When setting up a localhost caching reverse proxy I noticed that libravatar.org doesn't set the Cache-Control (and Expires) header.

Gravatar sets

Cache-Control: max-age=300

Should libravatar use something similar?

The libravatar API only mentioned caching in relation to SRV records (1 day = 24 hour?). Should avatars itself be allowed to be cached for 24 hours?

In @tastytea's libravatarserv example config for nginx the Expires and Cache-Control are set to 86400 (24 hours) (+ Cache-Control adds public):

https://schlomp.space/tastytea/libravatarserv/src/commit/de7e61a2fed91c0be3ab787907ff39f7f72b4043/doc/nginx-example.conf#L12-L14

Since the libravatar api very much rely on query string it's affected by https://httpd.apache.org/docs/trunk/caching.html#http-caching, under "What Can be Cached?":

If the URL included a query string (e.g. from a HTML form GET method) it will not be cached unless the response specifies an explicit expiration by including an "Expires:" header or the max-age or s-maxage directive of the "Cache-Control:" header, as per RFC2616 sections 13.9 and 13.2.1.

I suppose this might affect caching in clients? I haven't checked that.

Using mod_expires I used something like:

ExpiresActive On
ExpiresDefault "A86400"
Header merge "Cache-Control" "public"

(Maybe

ExpiresDefault "access plus 24 hours"`

is a bit more readable.)