http - control設定 - web cache是什麼




如何在所有瀏覽器上控製網頁緩存? (18)

我們的調查顯示,並非所有瀏覽器都以統一的方式尊重http緩存指令。

出於安全原因,我們不希望我們應用程序中的某些頁面被Web瀏覽器緩存。 這至少適用於以下瀏覽器:

  • Internet Explorer 6+
  • Firefox 1.5+
  • Safari 3+
  • Opera 9+

我們的要求來自安全測試。 從我們的網站註銷後,您可以按下後退按鈕並查看緩存的頁面。


介紹

在所有提到的客戶端(和代理服務器)中都可以使用的正確的最小標題集:

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0

Cache-Control是根據客戶端和代理的HTTP 1.1規範(並且由Expires旁邊的某些客戶端隱式地要求)。 Pragma根據史前客戶的HTTP 1.0規範。 Expires是針對客戶端和代理的HTTP 1.0和1.1規範。 在HTTP 1.1中, Cache-Control優先於Expires ,因此它畢竟僅適用於HTTP 1.0代理。

如果您不關心IE6及其在僅通過no-store提供通過HTTPS提供頁面時的破損緩存,則可以省略Cache-Control: no-cache

Cache-Control: no-store, must-revalidate
Pragma: no-cache
Expires: 0

如果你不關心IE6和HTTP 1.0客戶端(HTTP 1.1是1997年推出的),那麼你可以省略Pragma

Cache-Control: no-store, must-revalidate
Expires: 0

如果你不關心HTTP 1.0代理,那麼你可以省略Expires

Cache-Control: no-store, must-revalidate

另一方面,如果服務器自動包含有效的Date標頭,那麼理論上也可以省略Cache-Control並僅依賴Expires

Date: Wed, 24 Aug 2016 18:32:02 GMT
Expires: 0

但是,如果最終用戶操縱操作系統日期並且客戶端軟件依賴它,那可能會失敗。

如果指定了上述Cache-Control參數,其他Cache-Control參數(如max-age就無關緊要。 Last-Modified頭部包含在這裡的大多數其他答案中, 只有當你真的想要緩存請求時才有意思,所以你根本不需要指定它。

如何設置它?

使用PHP:

header("Cache-Control: no-cache, no-store, must-revalidate"); // HTTP 1.1.
header("Pragma: no-cache"); // HTTP 1.0.
header("Expires: 0"); // Proxies.

使用Java Servlet或Node.js:

response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
response.setHeader("Expires", "0"); // Proxies.

使用ASP.NET-MVC

Response.Cache.SetCacheability(HttpCacheability.NoCache);  // HTTP 1.1.
Response.Cache.AppendCacheExtension("no-store, must-revalidate");
Response.AppendHeader("Pragma", "no-cache"); // HTTP 1.0.
Response.AppendHeader("Expires", "0"); // Proxies.

使用ASP.NET:

Response.AppendHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
Response.AppendHeader("Pragma", "no-cache"); // HTTP 1.0.
Response.AppendHeader("Expires", "0"); // Proxies.

使用ASP:

Response.addHeader "Cache-Control", "no-cache, no-store, must-revalidate" ' HTTP 1.1.
Response.addHeader "Pragma", "no-cache" ' HTTP 1.0.
Response.addHeader "Expires", "0" ' Proxies.

使用Ruby on Rails或Python / Flask:

response.headers["Cache-Control"] = "no-cache, no-store, must-revalidate" # HTTP 1.1.
response.headers["Pragma"] = "no-cache" # HTTP 1.0.
response.headers["Expires"] = "0" # Proxies.

使用Python / Django:

response["Cache-Control"] = "no-cache, no-store, must-revalidate" # HTTP 1.1.
response["Pragma"] = "no-cache" # HTTP 1.0.
response["Expires"] = "0" # Proxies.

使用Python /金字塔:

request.response.headerlist.extend(
    (
        ('Cache-Control', 'no-cache, no-store, must-revalidate'),
        ('Pragma', 'no-cache'),
        ('Expires', '0')
    )
)

使用Google Go:

responseWriter.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate") // HTTP 1.1.
responseWriter.Header().Set("Pragma", "no-cache") // HTTP 1.0.
responseWriter.Header().Set("Expires", "0") // Proxies.

