Section
6.7.1
Top Level
Sub Level
General
Set the appropriate headers to prevent caching as much as possible. Applications presenting sensitive information should mark pages to not be cached by the browser so that sensitive information cannot later be redisplayed or be retrieved from browser storage on the hard disk.
Coldfusion
Use the cfheader tag like this:
<cfheader name="cache-control" value="no-cache, no-store, must-revalidate">
Django
Per-view caching can be controlled using the cache_control decorator.
Natural Webagent
In webAgent, browser caching is typically disabled because*HEADERS.MAX_AGE is set to '0' by default. Generally, this value shouldn't be changed.
.NET
Equivalently you can use the ASP.NET directive
<%@ OutputCache Location="None" VaryByParam="None" %>
PHP
<?php
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past