HTTP Caching in Node.js APIs: ETag, Cache-Control, and stale-while-revalidate Explained

HTTP caching is one of those topics where everyone knows it exists, few people implement it correctly, and almost nobody talks about the failure modes. This is the guide I wish existed when I was building my first API that needed to stay fast under load. What HTTP caching actually is HTTP caching isn't one mechanism. It's a family of related headers that tell clients and proxies what to do with a response. Getting them wrong means either stale data reaching users or your server hammered on every request. The three headers you need to understand: Cache-Control: max-age=300, stale-while-revalidate=60 ETag: "33a64df551425fcc55e4d42a148795d9f25f89d" Last-Modified: Wed, 19 Mar 2026 12:00:00 GMT These do very different things. Let's break them down. Cache-Control The most important header. It tells the browser (and any CDN/proxy in between) how long to cache the response. // The directives you'll actually use: res.setHeader('Cache-Control', 'public, max-age=300'); // Public = CDNs can cache