I found this excellent listing of Cache-Control definitions on

Cache-Control: no-store
This object may not be stored in any cache, even the requestor’s browser cache.

Cache-Control: no-cache
This object may be held in any cache but it must be revalidated every time it is requested.

Cache-Control: private
This object can be stored in the requesting browser´s cache but not in a shared cache …

Cache-Control: must-revalidate
Tells caches that they must obey any freshness information you give them about an object. The HTTP allows caches to take liberties with the freshness of objects; by specifying this header, you’re telling the cache that you want it to strictly follow your rules.

Cache-Control: proxy-revalidate
Similar to must-revalidate, except that it only applies to proxy caches.