james-answer
commented
6 years ago It should be the no-store header as that covers the no-cache and other requirements. This was covered in the following github issue for the rest of the spec:
Closed briandiggle closed 6 years ago
james-answer
commented
6 years ago It should be the no-store header as that covers the no-cache and other requirements. This was covered in the following github issue for the rest of the spec:
james-answer
commented
6 years ago The change was already in dev waiting for the next release of Access Record. I have added the change to the release notes for access record so it is now complete and ready for Access Record release.
See: https://nhsconnect.github.io/gpconnect/accessrecord_use_case_retrieve_a_care_record_section.html#response-headers
However, general guidance is to use no-store directive: https://nhsconnect.github.io/gpconnect/development_api_security_guidance.html#response-headers