HTTP

No cache header

• Reference
• Cache-Control
• Pragma
• Expires

For HTTP <= 1.0

Pragma: no-cache

For HTTP 1.0 proxy

Expires: 0

For HTTP >= 1.1

Cache-Control: no-store, must-revalidate

Strict-Transport-Security

The HSTS (HTTP Strict-Transport-Security) response header informs browsers that the site should only be accessed using HTTPS

Strict-Transport-Security: max-age=31536000; includeSubDomains