Pragma
Purpose
Why use this header at all?
Similar to the library/?header=cache-control">Cache Control header, this modifies how intermediate proxies and caches can store your site -- just for very old clients.
Recommendation
Consider the Impact of Compliance section below to see if this recommendation works for you.
Set this header with the no-cache attributes on pages and assets that are considered private.
Risk Mitigated
By following this recommendation, what risk is mitigated?
If your application deals with any protected data classes, such as PII, corporate finance or similar, or any private communications such as e-mail or messages, you should follow the recommendation.
Impact of Compliance
By using this header, you may expect these changes in your site's functionality
If you comply with this recommendation, you may notice an increase in bandwidth as cached resources are now fetched from your server. Optimize your caches to allow images, static files and documents, font, scripts and stylesheets to be cached if possible.
Next Steps
What you can do to get there
Review what pages contain sensitive data, and ensure the Pragma header is set with the no-cache value. Other pages, such as public marketing materials, images, and includes (CSS, JS) may benefit from caching and should be set accordingly.
Example
What this header may look like when implemented securely
Pragma: no-cache
Read More!
Welcome! The library is new, and has some content to read over -- We'll be adding more soon!
- Cache Control
- Cookie Flags: Secure
- Cookie Flags: HTTPOnly
- HTTP Strict Transport Security (HSTS)
- HTTP Public Key Pinning (HPKP)
- Pragma
- Server
- X-Frame-Options
- X-Powered-By
- X-XSS-Protection