Skip to main content

HTTP Immutable Responses

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft whose latest revision state is "Replaced".
Author Patrick McManus
Last updated 2016-10-26
Replaced by draft-ietf-httpbis-immutable, RFC 8246
RFC stream (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date (None)
Responsible AD (None)
Send notices to (None)
Network Working Group                                         P. McManus
Internet-Draft                                                   Mozilla
Intended status: Standards Track                        October 26, 2016
Expires: April 29, 2017

                        HTTP Immutable Responses


   The immutable HTTP response Cache-Control extension allows servers to
   identify resources that will not be updated during their freshness
   lifetime.  This assures that a client never needs to revalidate a
   cached fresh resource to be certain it has not been modified.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 29, 2017.

Copyright Notice

   Copyright (c) 2016 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   ( in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

McManus                  Expires April 29, 2017                 [Page 1]
Internet-Draft                     I-D                      October 2016

1.  Introduction

   The HTTP freshness lifetime [RFC7234] caching attribute specifies
   that a client may safely reuse a response to satisfy future requests
   over a specific period of time.  It does not specify that the
   resource will be not be modified during that period.

   For instance, a front page newspaper photo with a freshness lifetime
   of one hour would mean that no user should see a photo more than one
   hour old.  However, the photo could be updated at any time resulting
   in different users seeing different photos depending on the contents
   of their caches for up to one hour.  This is compliant with the
   caching mechanism defined in [RFC7234].

   Users that need to confirm there have been no updates to their
   current cached resources typically invoke the reload (or refresh)
   mechanism in the user agent.  This in turn generates a conditional
   request [RFC7232] and either a new representation or, if unmodified,
   a 304 response [RFC7231] is returned.  A user agent that manages HTML
   and its dependent sub-resources may issue hundreds of conditional
   requests to refresh all portions of a common HTML page [REQPERPAGE].

   Through the use of the versioned URL design pattern some content
   providers never create more than one variant of a sub-resource.  When
   these resources need an update they are simply published under a new
   URL, typically embedding a variant identifier in the path, and
   references to the sub-resource are updated with the new path

   For example, might be updated
   and republished as https://102026/main.css and the html that
   references it is changed at the same time.  This design pattern
   allows a very large freshness lifetime to be applied to the sub-
   resource without guessing when it will be updated in the future.

   Unfortunately, the user-agent is not aware of the versioned URL
   design pattern.  User driven refresh events still translate into
   wasted conditional requests for each sub-resource as each will return
   304 responses.

   The immutable HTTP response Cache-Control extension allows servers to
   identify resources that will not be updated during their freshness
   lifetime.  This effectively instructs the client that any conditional
   request for a previously served variant of that resource may be
   safely skipped without worrying that it has been updated.

McManus                  Expires April 29, 2017                 [Page 2]
Internet-Draft                     I-D                      October 2016

2.  The immutable Cache-Control extension

   When present in an HTTP response, the immutable Cache-Control
   extension indicates that the origin server MUST NOT update the
   representation of that resource during the freshness lifetime of the

   The immutable extension only applies during the freshness lifetime of
   the response.  Stale responses SHOULD be revalidated as they normally
   would be in the absence of immutable.

   The immutable extension takes no arguments and if any arguments are
   present they have no meaning.  Multiple instances of the immutable
   extension are equivalent to one instance.  The presence of an
   immutable Cache-Control extension in a request has no effect.

2.1.  Example

   Cache-Control: max-age=31536000, immutable

3.  Security Considerations

   The immutable mechanism acts as form of soft pinning and, as with all
   pinning mechanisms, creates a vector for the amplification of a cache
   poisoning attack.  Two mechanisms are suggested for mitigation of
   this risk:

   o  Clients should ignore immutable for resources that are not part of
      a secure context [SECURECONTEXTS].  Authenticated resources are
      less vulnerable to cache poisoning.

   o  User-Agents often provide two different refresh mechanisms: reload
      and some form of force-reload.  The latter is used to rectify
      interrupted loads and other corruption.  These reloads should
      ignore immutable as well.

4.  IANA Considerations

   [RFC7234] sections 7.1 and 7.1.2 require registration of the
   immutable extension in the "Hypertext Transfer Protocol (HTTP) Cache
   Directive Registry" with IETF Review.

   o  Cache-Directive: immutable

   o  Pointer to specification text: [this document]

McManus                  Expires April 29, 2017                 [Page 3]
Internet-Draft                     I-D                      October 2016

5.  Acknowledgments

   Thank you to Ben Maurer for partnership in developing and testing
   this idea.

6.  References

6.1.  Normative References

   [RFC7231]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
              Protocol (HTTP/1.1): Semantics and Content", RFC 7231,
              DOI 10.17487/RFC7231, June 2014,

   [RFC7232]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
              Protocol (HTTP/1.1): Conditional Requests", RFC 7232,
              DOI 10.17487/RFC7232, June 2014,

   [RFC7234]  Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
              Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",
              RFC 7234, DOI 10.17487/RFC7234, June 2014,

6.2.  Informative References

              West, M., "Secure Contexts", n.d., <

              "HTTP Archive", n.d.,

Author's Address

   Patrick McManus


McManus                  Expires April 29, 2017                 [Page 4]