Why both no-cache and no-store should be used in HTTP response?
问题 I\'m told to prevent user-info leaking, only \"no-cache\" in response is not enough. \"no-store\" is also necessary. Cache-Control: no-cache, no-store After reading this spec http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html, I\'m still not quite sure why. My current understanding is that it is just for intermediate cache server. Even if \"no-cache\" is in response, intermediate cache server can still save the content to non-volatile storage. The intermediate cache server will decide