Fork me on GitHub
Subscribe 3

Ticket #1060 (open enhancement)

Headers

  • Created: 2015-11-27 15:53:30
  • Reported by: Visman
  • Assigned to: None
  • Milestone: 1.5.11
  • Component: code
  • Priority: normal

1. extern.php

header('Pragma: public');

HTTP only defines Pragma: no-cache; other uses of this header are deprecated.


2. functions.php, common.php, header.php, extern.php

header('Cache-Control: post-check=0, pre-check=0', false);

and

header('Cache-Control: must-revalidate, post-check=0, pre-check=0');

Microsoft Internet Explorer implements two Cache-Control extensions, pre-check and post-check, to give more control over how its cache stores responses.

This response gives a value of "0" for both; as a result, Internet Explorer will ignore the directive, since it requires both to be present.

In other words, setting these to zero has no effect (besides wasting bandwidth), and may trigger bugs in some beta versions of IE.

See this blog entry for more information http://blogs.msdn.com/b/ieinternals/arc … tives.aspx

It should be replaced by

header('Cache-Control: private, no-store, no-cache, must-revalidate, no-transform, max-age=0', false);

History

Visman 2015-11-27 15:55:25

  • Description changed. (Diff)

Visman 2015-11-28 12:05:29

Possibly, it is enough only 'no-store' value:

header('Cache-Control: no-store', false);

https://developers.google.com/web/funda … -control-1 (flowchart)

Visman 2015-11-30 04:07:42

https://redbot.org/?uri=https%3A%2F%2Ff … Findex.php

RED is a robot that checks HTTP resources to see how they'll behave, pointing out common problems and suggesting improvements. Although it is not a HTTP conformance tester, it can find a number of HTTP-related issues.

Franz 2015-12-02 01:27:16

  • Milestone set to 1.5.10.

quy 2016-01-27 18:14:28

Per this article, both values are required as IE uses no-cache, and Firefox uses no-store.

Visman 2016-01-28 03:16:53

It is possible not to use titles Cache-Control and Pragma.
Only use

header('Expires: '.gmdate('D, d M Y H:i:s').' GMT');
header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT');

Works for HTTP/1.1 and HTTP/1.0.

quy 2016-02-01 17:16:10

Based on the flowchart under Defining optimal Cache-Control policy from the link Visman provided, I assume the following would be enough:

header('Cache-Control: no-cache, no-store');
header('Pragma: no-cache'); // For HTTP/1.0 compatibility

This article under `Preventing Caching` supports this too.

Comment edited 2 times (Diff, Diff 2)

Visman 2016-02-02 11:38:40

Many people believe that assigning a Pragma: no-cache HTTP header to a representation will make it uncacheable. This is not necessarily true; the HTTP specification does not set any guidelines for Pragma response headers; instead, Pragma request headers (the headers that a browser sends to a server) are discussed. Although a few caches may honor this header, the majority won’t, and it won’t have any effect. Use the headers below instead.

Franz 2016-06-16 06:22:15

  • Milestone changed from 1.5.10 to 1.5.11.