4

As far as my research goes, there are several steps in order to make sure that browser caching is disabled. These HTTP headers must be set: 

Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: -1
Last-Modified: -1

I have found out that this can be done in two ways:

Way One: use the web.config file

<add name="Cache-Control" value="no-store, no-cache, 
    must-revalidate, proxy-revalidate"/>
<add name="Pragma" value="no-cache" />
<add name="Expires" value="-1" />
<add name="Last-Modified" value="-1" />

Way Two: use the meta tags in _Layout.cshtml

<meta http-equiv="Cache-Control" content="no-cache, no-store,
    must-revalidate, proxy-revalidate" />
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Expires" content="-1" />
<meta http-equiv="Expires" content="-1" />

My Question: which is the better approach? Or, alternatively, are they equally acceptable? How do these all relate to different platforms? Which browsers would honor what headers?

In addition, please feel free to add anything I've missed, if any.

Chameera Dedduwage
  • 537
  • 6
  • 16

1 Answers1

6

Okay folks, seems I made a blunt mistake. There is a best way and that is not using meta tags. The only correct way is to use headers.

  • Why not use meta tags? Because they are guaranteed not to work with proxies, which do not read (not supposed to read) the HTML body; they rely on the headers.
  • When both Cache-Control and Expires are present, Cache-Control takes precedence. Source here.
  • Cache-Control general-header field is used to specify directives that MUST be obeyed by all caching mechanisms along the request/response chain. Source here.
Chameera Dedduwage
  • 537
  • 6
  • 16