Browsers partition the cache by “origin” now though, so while it can cache HTTPS content, it can’t effectively cache shared content (It’ll store multiple independent copies).
So Youtube still works fine, but Google Fonts is pointless now.
Edit: Oh yeah, and any form of shared JavaScript/CSS/etc. CDN is now also useless and should be avoided, but that’s always been the case.
Yeah, this is the point I was getting at, encrypted content tends to be personalized to individual users, not always I guess. But yeah, I’m not sure how much is left.
It was an issue for a long time that browsers just ignored the caching headers on content delivered over HTTPS, a baked in assumption that they must be private individual content. That’s not the case now, so sites have to specifically mark those pages as uncachable (I think Steam got hit by something like this not that long ago, a proxy was serving up other peoples user pages it had cached).
But for something like Google Fonts, the whole point of it was that a site could embed a large font family, and then every other visited site that also used it would simply share the first cached copy. Saving the bandwidth and amortizing the initial cost over the shared domains. Except now that no longer holds, instead of dividing the resources by the amount of sites using it, it’s multiplying it. So while a CDN might put the contents physical closer to the users, it doesn’t actually save any bandwidth (and depending on how it’s configured, it can actually slow page loads down)
HTTPS can in fact be cached, and most modern browsers will do so unless given a header or something to tell it not to.
Source: Devtools network tab + https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching
Browsers partition the cache by “origin” now though, so while it can cache HTTPS content, it can’t effectively cache shared content (It’ll store multiple independent copies).
So Youtube still works fine, but Google Fonts is pointless now.
Edit: Oh yeah, and any form of shared JavaScript/CSS/etc. CDN is now also useless and should be avoided, but that’s always been the case.
Yeah, this is the point I was getting at, encrypted content tends to be personalized to individual users, not always I guess. But yeah, I’m not sure how much is left.
It was an issue for a long time that browsers just ignored the caching headers on content delivered over HTTPS, a baked in assumption that they must be private individual content. That’s not the case now, so sites have to specifically mark those pages as uncachable (I think Steam got hit by something like this not that long ago, a proxy was serving up other peoples user pages it had cached).
But for something like Google Fonts, the whole point of it was that a site could embed a large font family, and then every other visited site that also used it would simply share the first cached copy. Saving the bandwidth and amortizing the initial cost over the shared domains. Except now that no longer holds, instead of dividing the resources by the amount of sites using it, it’s multiplying it. So while a CDN might put the contents physical closer to the users, it doesn’t actually save any bandwidth (and depending on how it’s configured, it can actually slow page loads down)