⇤ Web Application Header Assessment
Required for HTTP/1.0 and optional for HTTP/1.1
The Expires
header is required for HTTP/1.0 to indicate when the response gets stale and optional for HTTP/1.1 because Cache-Control
(which serves a similar purpose) was only introduced in HTTP/1.1.
Expired headers must either have a value that's an integer less than or equal to zero or contain a valid date in the format specified by RFC-7231. A date more than one year in the future will incur a slight penalty. The date format for the Expires header is defined in RFC-7231 (section 7.1.1.1). The date format strictly specifies GMT as the time zone.
See finding messages.
- August 30, 2024: Requirements context.
- September 12, 2023: Separated finding messages.
- September 10, 2018: Published.
Feedback
0 comments
Please sign in to leave a comment.