After asking a question about sending “304 Not Modified” for images stored in the in the Google App Engine datastore, I now have a question about Cache-Control.

My app now sends Last-Modified and Etag, but by default GAE alsto sends Cache-Control: no-cache. According to this page:

The “no-cache” directive, according to
the RFC, tells the browser that it
should revalidate with the server
before serving the page from the
cache. […] In practice, IE and
Firefox have started treating the
no-cache directive as if it instructs
the browser not to even cache the
page.

As I DO want browsers to cache the image, I’ve added the following line to my code:

self.response.headers['Cache-Control'] = "public"

According to the same page as before:

The “cache-control: public” directive
[…] tells the browser and proxies
[…] that the page may be cached.
This is good for non-sensitive pages,
as caching improves performance.

The question is if this could be harmful to the application in some way? Would it be best to send Cache-Control: must-revalidate to “force” the browser to revalidate (I suppose that is the behavior that was originally the reason behind sending Cache-Control: no-cache)

This directive insists that the
browser must revalidate the page
against the server before serving it
from cache. Note that it implicitly
lets the browser cache the page.