Regarding validation, as far as I know phpBB is using Last-Modified and is not using any ETags (and that's good) and also Pragma is disabled, right?It is important to specify one of Expires or Cache-Control max-age, and one of Last-Modified or ETag, for all cacheable resources. It is redundant to specify both Expires and Cache-Control: max-age, or to specify both Last-Modified and ETag.
Regarding caching, I have a few questions.
1. For which mime types do you set Expires headers and where can I find that code?
2. Do you set any Cache-Control: max-age headers, and if yes then for which file extensions and where can I find that code?
3. Also, do you think it would be a good idea to drop Expires and send only Cache-Control headers?
If both Expires and Cache-Control: max-age exist, Cache-Control has priority so its the max-age directive overrides the maximum age specified by the Expires header. Also, Cache-Control is http/1.1 standard and Expires is http/1.0. If the client browser does not support http/1.1 then Cache-Control will be ignored, but it’s unlikely that there is a browser that doesn’t support it. Expires depends on accuracy of user’s clock, so it’s mostly a bad choice (as most browsers support HTTP/1.1).
4. Finally, do you think it would be a good idea to allow the user to set the maximum age for different mime types or file extensions through the ACP and why yes/no?