Cache-Control and Expires (#50) · Issues · Oliver Falk / ivatar

Cache-Control and Expires

When setting up a localhost caching reverse proxy I noticed that libravatar.org doesn't set the Cache-Control (and Expires) header.

Gravatar sets

Cache-Control: max-age=300

Should libravatar use something similar?

The libravatar API only mentioned caching in relation to SRV records (1 day = 24 hour?). Should avatars itself be allowed to be cached for 24 hours?

In @tastytea's libravatarserv example config for nginx the Expires and Cache-Control are set to 86400 (24 hours) (+ Cache-Control adds public):

https://schlomp.space/tastytea/libravatarserv/src/commit/de7e61a2fed91c0be3ab787907ff39f7f72b4043/doc/nginx-example.conf#L12-L14

Since the libravatar api very much rely on query string it's affected by https://httpd.apache.org/docs/trunk/caching.html#http-caching, under "What Can be Cached?":

If the URL included a query string (e.g. from a HTML form GET method) it will not be cached unless the response specifies an explicit expiration by including an "Expires:" header or the max-age or s-maxage directive of the "Cache-Control:" header, as per RFC2616 sections 13.9 and 13.2.1.

I suppose this might affect caching in clients? I haven't checked that.

Using mod_expires I used something like:

ExpiresActive On
ExpiresDefault "A86400"
Header merge "Cache-Control" "public"

(Maybe

ExpiresDefault "access plus 24 hours"`

is a bit more readable.)

When setting up a localhost caching reverse proxy I noticed that libravatar.org doesn't set the `Cache-Control` (and `Expires`) header.

Gravatar sets

```http
Cache-Control: max-age=300
```

Should libravatar use something similar?

The [libravatar API](https://wiki.libravatar.org/api/) only mentioned caching in relation to SRV records (1 day = 24 hour?). Should avatars itself be allowed to be cached for 24 hours?

In @tastytea's [libravatarserv](https://schlomp.space/tastytea/libravatarserv) example config for nginx the `Expires` and `Cache-Control` are set to 86400 (24 hours) (+ `Cache-Control` adds `public`):

<https://schlomp.space/tastytea/libravatarserv/src/commit/de7e61a2fed91c0be3ab787907ff39f7f72b4043/doc/nginx-example.conf#L12-L14>

Since the libravatar api very much rely on query string it's affected by <https://httpd.apache.org/docs/trunk/caching.html#http-caching>, under "What Can be Cached?":

> If the URL included a query string (e.g. from a HTML form GET
> method) it will not be cached unless the response specifies an
> explicit expiration by including an "Expires:" header or the
> max-age or s-maxage directive of the "Cache-Control:" header, as
> per RFC2616 sections 13.9 and 13.2.1.

I suppose this might affect caching in clients? I haven't checked that.

Using [mod_expires](https://httpd.apache.org/docs/2.4/mod/mod_expires.html) I used something like:

```apache
ExpiresActive On
ExpiresDefault "A86400"
Header merge "Cache-Control" "public"
```

(Maybe

```apache
ExpiresDefault "access plus 24 hours"`
```

is a bit more readable.)