::  Posts  ::  RSS  ::  ◂◂RSS  ::  Contact

Preemptive Cache Validation: Pushing 304s

May 19th, 2015

While most websites could switch most of their resources to longcaching, typically sites still use simple urls and short cache lifetimes because longcaching (a) would require explicit effort on the part of someone who has lots of other things to worry about and (b) isn't 100% safe for web servers to apply automatically. [1]

This means there are very many times when a resource is sitting stale in the browser cache while the server knows it's still valid. In this case the browser has to check with the server and wait for a 304 Not Modified before it can use the resource. If the server could preemptively notify the client in cases where a cached result was still valid, this would cut out lots of blocking round trips and speed up pages a lot.

When I posted about this on public-webappsec one of the responses was that with SPDY or HTTP/2 it's possible to do this for your own resources by pushing down a preemptive 304 Not Modified response for the resource. You just set the ETag on the response to the current ETag, and then if the cached-but-stale resource has a matching ETag the browser should be able to use it.

When I tested this, however, both Chrome and Firefox don't seem to implement it this way. I wrote a little web app based on node-spdy [2] that tests the three combinations:

The code is here and you can talk to a live server on jefftk.com:3232. Unfortunately it doesn't work:

That should be including a line for "ran 304-pushed external js" and saying something interesting in the console, but it seems to have stopped with the 304. I see the same thing running on WebPageTest.

I still need to figure out if this is something that is supposed to be supported, but at least for now it's not working in Chrome or Firefox.

[1] Though this is one of the optimizations PageSpeed makes, and on nearly all sites it works well. It's just that very occasionally this will confuse existing JavaScript on the page, and including hashes in urls is also a very user-visible change.

[2] I tried to use node-http2 first, but I couldn't get Chrome or Firefox to talk to it over HTTP/2. Instead they both fell back to HTTPS, which means no server push. I think the problem may be that node-http2 implements an older draft version of HTTP/2 that the browsers have dropped support for?

Comment via: google plus, facebook

More Posts:

Older Post:

Newer Post:

  ::  Posts  ::  RSS  ::  ◂◂RSS  ::  Contact