I'm wondering about the recommended Cache-Control-Header in the Prevent Caching of Sensitive Data section.
What is the reasoning of no-cache and must-revalidate since no-store is more restrictive and should be the only effective directive?
On MDN is an example that illustrates the interaction between these directives.
How should this be resolved?
For a clearer recommendation the Cache-Control-Header should only have the no-store directive.
What is missing or needs to be updated?
I'm wondering about the recommended
Cache-Control
-Header in the Prevent Caching of Sensitive Data section. What is the reasoning ofno-cache
andmust-revalidate
sinceno-store
is more restrictive and should be the only effective directive?On MDN is an example that illustrates the interaction between these directives.
How should this be resolved?
For a clearer recommendation the
Cache-Control
-Header should only have theno-store
directive.