> Cache-Control also protects you from eager proxies, which can also cache > data. And > so does Pragma:) Cache-Control is also good for "secret", or sensitive > data, but i think > "private" is the more correct directive for that (it tells proxies not > to cache).
Cache-Control: no-cache is better in this case: See: http://www.w3.org/Protocols/HTTP/Issues/cache-private.html <citation> (1) "Cache-control: private" remains as in Roy's draft, but with a mention of extensibility explicitly included. Single-user-agent caches are effectively allowed to ignore this directive. (2) "Cache-control: no-cache" is defined to mean exactly the same thing as "Cache-control: private", but with no exception for user-agent caches. </citation> Leszek Gawron