Time to Euthanize “Pragma: no-cache” Modern Cache Directives As part of each website security vulnerability assessment performed, the security researcher will check that proper caching directives are implemented. In situations where the most extreme “never cache this data” is required, the gold standard HTTP headers recommended by infosec professionals everywhere is: Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT 123 Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Thu, 01 Jan 1970 00:00:00 GMT This advice is problematic and here in this… Read More