使用Apache .htaccess文件:

<IfModule mod_headers.c>
    Header set Cache-Control "no-cache, no-store, must-revalidate"
    Header set Pragma "no-cache"
    Header set Expires 0
</IfModule>

使用HTML4:

<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Expires" content="0" />

HTML元標記與HTTP響應標頭

重要的是要知道,當通過HTTP連接提供HTML頁面,並且HTTP響應頭文件和HTML <meta http-equiv>標籤中存在頭文件時,則HTTP響應頭文件中指定的將優先通過HTML元標記。 只有當通過file:// URL從本地磁盤文件系統查看頁面時,才會使用HTML元標記。 另請參閱W3 HTML規範章節5.2.2 。 請不要以編程方式指定它們,因為Web服務器可以包含一些默認值。

通常,您最好不要指定HTML元標記以避免初學者混淆,並依賴硬HTTP響應標頭。 而且,特別是那些<meta http-equiv>標籤在HTML5中無效 。 只允許HTML5規範中列出的http-equiv值。

驗證實際的HTTP響應標頭

為了驗證這一點,你可以在webbrowser的開發者工具集的HTTP流量監視器中看到/調試它們。 您可以通過在Chrome / Firefox23 + / IE9 +中按F12,然後打開“網絡”或“網絡”選項卡面板,然後單擊感興趣的HTTP請求來發現有關HTTP請求和響應的所有細節。 以下屏幕截圖來自Chrome:

我也想在文件下載中設置這些標題

首先,這個問題和答案是針對“網頁”(HTML頁面),而不是“文件下載”(PDF,zip,Excel等)。 您最好讓它們緩存並在URI路徑或查詢字符串中的某處使用某個文件版本標識符來強制重新下載更改後的文件。 在文件下載中使用這些無緩存標頭時,請注意通過HTTPS而不是HTTP提供文件下載時的IE7 / 8錯誤。 有關詳細信息,請參閱IE無法下載foo.jsf。 IE無法打開這個網站。 請求的網站不可用或無法找到 。


IE6中存在一個錯誤

即使使用“Cache-Control:no-cache”,也始終緩存“Content-Encoding:gzip”的內容。

http://support.microsoft.com/kb/321722

您可以禁用IE6用戶的gzip壓縮(檢查用戶代理是否為“MSIE 6”)


頭文件函數PHP文檔有一個相當完整的例子(由第三方提供):

    header('Pragma: public');
    header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");                  // Date in the past   
    header('Last-Modified: '.gmdate('D, d M Y H:i:s') . ' GMT');
    header('Cache-Control: no-store, no-cache, must-revalidate');     // HTTP/1.1
    header('Cache-Control: pre-check=0, post-check=0, max-age=0', false);    // HTTP/1.1
    header ("Pragma: no-cache");
    header("Expires: 0", false);

HTTP 1.1的RFC表示正確的方法是為以下內容添加HTTP標頭:

緩存控制:無緩存

如果舊版瀏覽器與HTTP 1.1不兼容,舊版瀏覽器可能會忽略它。 對於那些你可以嘗試標題:

Pragma:無緩存

這也適用於HTTP 1.1瀏覽器。


I had no luck with <head><meta> elements. Adding HTTP cache related parameters directly (outside of the HTML doc) does indeed work for me.

