Problem forcing pages not to cache.

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I have a requirement to ensure that pages do not store anywhere in the
browser cache. Essentialy, when the user hits logout, the information
they've been reading needs to be completely innaccesable.

I have done a bit of Googling and found articles suggesting the
following HTTP-EQUIV meta tags. The page loads and validates via WC3,
however fails to secure the content.

I'm testing in Firefox 2 by opening the below file from a local disk.
I then leave the page, set the browser to 'work offline' and open the
file from 'history'. The page appears in full. I have also tested the
file served via http from a web browser to the same result.

Can someone please tell me what I'm doing wrong?

Thanks in advance,


------ HTML File ----------

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
compatibility with HTTP 1.0-->
  <title>Sample Document which should not be stored in browser cache</

This is a sample expired Document

Re: Problem forcing pages not to cache.


Quoted text here. Click to load it

It cannot be guaranteed. However, the tags you have used are a
reasonable attempt. Any browser that refuses to honor any of them won't
listen to you anyway as regards to caching. It wouldn't hurt, however,
to try to do cache control at the level where it logically belongs,
namely HTTP level, in HTTP headers. In particular, this could be
effective against some proxy caches (which won't even look at any <meta>
tags). Check the classic reference, "Caching Tutorial for Web Authors
and Webmasters", /

Quoted text here. Click to load it

This cannot be guaranteed, of course. In particular, you cannot erase it
from the user's mind, or print copies, or locally saved copies.

Quoted text here. Click to load it

There are some mistakes and questionable features in them. For example,
Cache-Control header uses, by the protocol, commas and not semicolons as

Quoted text here. Click to load it

Validation is just formal and says nothing about the correctness of the
contents in the <meta> tag attributes.

Quoted text here. Click to load it

I would not expect a browser cache local files anyway, by default. What
would be the point?

Quoted text here. Click to load it

So what? The history is a collection of URLs, and when you open
something via the history, the browser accesses the resource by its
normal rules. This includes reading it from disk if it is local, as well
as requesting it via HTTP when its logic so requires (that is, the page
is not in the cache or the caching information tells that the cached
copy is to be treated as expired).

Jukka K. Korpela ("Yucca")

Re: Problem forcing pages not to cache.


Thanks heaps Jukka for a great post. That was really useful.


Re: Problem forcing pages not to cache. schrieb:
Quoted text here. Click to load it

Do you want to force the browser to _load_ the content from the
server at _every_ time,
or do you want to leave never any cache content
at the client, even after only one visit of your page?


Re: Problem forcing pages not to cache.

Quoted text here. Click to load it


Basically the second. It's more about security of the information
stored in the pages.



Site Timeline