Which HTTP headers does SetNoCacheHttpHeadersAttribute() add?

NWebsec / NWebsec

Security libraries for ASP.NET

https://www.nwebsec.com

BSD 3-Clause "New" or "Revised" License

544 stars 75 forks source link

Which HTTP headers does SetNoCacheHttpHeadersAttribute() add? #115

Closed arc95 closed 6 years ago

arc95 commented 7 years ago

Hi @klings. Which HTTP no-cache headers does this filter set?

filters.Add(new SetNoCacheHttpHeadersAttribute());

Wondering if it sets these:

HttpContext.Response.Cache.SetExpires(DateTime.UtcNow.AddDays(-1));
HttpContext.Response.Cache.SetValidUntilExpires(false);
HttpContext.Response.Cache.SetRevalidation(HttpCacheRevalidation.AllCaches);
HttpContext.Response.Cache.SetCacheability(HttpCacheability.NoCache);
HttpContext.Response.Cache.SetNoStore();

Thank you.

klings commented 6 years ago

It's documented here: https://docs.nwebsec.com/en/latest/nwebsec/Configuring-cache-headers.html

Pretty much what your code indicates, but it will also set the the Pragma: no-cache header.