Today’s public service announcement to clear up two extremely common misconceptions:
1. The no-cache directive does not mean “do not cache” (even though IE versions prior to IE10 implemented it that way).
What it really means is do not reuse this item from the cache without first validating with the server that it is fresh.
If the no-cache directive does not specify a field-name, then a cache MUST NOT use the response to satisfy a subsequent request without successful revalidation with the origin server.
2. The must-revalidate directive does not mean “you must revalidate this resource with the server before using it.”
What it really means is do not reuse this item from the cache after it expires without first validating with the server that it is fresh. It’s basically saying: “Don’t ignore the Expires and max-age directives.” Which a client absolutely shouldn’t be doing anyway.
If the response includes the "must-revalidate" cache-control directive, the cache MAY use that response in replying to a subsequent request. But if the response is stale, all caches MUST first revalidate it with the origin server