the client wants to access this url: somepage.com

And I respond with the body of the file somepage.html:

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <title>HTML 5 Boilerplate</title>
    <link rel="stylesheet" href="style.css">
  </head>
  <body>
	<img src="dinosaur.jpg" />
	<script src="index.js"></script>
  </body>
</html>

And in the header I have put these directives:

w.Header().Set("Cache-Control", "no-store;must-revalidate")

My question is will these three files (style.css, index.js and dinosaur.jpg) be cached or not?

Does the no-store directive affect only the somepage.html file or does it also affect all files in that .html?

I’m pretty sure you need to set the headers for each HTTP response but browsers are weird and don’t always follow spec, so feel free to chime in if you have more information. From MDN:

The way that responses are distinguished from one another is essentially based on their URLs:

URL Response body
https://example.com/index.html <!doctype html>...
https://example.com/style.css body { ...
https://example.com/script.js function main () { ...

So clearly it expects each of your requests to set its’ own cache control header. And if you read RFC9111:

There’s no mention of special handling for an Index page headers cascading to child elements. The assets your HTML page loads could be from a completely different server like <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css"> and that CDN would want to be able to control the caching headers on their side. HTTP doesn’t give a rip what type of content it’s transferring for the most part (though browsers do, obviously!).

In summary: add headers to all of your HTTP responses where you want to control caching.

1 Like