The browser could use stale cache entries if and only if the server confirms that they're even now legitimate (employing conditional requests). What must implementations do when cache-control: no-cache revalidation unsuccessful is simply not specified in the RFC doc. It's all around implementations. They could toss a 504 mistake like https://lanetngwj.isblog.net/cold-fire-exracts-things-to-know-before-you-buy-53474350