Sample code in Python using web.py web.header calls follows. I purposefully redacted my personal irrelevant utility code.

    import web
    import sys
    import PERSONAL-UTILITIES

    myname = "main.py"

    urls = (
        '/', 'main_class'
    )

    main = web.application(urls, globals())

    render = web.template.render("templates/", base="layout", cache=False)

    class main_class(object):
        def GET(self):
            web.header("Cache-control","no-cache, no-store, must-revalidate")
            web.header("Pragma", "no-cache")
            web.header("Expires", "0")
            return render.main_form()

        def POST(self):
            msg = "POSTed:"
            form = web.input(function = None)
            web.header("Cache-control","no-cache, no-store, must-revalidate")
            web.header("Pragma", "no-cache")
            web.header("Expires", "0")
            return render.index_laid_out(greeting = msg + form.function)

    if __name__ == "__main__":
        nargs = len(sys.argv)
        # Ensure that there are enough arguments after python program name
        if nargs != 2:
            LOG-AND-DIE("%s: Command line error, nargs=%s, should be 2", myname, nargs)
        # Make sure that the TCP port number is numeric
        try:
            tcp_port = int(sys.argv[1])
        except Exception as e:
            LOG-AND-DIE ("%s: tcp_port = int(%s) failed (not an integer)", myname, sys.argv[1])
        # All is well!
        JUST-LOG("%s: Running on port %d", myname, tcp_port)
        web.httpserver.runsimple(main.wsgifunc(), ("localhost", tcp_port))
        main.run()


I just want to point out that if someone wants to prevent caching ONLY dynamic content, adding those additional headers should be made programmatically.

I edited configuration file of my project to append no-cache headers, but that also disabled caching static content, which isn't usually desirable. Modifying response headers in code assures that images and style files will be cached.

This is quite obvious, yet still worth mentioning.

And another caution. Be careful using ClearHeaders method from HttpResponse class. It may give you some bruises if you use it recklessly. Like it gave me.

After redirecting on ActionFilterAttribute event the consequences of clearing all headers are losing all session data and data in TempData storage. It's safer to redirect from an Action or don't clear headers when redirection is taking place.

On second thought I discourage all to use ClearHeaders method. It's better to remove headers separately. And to set Cache-Control header properly I'm using this code:

filterContext.HttpContext.Response.Cache.SetCacheability(HttpCacheability.NoCache);
filterContext.HttpContext.Response.Cache.AppendCacheExtension("no-store, must-revalidate");

To complete BalusC -> answer If you are using perl you can use CGI to add HTTP headers.

Using Perl:

Use CGI;    
sub set_new_query() {
        binmode STDOUT, ":utf8";
        die if defined $query;
        $query = CGI->new();
        print $query->header(
                        -expires       => 'Sat, 26 Jul 1997 05:00:00 GMT',
                        -Pragma        => 'no-cache',
                        -Cache_Control => join(', ', qw(
                                            private
                                            no-cache
                                            no-store
                                            must-revalidate
                                            max-age=0
                                            pre-check=0
                                            post-check=0 
                                           ))
        );
    }

Using apache httpd.conf

<FilesMatch "\.(html|htm|js|css|pl)$">
FileETag None
<ifModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</ifModule>

Note: When I tried to use the html META, browsers ignored them and cached the page.


免責聲明:我強烈建議閱讀@ BalusC的答案。 閱讀以下緩存教程後: http://www.mnot.net/cache_docs/http://www.mnot.net/cache_docs/ (我建議您也閱讀它),我相信它是正確的。 但是,由於歷史原因(因為我自己測試過),我將在下面列出我的原始答案:

我嘗試了PHP的“接受”答案,這對我來說並不合適。 然後我做了一點研究,找到了一個小的變體,測試它,並且它工作。 這裡是:

header('Cache-Control: no-store, private, no-cache, must-revalidate');     // HTTP/1.1
header('Cache-Control: pre-check=0, post-check=0, max-age=0, max-stale = 0', false);  // HTTP/1.1
header('Pragma: public');
header('Expires: Sat, 26 Jul 1997 05:00:00 GMT');                  // Date in the past  
header('Expires: 0', false); 
header('Last-Modified: '.gmdate('D, d M Y H:i:s') . ' GMT');
header ('Pragma: no-cache');

