Controlling cache headers
Cache headers play an important role for your users' privacy if you're running a secure website. Browsers tend to cache web pages for easy retrieval and later display. Browser caching is an important mechanism to "speed up" the Internet by avoiding unnecessary round trips to the server to fetch unchanged content. However, if you website serves sensitive data, you might want to instruct the browser to reload pages instead of serving them from cache.
NWebsec lets you instruct the browser to reload pages when the user is navigating with the back and forward buttons by setting the following headers:
Cache-Control: no-cache, no-store, must-revalidate Expires: -1 Pragma: no-cache
To learn how to set these headers with NWebsec, see Configuring cache headers on the project website.
To experiment with various combinations of cache headers, see Cache testing on this site.
You can read an excellent write-up on the issues related to browser cache and history on Opera's Yngve Pettersen's blog: Introducing Cache Contexts, or: Why the browser does not know you are logged out.
Microsoft explains how to set these headers in ASP.NET using the HttpCachePolicy.SetAllowResponseInBrowserHistory method on a reponse's cachepolicy.