Setting an expiry date or a maximum age in the HTTP headers


An HTTP cookie is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. Cookies were designed to be a reliable mechanism for websites to remember stateful information (such as items added in the shopping cart in an online store) or to record the user’s browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). They can also be used to remember arbitrary pieces of information that the user previously entered into form fields such as names, addresses, passwords, and credit card numbers.

Cookies can be created by either setting the Expires attribute to a date in the future or by setting both the Expires and Max-Age attributes. If you set only one of these attributes, Internet Explorer will display a warning message when you browse to a page that sets a cookie. The warning message is displayed only once per session.

The following illustration shows how setting both attributes prevents Internet Explorer from displaying warning messages.

The Domain attribute controls whether cookies are sent with subdomains. For example, if you set, cookies will be sent with requests to but not or

What is an expiry date or a maximum age?

The Expires header tells the client how long a representation of the resource is considered fresh. The max-age directive takes precedence over Expires.

If neither Expires nor max-age is present, the client SHOULD consider the entity to be stale. An entity MUST NOT be served stale by a cache under any circumstances.

age_value: see HTTP/1.1 delta-seconds
inpractice, many implementations use only a subset of the possible range
(e.g., one month is common)

    If no caching directives are specified by an origin server, a cache MAY
    assume any freshness lifetime it deems appropriate without violating
    this specification.</p><br /><h2>How to set an expiry date or a maximum age</h2><br /><p></p><br /><h3>In the Apache configuration file</h3><br /><p>

The ExpiresDefault directive sets the Expires date and the Cache-Control max-age directive for any file that doesn’t have an explicit expiration date set. You can set this directive to a specific number of hours, or to “access plus” a number of hours, or to “modification plus” a number of hours.

To set an expiry date or a maximum age in the Apache configuration file, add the following line to your .htaccess file:

ExpiresDefault “access plus 2 days”

This will set the expiry date for all files that don’t have one set explicitly to two days from now.

In the .htaccess file

If you are using the Apache Web server, you can set an expiry date or a maximum age in the http headers by adding the following line of code to your .htaccess file:

Header set Cache-Control “max-age=2592000, public”

This line of code will set the expiry date to 30 days (or 2592000 seconds).


In general, setting an expiry date or a maximum age in the http headers for static resources instructs the browser to load previously downloaded resources from local disk rather than over the network.

A good rule of thumb is to set an expiry date 1 year in the future for static resources that change infrequently. If they change more frequently, set the expiry date shorter. These instructions tell the browser to cache these items until next year and to check for newer versions only when the cached items expires.

For dynamic content, it is generally not practical to set an expiry date more than a few hours in the future because we can’t be sure how long it will remain valid. In such cases, we can set a shorter maximum age and rely on the browser’s built-in mechanism for checking for newer versions.

Leave a Reply

Your email address will not be published.