這應該工作。 問題是,當設置兩次頭部的相同部分時,如果false未作為頭函數的第二個參數發送,則頭函數將簡單地覆蓋先前的header()調用。 所以,在設置Cache-Control ,例如,如果不想將所有參數放在一個header()函數調用中,他必須這樣做:

header('Cache-Control: this');
header('Cache-Control: and, this', false);

here查看更完整的文檔。



在我的情況下,我用這個修復了這個問題

<form id="form1" runat="server" autocomplete="off">

當用戶出於安全原因點擊按鈕時,我需要清除previus表單數據的內容


對於ASP.NET Core,創建一個簡單的中間件類:

public class NoCacheMiddleware
{
    private readonly RequestDelegate m_next;

    public NoCacheMiddleware( RequestDelegate next )
    {
        m_next = next;
    }

    public async Task Invoke( HttpContext httpContext )
    {
        httpContext.Response.OnStarting( ( state ) =>
        {
            // ref: http://.com/questions/49547/making-sure-a-web-page-is-not-cached-across-all-browsers
            httpContext.Response.Headers.Append( "Cache-Control", "no-cache, no-store, must-revalidate" );
            httpContext.Response.Headers.Append( "Pragma", "no-cache" );
            httpContext.Response.Headers.Append( "Expires", "0" );
            return Task.FromResult( 0 );
        }, null );

        await m_next.Invoke( httpContext );
    }
}

然後用Startup.cs註冊它

app.UseMiddleware<NoCacheMiddleware>();

確保你在之後添加了這個地方

app.UseStaticFiles();

我發現web.config路由很有用(試圖將它添加到答案中,但似乎沒有被接受,所以在這裡發表)

<configuration>
<system.webServer>
    <httpProtocol>
        <customHeaders>
            <add name="Cache-Control" value="no-cache, no-store, must-revalidate" />
            <!-- HTTP 1.1. -->
            <add name="Pragma" value="no-cache" />
            <!-- HTTP 1.0. -->
            <add name="Expires" value="0" />
            <!-- Proxies. -->
        </customHeaders>
    </httpProtocol>
</system.webServer>

這裡是express / node.js的做法:

app.use(function(req, res, next) {
    res.setHeader('Cache-Control', 'no-cache, no-store, must-revalidate');
    res.setHeader('Pragma', 'no-cache');
    res.setHeader('Expires', '0');
    next();
});

接受的答案似乎不適用於IIS7 +,由於關於不在II7中發送高速緩存頭的大量問題:

  • 有些東西強制響應具有緩存控制:在IIS7中是私有的
  • IIS7:緩存設置不工作...為什麼?
  • IIS7 + ASP.NET MVC客戶端緩存頭不起作用
  • 為aspx頁面設置緩存控制
  • Cache-control:no-store,must-revalidate not sent to client browser in IIS7 + ASP.NET MVC

等等

接受的答案在哪些頭文件必須設置中是正確的,但不是必須如何設置它們。 這種方式適用於IIS7:

Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.AppendCacheExtension("no-store, must-revalidate");
Response.AppendHeader("Pragma", "no-cache");
Response.AppendHeader("Expires", "-1");

第一行將Cache-controlno-cache ,第二行添加其他屬性no-store, must-revalidate


正如porneL所說,你想要的不是停用緩存,而是停用歷史緩衝區。 不同的瀏覽器有自己的微妙方法來禁用歷史緩衝區。

在Chrome(v28.0.1500.95 m)中,我們只能通過Cache-Control: no-store來完成此操作。

在FireFox(v23.0.1)中,其中任何一個都可以工作:

  1. Cache-Control: no-store

  2. Cache-Control: no-cache (僅限https)

  3. Pragma: no-cache (僅限https)

  4. Vary: * (僅限https)

在Opera(v12.15)中,我們只能通過Cache-Control: must-revalidate來做到這一點Cache-Control: must-revalidate (僅限https)。

在Safari(v5.1.7,7534.57.2)中,其中任何一個都可以工作:

  1. Cache-Control: no-store
    <body onunload="">在html中

  2. Cache-Control: no-store (僅限https)

在IE8(v8.0.6001.18702IC)中,其中任何一個都可以工作:

