Removing public option from htaccess Cache-Control


Recently I check the speed of my website.
Using GTMetrix my initial scores were F for the site speed and E for YSlow.
After tweaking I was able to increase it to A and B.

Using Google tool isn’t great at the moment: mobile 34 and desktop 56 but I hope I’ll improve it.

One of the things I did I leveraged browser caching using mod_expires adding the following into my .dhaccess file.

<IfModule mod_expires.c>
    ExpiresActive On

    # Images
    ExpiresByType image/jpg "access plus 1 year"
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType image/webp "access plus 1 year"
    ExpiresByType image/svg+xml "access plus 1 year"
    ExpiresByType image/x-icon "access plus 1 year"

    # Video
    ExpiresByType video/mp4 "access plus 1 year"
    ExpiresByType video/mpeg "access plus 1 year"

    # CSS, JavaScript
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType text/x-javascript "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"

    ExpiresByType application/pdf "access plus 1 month"
    ExpiresByType application/x-shockwave-flash "access plus 1 month"
    ExpiresDefault "access plus 2 days"

# End of Leverage browser caching using mod_expires #

Then I run these tow commands:
sudo a2enmod expires
sudo service apache2 restart

So something has changed. initially, my ‘Cache-Control’ was public, after my changes, I can see that it is one year for my images & also public, which is on Magento commerce has only one year.

Can you please give me a tip about what am I doing wrong. and how to set it up correctly?

Thank you.

I’m not sure I understand what you’re asking. You don’t want “public” to show? If so, what’s the issue with having “public” set?

Hi Craig,

Sorry for not being clear.
Is public OK and if so I’m OK with it?
If it shouldn’t be there I’d like to correct it.

Sorry if I’m asking stupid questions :confused:

Cache-Control: public is totally normal. This website has the same policies. The only time this wouldn’t apply is if you’re loading sensitive assets on a per user basis.

I suspect that not setting “public” would simply default to being read as if it were “public” anyway (requires fact checking).

public: Indicates that the response MAY be cached by any cache, even if it would normally be non-cacheable or cacheable only within a non- shared cache.

private: Indicates that all or part of the response message is intended for a single user and MUST NOT be cached by a shared cache. This allows an origin server to state that the specified parts of the

no-cache: If the no-cache directive does not specify a field-name, then a cache MUST NOT use the response to satisfy a subsequent request without successful revalidation with the origin server. This allows an origin server to prevent caching even by caches that have been configured to return stale responses to client requests.


1 Like

Side Note: I’d recommend making those Cache-Control changes in your Apache Configs rather than the .htaccess file. Purely because the .htaccess file in the Magento root directory gets overwritten every-time you do an update.

Thank you, It is a valid point :+1:

Where will I find the file?
Is it apache2.conf file sitting in /etc/apache2/

All is working fine. I added the following to my 000-default.conf

 # Leverage browser caching using mod_headers #
<IfModule mod_headers.c>
# One year for image files
<FilesMatch "\.(jpg|jpeg|gif|png|webp|svg+xmlZx-icon)$">
Header set Cache-Control max-age=31557600

# One year for video files
<FilesMatch "\.(mp4|mpeg)$">
Header set Cache-Control max-age=31557600

# One month for CSS, JavaScript
<FilesMatch "\.(css|x-javascript)$">
Header set Cache-Control max-age=2628000

# One month for Others
<FilesMatch "\.(pdf|x-shockwave-flash)$">
Header set Cache-Control max-age=2628000
# End of Leverage browser caching using mod_headers #

And running these commands but and error massage is shown. I don’t think I’m going it correctly.
sudo a2enmod expires
sudo service apache2 restart

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.