http - meaning of multiple values in cache-control header -

i've read single cache-control header value. test learned, opened facebook , inspect. cache-control response header get:

cache-control:private, no-cache, no-store, must-revalidate 

i confused header tells, because contains 4 values @ once. happens resource send through network, if contains such header?

edit:

no-store says, "do not store @ all, not in private not public caches", , no-cache says "yeees can cache, make sure revalidate freshness when resource requested". private says "you can store in private caches". cant 3 @ same time. yet, here having them send in response @ same time. looks there additional rules not aware of.

rfc 7234 reference precise meaning of headers.

no-cache , no-store mean different things , cannot obeyed @ same time example.

they absolutely can. directives redundant, not contradictory. no-cache:

indicates cache must not use stored response satisfy request without successful validation on origin server.

and no-store:

indicates cache must not store part of either request or response it.

as no-store stricter no-cache, result no-store. other headers; believe:

cache-control: no-store 

would simpler way same result. however, it's possible header you're seeing combination of advice, rather intentionally consistent policy.

note that, the spec says, duplicated directives may invalid:

when there more 1 value present given directive (e.g., 2 expires header fields, multiple cache-control: max-age directives), directive's value considered invalid. caches encouraged consider responses have invalid freshness information stale.

but don't believe that's case here.