What is the difference between max-age=0 and max-age=-1 in Cache Control?

Question

What's the difference in browser behavior between two headers Cache-control: max-age=0 and Cache-control: max-age=-1?

If the browser receives max-age=0, it will revalidate cache immediately. If the browser receives max-age=10, it will revalidate cache after 10 seconds. What's browser behavior with max-age=-1? Is it the same like with max-age=0? If yes, why we need both?

Answer 1

max-age takes an argument that matches delta-seconds:

The delta-seconds rule specifies a non-negative integer, representing
time in seconds.

  delta-seconds  = 1*DIGIT

max-age=-1 is therefore not a valid directive, and the specification doesn't define an interpretation. The spec suggests:

Caches are
encouraged to consider responses that have invalid freshness
information to be stale.

Answer 2

From https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.3

max-age When an intermediate cache is forced, by means of a max-age=0 directive, to revalidate its own cache entry, and the client has supplied its own validator in the request, the supplied validator might differ from the validator currently stored with the cache entry. In this case, the cache MAY use either validator in making its own request without affecting semantic transparency. However, the choice of validator might affect performance. The best approach is for the intermediate cache to use its own validator when making its request. If the server replies with 304 (Not Modified), then the cache can return its now validated copy to the client with a 200 (OK) response. If the server replies with a new entity and cache validator, however, the intermediate cache can compare the returned validator with the one provided in the client's request, using the strong comparison function. If the client's validator is equal to the origin server's, then the intermediate cache simply returns 304 (Not Modified). Otherwise, it returns the new entity with a 200 (OK) response.

From https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age

delta-seconds Maximum number of seconds the results can be cached. Firefox caps this at 24 hours (86400 seconds) and Chromium at 10 minutes (600 seconds). Chromium also specifies a default value of 5 seconds. A value of -1 will disable caching, requiring a preflight OPTIONS check for all calls.