Expires vs max-age, which one takes priority if both are declared in a HTTP response?

Question

If a HTTP response that returns both Expires and max-age indications which one is used?

Cache-Control: max-age=3600
Expires: Tue, 15 May 2008 07:19:00 GMT


        

Answer 1

But what does the rfc-6265 spec say like this?

A cookie is "expired" if the cookie has an expiry date in the past.


Finally, to remove a cookie, the server returns a Set-Cookie header
with an expiration date in the past.

Answer 2

See this answer:

Difference between three .htaccess expire rules

If a response includes both an Expires header and a max-age directive, the max-age directive overrides the Expires header, even if the Expires header is more restrictive. This rule allows an origin server to provide, for a given response, a longer expiration time to an HTTP/1.1 (or later) cache than to an HTTP/1.0 cache. This might be useful if certain HTTP/1.0 caches improperly calculate ages or expiration times, perhaps due to desynchronized clocks.

Answer 3

This case is explained in the official RFC on W3C.

The max-age directive takes priority over Expires