We have several files which are served through HTTP and which change from time to time.
Which are the HTTP headers, related to caching, that we should return in the HTTP response to optimize browser load speed while at the same time forcing the browser to validate that it has the last version of the file?
We are already setting an "Expires" header with a date in the past (there seems to be consensus at this point).
But then some people recommend setting this header:
Cache-Control: no-cache, no-store, must-revalidate
But the problem with this header is that it prevents the browser to keep a local copy of the file, so the file is downloaded every time, even if it doesn't change, with a 200 response code.
If I just use:
Cache-Control: no-cache
Then the browser (at least Firefox 14 and Chrome 20) keeps a local copy, sends If-Modified-Since and If-None-Match headers, and the server returns a 304 code and the file contents are not downloaded.  This is the optimum behavior for these files that can change at any time.
The problem is that I don't know if just setting "no-cache" is enough to force all browsers (including old but still used versions) and proxy servers to revalidate their locally cached copy with the server.
Finally, what about Pragma: no-cache header?  Should it be included in the HTTP response too?
 
                        

The best way, maybe not 100% fitting your needs is:
And give the file a "content dependent filename" such as stylesheet_v32.css. As soon as the content changes, change the filename + reference to and the browser gets the latest version. If the filename stays, the browser doesn't need to request it.
This is safe and consistent through out the browsers.
Relying on
Cache-Control: no-cacheand the browsers saving it anyway is what I wouldn't like to do.