HTTP Expires header values "0" and "-1"

What is the difference between Expires: 0 and Expires: -1 in the HTTP response header? RFC 2616 defines invalid date formats, especially including the value "0" as already expired. However, some servers (e.g. www.google.de) reply with Expires: -1.

Is there an advantage over using -1 over 0 or is this even required for some broken HTTP clients?

The problem is in how invalid Expires header processed by Internet Explorer (especially older versions). IE uses Trident layout engine and WinINET API to process HTTP requests. As you may know Expires could be specified in HTTP header

Expires: 0

or in meta tag

<meta http-equiv="Expires" content="0">

In second case, Expires became part of the response content (not header content), so it will be processed by Trident and then propagated to WinINET:

> If WinINET downloads a response with an invalid Expires header (e.g. > one that doesn’t contain a valid HTTPDATE value) and no other caching > directives, it will mark the document as having expired one hour ago. > Trident, however, has no such logic. If you specify an invalid time, > Trident grabs the current timestamp and uses that as the expiration. > Trident will also use the current timestamp if it encounters the > Pragma: no-cache directive. If the user tries to re-navigate to the > current document during same exact second that the HTTP/404 was > processed, the incorrectly-updated expiration of the existing cache > entry will result in it being treated as fresh for that request. If > the user hit the Refresh button or F5, the cache would be bypassed and > the 404 page would be shown.

In other words Expires: 0 not always leads to immediate resource expiration, therefore should be avoided and Expires: [some valid date in the past] should be used instead.

Expires: -1 The Expires header specifies when the content should be considered to be out of date. The value -1 indicates that the content expires immediately and would have to be re-requested before being displayed again. http://www.httpwatch.com/httpgallery/headers/

max-age=0 simply tells caches (and user agents) the response is stale from the get-go and so they SHOULD revalidate the response (eg. with the If-Not-Modified header) before using a cached copy, whereas, no-cache tells them they MUST revalidate before using a cached copy.

for more info look into http://www.w3.org/Protocols/HTTP/1.1/rfc2616.pdf

Using "-1" is invalid, and would be treated the same as "0". It should not trigger a reload at all.

Be careful: in some browsers, it may give 1 hour extra or use default expire time for caching.

1- So better to give it a correct old date like:

<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Expires" content="Tue, 01 Jan 1980 1:00:00 GMT" />

For formal work, I advise to give the current date time to meta Expires instead of using Old fixed date ( that will make search engines like google mark your site as old and not be shown on toppers)

2- if your Backend is PHP you can deal with it like:

<meta http-equiv="Expires" content="<?php echo gmdate('D, d M Y H:i:s', time()-3600) . ' GMT' ?>" />

PS: I give one hour before just for in case.