← Back to Additional Topics

Browser Caching

Additional TopicsMidcaching

The Question

How does browser caching work?

What a Strong Answer Covers

  • Cache-Control directives (max-age
  • no-cache
  • no-store). ETag + 304. Hit vs miss.

Senior-Level Answer

Browser caching is a mechanism by which a web browser stores copies of HTTP responses locally, reusing them for subsequent requests to avoid unnecessary network round-trips. The behavior is entirely controlled by HTTP response headers set by the server.

The primary control header is **Cache-Control**. The `max-age=N` directive tells the browser the resource is fresh for N seconds and can be served from the local cache without contacting the server — this is called a **strong cache hit** and has zero network overhead. Common directives include `no-cache` (must revalidate with the server before using the cached copy — despite the name, the response is still cached), `no-store` (do not cache at all), `public` (CDNs and proxies may also cache it), and `private` (only the end-user's browser may cache it, not intermediate proxies).

The older **Expires** header specifies an absolute date/time for expiry, but it has fallen out of favor because it requires synchronized clocks and is less flexible than `Cache-Control max-age`.

When a cached resource expires, the browser performs a **conditional request** using revalidation headers rather than fetching the full resource. Two mechanisms exist: - **ETag** / **If-None-Match**: The server assigns an opaque token (typically a hash of the content) to the response. On revalidation, the browser sends `If-None-Match: <etag>`. If the content hasn't changed, the server responds `304 Not Modified` with no body — saving bandwidth while confirming freshness. - **Last-Modified** / **If-Modified-Since**: The server sends the resource's last modification date; the browser echoes it back on revalidation. Less reliable than ETags for byte-identical detection.

For **cache busting** with immutable assets (JavaScript bundles, CSS), the best practice is content-addressed filenames (e.g., `main.a3f9c2.js`) combined with `Cache-Control: max-age=31536000, immutable`. The `immutable` directive tells the browser not to revalidate even on manual refresh, eliminating conditional requests for assets that will never change at a given URL. When the content changes, the filename hash changes, forcing a fresh fetch.

Service Workers add a programmable caching layer that intercepts all fetch events, enabling offline-first strategies, background sync, and fine-grained cache invalidation beyond what HTTP headers alone provide.

What Separates a 2/3 from a 3/3

2/3 — Passing but Incomplete

Correctly explains Cache-Control max-age for strong caching and ETag/304 for revalidation. May not distinguish no-cache vs. no-store or mention cache busting strategies.

3/3 — Strong Answer

Covers Cache-Control directives precisely (including the no-cache misnaming trap), explains both ETag and Last-Modified revalidation, describes the immutable + content hash pattern for static assets, and mentions Service Workers as a programmatic caching layer.

Common Mistakes

  • Saying no-cache means 'don't cache' — it actually means 'revalidate before using the cache'.
  • Treating ETag and Last-Modified as equivalent — ETags are more reliable for byte-identical comparison.
  • Not explaining cache busting for versioned static assets — a critical gap for frontend interviews.
  • Conflating browser cache with CDN cache — both use the same Cache-Control headers but serve different audiences.

Follow-Up Questions

  • What is the difference between Cache-Control: no-cache and no-store? — no-cache: cached but must revalidate before use. no-store: must not be stored anywhere, ever. Used for sensitive data like bank transactions.
  • How would you immediately invalidate a cached resource that has a long max-age? — You can't invalidate a browser cache directly. Strategies: change the URL (query string or filename hash), or set a short max-age and accept some stale period. CDN caches can be purged via API.
  • What does the Vary header do and when would you use it? — Tells caches to store separate entries based on a request header (e.g., Vary: Accept-Encoding, Accept-Language). Required when the same URL can return different content based on negotiation.
  • How do Service Workers extend browser caching capabilities beyond HTTP headers? — They intercept all fetch events programmatically, enabling cache-first, network-first, stale-while-revalidate strategies, and offline-first apps — with full JavaScript control over what gets cached.

Related Questions

  • CAP theorem
  • SQL vs NoSQL
  • Big O basics
  • N+1 problem
  • AI tools in workflow

Can You Explain This Cold?

Reading the answer is step one. Explaining it unprompted — under interview pressure — is what actually matters. Get AI-graded feedback on your answer with follow-up probes on your weak points.

Get Graded — Free Assessment
GrindQuestionsAITechnical interview assessment
TermsPrivacyAbout