31.Which header of HTTP response provides control over caching?
Cache-Control is the primary header to control caching.
32.Which header of HTTP response sets expiration date and time of caching?
Expires header sets expiration date and time of caching.
33.Which directive of Cache Control Header of HTTP response indicates that resource is cachable by any component?
Public directive indicates that resource is cachable by any component.
34.Which directive of Cache Control Header of HTTP response indicates that resource is cachable by only client and server, no intermediary can cache the resource?
Private directive indicates that resource is cachable by only client and server, no intermediary can cache the resource.
35.Which directive of Cache Control Header of HTTP response indicates that resource is not cachable?
no-cache/no-store directive indicates that resource is not cachable.
36.Which directive of Cache Control Header of HTTP response can set the time limit of caching?
max-age directive indicates that the caching is valid up to max-age in seconds. After this, client has to make another request.
37.Which directive of Cache Control Header of HTTP response provides indication to server to revalidate resource if max-age has passed?
must-revalidate directive provides indication to server to revalidate resource if max-age has passed.
38.What are the best practices for caching?
Always keep static contents like images, css, JavaScript cacheable, with expiration date of 2 to 3 days. Never keep expiry date too high.
Dynamic contents should be cached for few hours only.
39.What are the best practices to be followed while designing a secure RESTful web service?
As RESTful web services work with HTTP URLs Paths so it is very important to safeguard a RESTful web service in the same manner as a website is be secured. Following are the best practices to be followed while designing a RESTful web service −
Validation − Validate all inputs on the server. Protect your server against SQL or NoSQL injection attacks.
Session based authentication − Use session based authentication to authenticate a user whenever a request is made to a Web Service method.
No sensitive data in URL − Never use username, password or session token in URL , these values should be passed to Web Service via POST method.
Restriction on Method execution − Allow restricted use of methods like GET, POST, DELETE. GET method should not be able to delete data.
Validate Malformed XML/JSON − Check for well formed input passed to a web service method.
Throw generic Error Messages − A web service method should use HTTP error messages like 403 to show access forbidden etc.
40.What is the purpose of HTTP Status Code?
HTTP Status code are standard codes and refers to predefined status of task done at server. For example, HTTP Status 404 states that requested resource is not present on server.