  1. Cache-Control: must-revalidate, max-age=0

  2. Cache-Control: no-cache

  3. Cache-Control: no-store

  4. Cache-Control: must-revalidate
    Expires: 0

  5. Cache-Control: must-revalidate
    Expires: Sat, 12 Oct 1991 05:00:00 GMT

  6. Pragma: no-cache (僅限https)

  7. Vary: * (僅限https)

結合上述提供的這個解決方案適用於Chrome 28,FireFox 23,IE8,Safari 5.1.7和Opera 12.15: Cache-Control: no-store, must-revalidate (僅限https)

請注意,因為Opera不會停用純HTTP頁面的歷史緩衝區,所以需要https。 如果你真的無法使用HTTPS並且你準備忽略Opera,那麼你可以做的最好的事情是:

Cache-Control: no-store
<body onunload="">

下面顯示了我的測試的原始日誌:

HTTP:

  1. Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
    Expires: 0
    Pragma: no-cache
    Vary: *
    <body onunload="">
    失敗:Opera 12.15
    成功:Chrome 28,FireFox 23,IE8,Safari 5.1.7

  2. Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
    Expires: Sat, 12 Oct 1991 05:00:00 GMT
    Pragma: no-cache
    Vary: *
    <body onunload="">
    失敗:Opera 12.15
    成功:Chrome 28,FireFox 23,IE8,Safari 5.1.7

  3. Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
    Expires: 0
    Pragma: no-cache
    Vary: *
    失敗:Safari 5.1.7,Opera 12.15
    成功案例:Chrome 28,FireFox 23,IE8

  4. Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
    Expires: Sat, 12 Oct 1991 05:00:00 GMT
    Pragma: no-cache
    Vary: *
    失敗:Safari 5.1.7,Opera 12.15
    成功案例:Chrome 28,FireFox 23,IE8

  5. Cache-Control: private, no-cache, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
    Expires: 0
    Pragma: no-cache
    Vary: *
    <body onunload="">
    失敗:Chrome 28,FireFox 23,Safari 5.1.7,Opera 12.15
    成功:IE8

  6. Cache-Control: private, no-cache, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
    Expires: Sat, 12 Oct 1991 05:00:00 GMT
    Pragma: no-cache
    Vary: *
    <body onunload="">
    失敗:Chrome 28,FireFox 23,Safari 5.1.7,Opera 12.15
    成功:IE8

  7. Cache-Control: private, no-cache, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
    Expires: 0
    Pragma: no-cache
    Vary: *
    <body onunload="">
    失敗:Chrome 28,FireFox 23,Safari 5.1.7,Opera 12.15
    成功:IE8

  8. Cache-Control: private, no-cache, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
    Expires: Sat, 12 Oct 1991 05:00:00 GMT
    Pragma: no-cache
    Vary: *
    <body onunload="">
    失敗:Chrome 28,FireFox 23,Safari 5.1.7,Opera 12.15
    成功:IE8

  9. Cache-Control: no-store
    失敗:Safari 5.1.7,Opera 12.15
    成功案例:Chrome 28,FireFox 23,IE8

  10. Cache-Control: no-store
    <body onunload="">
    失敗:Opera 12.15
    成功:Chrome 28,FireFox 23,IE8,Safari 5.1.7

  11. Cache-Control: no-cache
    失敗:Chrome 28,FireFox 23,Safari 5.1.7,Opera 12.15
    成功:IE8

  12. Vary: *
    失敗:Chrome 28,FireFox 23,IE8,Safari 5.1.7,Opera 12.15
    成功:沒有

  13. Pragma: no-cache
    失敗:Chrome 28,FireFox 23,IE8,Safari 5.1.7,Opera 12.15
    成功:沒有

  14. Cache-Control: private, no-cache, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
    Expires: Sat, 12 Oct 1991 05:00:00 GMT
    Pragma: no-cache
    Vary: *
    <body onunload="">
    失敗:Chrome 28,FireFox 23,Safari 5.1.7,Opera 12.15
    成功:IE8

  15. Cache-Control: private, no-cache, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
    Expires: 0
    Pragma: no-cache
    Vary: *
    <body onunload="">
    失敗:Chrome 28,FireFox 23,Safari 5.1.7,Opera 12.15
    成功:IE8

