Skip to main



Why use this header at all?

Similar to the library/?header=cache-control">Cache Control header, this modifies how intermediate proxies and caches can store your site -- just for very old clients.


Consider the Impact of Compliance section below to see if this recommendation works for you.

Set this header with the no-cache attributes on pages and assets that are considered private.

Risk Mitigated

By following this recommendation, what risk is mitigated?

If your application deals with any protected data classes, such as PII, corporate finance or similar, or any private communications such as e-mail or messages, you should follow the recommendation.

Impact of Compliance

By using this header, you may expect these changes in your site's functionality

If you comply with this recommendation, you may notice an increase in bandwidth as cached resources are now fetched from your server. Optimize your caches to allow images, static files and documents, font, scripts and stylesheets to be cached if possible.

Next Steps

What you can do to get there

Review what pages contain sensitive data, and ensure the Pragma header is set with the no-cache value. Other pages, such as public marketing materials, images, and includes (CSS, JS) may benefit from caching and should be set accordingly.


What this header may look like when implemented securely

Pragma: no-cache

Read More!

Welcome! The library is new, and has some content to read over -- We'll be adding more soon!