public— marks authenticated responses as cacheable; normally, if HTTP authentication is required, responses are automatically private.
private— allows caches that are specific to one user (e.g., in a browser) to store the response; shared caches (e.g., in a proxy) may not.
no-cache— forces caches to submit the request to the origin server for validation before releasing a cached copy, every time. This is useful to assure that authentication is respected (in combination with public), or to maintain rigid freshness, without sacrificing all of the benefits of caching.
no-store— instructs caches not to keep a copy of the representation under any conditions.