  16. Cache-Control: must-revalidate, max-age=0
    失敗:Chrome 28,FireFox 23,Safari 5.1.7,Opera 12.15
    成功:IE8

  17. Cache-Control: must-revalidate
    Expires: 0
    失敗:Chrome 28,FireFox 23,Safari 5.1.7,Opera 12.15
    成功:IE8

  18. Cache-Control: must-revalidate
    Expires: Sat, 12 Oct 1991 05:00:00 GMT
    失敗:Chrome 28,FireFox 23,Safari 5.1.7,Opera 12.15
    成功:IE8

  19. Cache-Control: private, must-revalidate, proxy-revalidate, s-maxage=0
    Pragma: no-cache
    Vary: *
    <body onunload="">
    失敗:Chrome 28,FireFox 23,IE8,Safari 5.1.7,Opera 12.15
    成功:沒有

HTTPS:

  1. Cache-Control: private, max-age=0, proxy-revalidate, s-maxage=0
    Expires: 0
    <body onunload="">
    失敗:Chrome 28,FireFox 23,IE8,Safari 5.1.7,Opera 12.15
    成功:沒有

  2. Cache-Control: private, max-age=0, proxy-revalidate, s-maxage=0
    Expires: Sat, 12 Oct 1991 05:00:00 GMT
    <body onunload="">
    失敗:Chrome 28,FireFox 23,IE8,Safari 5.1.7,Opera 12.15
    成功:沒有

  3. Vary: *
    失敗:Chrome 28,Safari 5.1.7,Opera 12.15
    成功:FireFox 23,IE8

  4. Pragma: no-cache
    失敗:Chrome 28,Safari 5.1.7,Opera 12.15
    成功:FireFox 23,IE8

  5. Cache-Control: no-cache
    失敗:Chrome 28,Safari 5.1.7,Opera 12.15
    成功:FireFox 23,IE8

  6. Cache-Control: private, no-cache, max-age=0, proxy-revalidate, s-maxage=0
    失敗:Chrome 28,Safari 5.1.7,Opera 12.15
    成功:FireFox 23,IE8

  7. Cache-Control: private, no-cache, max-age=0, proxy-revalidate, s-maxage=0
    Expires: 0
    Pragma: no-cache
    Vary: *
    失敗:Chrome 28,Safari 5.1.7,Opera 12.15
    成功:FireFox 23,IE8

  8. Cache-Control: private, no-cache, max-age=0, proxy-revalidate, s-maxage=0
    Expires: Sat, 12 Oct 1991 05:00:00 GMT
    Pragma: no-cache
    Vary: *
    失敗:Chrome 28,Safari 5.1.7,Opera 12.15
    成功:FireFox 23,IE8

  9. Cache-Control: must-revalidate
    失敗:Chrome 28,FireFox 23,IE8,Safari 5.1.7
    成功:Opera 12.15

  10. Cache-Control: private, must-revalidate, proxy-revalidate, s-maxage=0
    <body onunload="">
    失敗:Chrome 28,FireFox 23,IE8,Safari 5.1.7
    成功:Opera 12.15

  11. Cache-Control: must-revalidate, max-age=0
    失敗:Chrome 28,FireFox 23,Safari 5.1.7
    成功:IE8,Opera 12.15

  12. Cache-Control: private, no-cache, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
    Expires: Sat, 12 Oct 1991 05:00:00 GMT
    Pragma: no-cache
    Vary: *
    <body onunload="">
    失敗:Chrome 28,Safari 5.1.7
    成功:FireFox 23,IE8,Opera 12.15

  13. Cache-Control: private, no-cache, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
    Expires: 0
    Pragma: no-cache
    Vary: *
    <body onunload="">
    失敗:Chrome 28,Safari 5.1.7
    成功:FireFox 23,IE8,Opera 12.15

