Website Cache Checker
Paste the response from `curl -I`. We parse Cache-Control directives (public / private / no-store / no-cache / must-revalidate / immutable / max-age / s-maxage), Pragma, Expires, ETag, Last-Modified, Age, Vary, and the CDN cache-status header (cf-cache-status / x-vercel-cache / x-cache / etc.). Computes the actual freshness window, surfaces contradictions (public + private), and explains every directive in plain English. 100% offline.
What is the Website Cache Checker?
Website Cache Checker is the cache-specific deep-dive that complements the HTTP Header Checker's broader audit. Every cache-related header gets first-class treatment. Cache-Control is parsed into its directives — recognising `public`, `private`, `no-store`, `no-cache`, `must-revalidate`, `immutable`, `max-age=N`, `s-maxage=N`, `stale-while-revalidate=N` — and each directive's effect is explained in plain English. The freshness window is computed in priority order: `s-maxage` wins for shared caches, then `max-age`, then `Expires`, then nothing (heuristic caching). We surface the actual seconds-of-freshness and convert to human time (3h, 1d, 1y). Contradictions are flagged (public + private, both Cache-Control and Expires set). Validators (ETag, Last-Modified) are surfaced — and we warn when a response is cacheable but has neither (every revalidation re-downloads in full). Age is checked against the freshness — if Age > max-age, the response is stale. The CDN cache-status header is interpreted (HIT / MISS / EXPIRED / DYNAMIC) for Cloudflare, Fastly, Vercel, AWS, Azure, Akamai. Vary is parsed with a specific warning for `Vary: *` (every request is unique → caches can never reuse).
How to use it
- Run `curl -I https://example.com` (or copy from DevTools' Headers tab).
- Paste into the textarea.
- Read the headline: freshness window + ok/warn/error counts.
- Scroll through Findings — each one explains a single directive or signal.
Benefits
- Cache-Control parsed into directives — each explained in plain English.
- Freshness window computed by priority: s-maxage → max-age → Expires.
- Plain-text humanised freshness (1m, 1h, 1d, 1y).
- Contradiction detection — public + private together is flagged.
- Validator audit — warns when cacheable but no ETag / Last-Modified.
- Age vs max-age comparison — flags stale responses.
- CDN cache-status (HIT / MISS / EXPIRED / DYNAMIC) interpreted.
- Vary: * warning — every request is unique → no caching possible.
- Runs 100% in your browser.
Frequently asked questions
What's the difference between no-cache and no-store?
`no-store` forbids storing the response at all (sensitive data). `no-cache` allows storage but requires revalidation before each reuse. Most HTML uses `no-cache`; banking/health responses use `no-store`.
When does `immutable` matter?
On fingerprinted asset URLs (e.g. /app.abc123.js). It tells the browser the content will never change during max-age, so a soft-reload doesn't trigger a revalidation. Saves bytes.
Why does max-age > 1 year get a note?
RFC 7234 says implementations may cap max-age. While in practice most caches respect 1+ year, it's a signal you've set a value that's not portable. For fingerprinted URLs use `immutable` + 1 year — that's the standard recipe.
Why is public + private a contradiction?
They say opposite things — public means any cache may store, private means only the browser cache. RFC says private wins, but it varies by implementation. Pick one.
What's the difference between max-age and s-maxage?
max-age applies to all caches (including the browser). s-maxage overrides max-age for shared caches (CDNs, proxies) only — useful when you want the CDN to cache longer than the browser.
What's the right cache strategy for HTML?
Common: `Cache-Control: public, max-age=0, must-revalidate` with an ETag. Browser caches the response but revalidates on every use, getting a 304 when unchanged. Origin gets a small request but no body transfer.
What's the right strategy for fingerprinted assets?
`Cache-Control: public, max-age=31536000, immutable`. Browser caches for a year, never revalidates. Changing the file changes the URL (e.g. /app.abc123.js → /app.def456.js).
Why does Vary: * mean no caching?
Vary tells caches to key the response by each listed header. `Vary: *` means every request is potentially unique, so no two responses can share a cache slot. Avoid it.
Does it work with HTTP/2 pseudo-headers?
The status line `HTTP/2 200` is recognised. Pseudo-headers like `:status` are not parsed — strip them before pasting.
Are my pastes saved?
Yes — input persists in localStorage.
Is anything uploaded?
No. Audit runs entirely in your browser.
Related tools
See all developer toolsHTTP Header Checker
Paste a response and audit security, caching, CORS and content headers.
CDN Checker
Fingerprint the CDN from response headers — Cloudflare, Fastly, Akamai, CloudFront, Vercel, more.
Redirect Chain Checker
Paste `curl -IL` output — every hop's status, Location, server, signals.
Canonical URL Checker
Paste HTML; audit canonical, og:url, twitter:url, hreflang and normalise URLs.