On 25/06/2009, at 10:46 AM, Jamie Lokier wrote: >This is what I've found, for the paranoid: > > Pragma: no-cache > Cache-Control: no-cache,max-age=0,must-revalidate,pre- >check=0,post-check=0 > Expires: VERY-OLD-DATE > >The apparently redundant fields are in case of implementations which >don't understand, or don't correctly implement, the other fields. > >There's probably a browser out there which doesn't understand >"Cache-Control: no-cache,..." when there's anything else on the same >line. IE had a reputation for being a bit rigid in how it recognises >some headers. But I'm pretty sure anything like that will recognise >"Pragma: no-cache" so it doesn't matter. We can also add: If client may be Opera (who knows about others), going from other messages in this thread: - Use HTTPS if you do want caching but you want must-revalidate to be honoured in history browsing. A complicated quirk, yet important to anything with sessions revealing personal data. - Cache-Control: no-cache doesn't prevent caching. You may still see If-Modified requests, validating a response which was sent with no-cache. -- JamieReceived on Sunday, 28 June 2009 22:57:08 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:19 UTC