Understanding HTTP 3xx Redirects and Caching: When and How to Use Them

HTTP status codes in the 300–399 range indicate redirection. They tell the client to use an alternative location or response instead of the original resource, allowing browsers to move transparently without user disruption.

300 Multiple Choices

Returned when a URL points to multiple resources. The server sends a list of options, enabling content negotiation (client‑driven, server‑driven, or transparent). Browsers may show a dialog for the user to pick a version, such as language‑specific pages.

301 Moved Permanently

Used when a URL has been permanently removed. The response includes a Location header with the new URL. Search engines treat this as a permanent move, transferring most of the original page’s ranking to the new address (Google passes most, but not all, of the weight).

302 Found

Indicates a temporary relocation. Clients should follow the Location URL for this request only, while future requests continue to use the original URL. Misuse can lead to URL hijacking and potential SEO penalties, so it should be avoided when possible.

303 See Other

Directs the client to retrieve the resource from another URL, typically after a POST request (e.g., after a file upload, redirect to a success page).

304 Not Modified

Returned for conditional GET requests when the resource has not changed since the client’s last fetch. The response contains no body and ends after the header block. Validation uses If-Modified-Since or If-None-Match (ETag) headers.

When checking whether a local copy is stale, browsers examine Cache-Control or Expires headers. Cache-Control (HTTP/1.1) defines a relative max‑age, while Expires (HTTP/1.0) provides an absolute date. If both are present, max‑age overrides Expires, ensuring backward compatibility.

Even if a cached copy expires, it may still be valid; the client performs a freshness check (revalidation) with the origin server using conditional headers.

305 Use Proxy

Indicates that the client must access the resource through a proxy specified in the Location header. Misuse can create security vulnerabilities, so this code is rarely used.

306 Unused

Deprecated in HTTP/1.1; previously meant “Switch Proxy.” It is now reserved and not used.

307 Temporary Redirect

Similar to 302 but preserves the original request method (e.g., POST). Clients should use the URL in the Location header for this request only, then revert to the original URL for subsequent requests. Because some browsers do not handle 307, the response often includes an HTML link to the new URL.

Chrome uses 307 for HSTS‑listed domains when redirecting.

Key Differences Between 302, 303, and 307

303 and 307 were introduced in HTTP/1.1 to refine the behavior of the original 302 code. A 302 response to a POST causes the client to issue a GET to the new URL. HTTP/1.1 uses 303 for the same purpose, while 307 replaces 302 for temporary redirects that must preserve the request method. For backward compatibility, 302 remains widely used.

What Does Cache-Control: no-cache Mean?

It does not prevent caching; the response may be stored locally but must be revalidated with the server before being served to the client.

To forbid any caching, use Cache-Control: no-store, which instructs caches to delete all traces of the document immediately.