  14. Cache-Control: no-store
    失敗:Opera 12.15
    成功:Chrome 28,FireFox 23,IE8,Safari 5.1.7

  15. Cache-Control: private, no-cache, no-store, max-age=0, proxy-revalidate, s-maxage=0
    Expires: 0
    Pragma: no-cache
    Vary: *
    <body onunload="">
    失敗:Opera 12.15
    成功:Chrome 28,FireFox 23,IE8,Safari 5.1.7

  16. Cache-Control: private, no-cache, no-store, max-age=0, proxy-revalidate, s-maxage=0
    Expires: Sat, 12 Oct 1991 05:00:00 GMT
    Pragma: no-cache
    Vary: *
    <body onunload="">
    失敗:Opera 12.15
    成功:Chrome 28,FireFox 23,IE8,Safari 5.1.7

  17. Cache-Control: private, no-cache
    Expires: Sat, 12 Oct 1991 05:00:00 GMT
    Pragma: no-cache
    Vary: *
    失敗:Chrome 28,Safari 5.1.7,Opera 12.15
    成功:FireFox 23,IE8

  18. Cache-Control: must-revalidate
    Expires: 0
    失敗:Chrome 28,FireFox 23,Safari 5.1.7,
    成功:IE8,Opera 12.15

  19. Cache-Control: must-revalidate
    Expires: Sat, 12 Oct 1991 05:00:00 GMT
    失敗:Chrome 28,FireFox 23,Safari 5.1.7,
    成功:IE8,Opera 12.15

  20. Cache-Control: private, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
    Expires: 0
    <body onunload="">
    失敗:Chrome 28,FireFox 23,Safari 5.1.7,
    成功:IE8,Opera 12.15

  21. Cache-Control: private, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
    Expires: Sat, 12 Oct 1991 05:00:00 GMT
    <body onunload="">
    失敗:Chrome 28,FireFox 23,Safari 5.1.7,
    成功:IE8,Opera 12.15

  22. Cache-Control: private, must-revalidate
    Expires: Sat, 12 Oct 1991 05:00:00 GMT
    Pragma: no-cache
    Vary: *
    失敗:Chrome 28,Safari 5.1.7
    成功:FireFox 23,IE8,Opera 12.15

  23. Cache-Control: no-store, must-revalidate
    失敗:沒有
    成功:Chrome 28,FireFox 23,IE8,Safari 5.1.7,Opera 12.15


經過一番研究後,我們想出了以下涵蓋大部分瀏覽器的頭文件列表:

在ASP.NET中,我們使用以下代碼片段添加了這些內容:

Response.ClearHeaders(); 
Response.AppendHeader("Cache-Control", "no-cache"); //HTTP 1.1
Response.AppendHeader("Cache-Control", "private"); // HTTP 1.1
Response.AppendHeader("Cache-Control", "no-store"); // HTTP 1.1
Response.AppendHeader("Cache-Control", "must-revalidate"); // HTTP 1.1
Response.AppendHeader("Cache-Control", "max-stale=0"); // HTTP 1.1 
Response.AppendHeader("Cache-Control", "post-check=0"); // HTTP 1.1 
Response.AppendHeader("Cache-Control", "pre-check=0"); // HTTP 1.1 
Response.AppendHeader("Pragma", "no-cache"); // HTTP 1.0 
Response.AppendHeader("Expires", "Mon, 26 Jul 1997 05:00:00 GMT"); // HTTP 1.0 

發現: http://forums.asp.net/t/1013531.aspx : http://forums.asp.net/t/1013531.aspx


請參閱此鏈接以進行緩存案例研究:

http://securityevaluators.com/knowledge/case_studies/caching/

根據文章,摘要僅Cache-Control: no-store適用於Chrome,Firefox和IE。IE接受其他控件,但Chrome和Firefox不支持。該鏈接是一個很好的閱讀完整的歷史緩存和記錄的概念證明。


通過設置Pragma:no-cache,我在所有瀏覽器中獲得了最佳和最一致的結果


//In .net MVC
[OutputCache(NoStore = true, Duration = 0, VaryByParam = "*")]
public ActionResult FareListInfo(long id)
{
}

// In .net webform
<%@ OutputCache NoStore="true" Duration="0" VaryByParam="*" %>






http-headers