WebApp Sec mailing list archives
Re: Code snippets to disable browser caching
From: "Jean-Jacques Halans" <halans () gmail com>
Date: Tue, 9 May 2006 08:39:44 +1000
Hi, I've use these ones: ---------------------------------------- HTML <META HTTP-EQUIV="Expires" CONTENT="-1"> <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> <META HTTP-EQUIV="Cache-control" CONTENT="no-cache"> <META HTTP-EQUIV="Cache" CONTENT="no-cache"> <META HTTP-EQUIV="Expires" CONTENT="thu, 01 Jan 1998 12:00:00 GMT"> To properly prevent the Web page from appearing in the cache (older IE versions), place another header section at the end of the HTML document: ... </BODY> <HEAD> <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE"> </HEAD> </HTML> ---------------------------------------- ASP <% Response.CacheControl = "no-cache" 'HTTP 1.1 %> <% Response.CacheControl="private" 'prevents caching at the proxy server %> <% Response.AddHeader "Pragma", "no-cache" 'HTTP 1.0 %> <% Response.AddHeader "cache-control", "no-store" 'HTTP 1.1 %> <% Response.Expires = -1 'prevents caching at the proxy server %> ---------------------------------------- JSP <% response.setHeader("Cache-Control","no-cache"); %> <% response.setHeader("Pragma","no-cache"); %> <% response.setDateHeader ("Expires", 0); %> <% response.setHeader("Cache-Control","no-store"); %> ---------------------------------------- PHP Header("Cache-control: private, no-cache, must-revalidate"); Header("Cache-control: private, no-cache"); Header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); # Past date Header("Pragma: no-cache"); #HTTP 1.0 ---------------------------------------- And another simple technique : append a random number to the query-string of every URL you do not want cached More on http1.1 caching: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9 Hope it helps, JJ
On 8 May 2006 04:43:31 -0000, smith.norton () gmail com <smith.norton () gmail com> wrote: >Can anyone suggest me how to write my HTML file so that it disables browser >caching in the client side? > > >I would appreciate if anyone can give small code snippets to explain the >same. > > >Thanks in advance. -------------------------------------------------------------------------
Halans Jean-Jacques, CISSP ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9h --------------------------------------------------------------------------
Current thread:
- Code snippets to disable browser caching smith . norton (May 08)
- Re: Code snippets to disable browser caching Dave Ferguson (May 08)
- <Possible follow-ups>
- Re: Code snippets to disable browser caching s89df987 s9f87s987f (May 08)
- Re: Code snippets to disable browser caching s89df987 s9f87s987f (May 08)
- Re: Code snippets to disable browser caching Jean-Jacques Halans (May 08)
- Re: Code snippets to disable browser caching Peter Conrad (May 09)
- Re: Code snippets to disable browser caching Tomi Tuominen (May 08)
- Re: Code snippets to disable browser caching Jean-Jacques Halans (May 08)
- RE: Code snippets to disable browser caching Martin O'Neal (May 09)