Home/ Questions/Q 3460286
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-18T10:12:39+00:00

I have not found any specification about whether duplicate HTTP response headers are allowed

  • 0

I have not found any specification about whether duplicate HTTP response headers are allowed by the standard, but I need to know if this will cause compatibility issues.

Say I have a response header like this:

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.3SP1 (build: CVSTag=JBoss_4_0_3_SP1 date=200510231054)/Tomcat-5.5
Cache-Control: no-cache
Cache-Control: no-store
Location: http://localhost:9876/foo.bar
Content-Language: en-US
Content-Length: 0
Date: Mon, 06 Dec 2010 21:18:26 GMT

Notice that there are two Cache-Control headers with different values. Do browsers always treat them as if they are written like “Cache-Control: no-cache, no-store”?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Yes

    HTTP RFC2616 available here says:

    Multiple message-header fields with the same field-name MAY be present
    in a message if and only if the entire field-value for that header
    field is defined as a comma-separated list [i.e., #(values)]. It MUST
    be possible to combine the multiple header fields into one
    “field-name: field-value” pair, without changing the semantics of the
    message, by appending each subsequent field-value to the first, each
    separated by a comma. The order in which header fields with the same
    field-name are received is therefore significant to the interpretation
    of the combined field value, and thus a proxy MUST NOT change the
    order of these field values when a message is forwarded

    So, multiple headers with the same name is ok (www-authenticate is such a case) if the entire field-value is defined as a comma-separated list of values.

    Cache-control is documented here: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9 like this:

    Cache-Control   = "Cache-Control" ":" 1#cache-directive

    The #1cache-directive syntax defines a list of at least one cache-directive elements (see here for the formal definition of #values: Notational Conventions and Generic Grammar)

    So, yes,

    Cache-Control: no-cache, no-store

    is equivalent to (order is important)

    Cache-Control: no-cache
Cache-Control: no-store
    • 0