Cache-Control can set multiple directives:

• public and private
• max-age defines the amount of time until which the client can consider the response "fresh"
• must-revalidate indicates the HTTP cache should not reuse stale responses when they aer disconnected from the origin server
• no-store disable the cache for the request
• no-cache means ‘do not serve a copy from cache until you’ve revalidated it with the server and the server said you can use the cached copy’. no-cache will always hit the network as it has to revalidate with the server before it can release the browser’s cached copy. It will always hit at least an HTTP header response
• must-revalidate needs an associated max-age directive at which time the browser will revalidate.
• immutable avoid revalidation
• stale-while-revalidate provides is a grace period (defined by us in seconds) in which the browser is permitted to use an out of date (stale) asset while we’re checking for a newer version.
• stale-if-error provides a grace period if the server returns a 5xx error
• I overlooked s-maxage, proxy-revalidate, no-transform (useless for HTTPS) for proxies

Cache Busting strategies:

• no cache busting (dangerous) - style.css
• query string (does not work with proxies, i.e. Cloudflare) - style.css?v=1.2.14
• fingerprint - style.ae3f66.css

Fingerprinting is the best and allow the use of the immutable directive.
Not there is a new Clear-Site-Data: cache in case of need. Browser support is limited.

The post provide examples: Online Banking Page, Live Train Timetable Page, FAQs Page, Static JS (or CSS) App Bundle