Force No Cache on Response

Problem this snippet solves:

The problem is that Google Chrome will cache, in the current sessions memory only, responses which have had the no-cache directive applied. This means that after a user logs out of an application and walks away, another user can come up to the computer, press the back arrow and potentially see private information. The way round this is to use the no-store directive with a couple of other headers thrown in for good measure. V simple iRule below.

Code :

when HTTP_RESPONSE {
    # The purpose of this iRule event processing is to force no-store so that browsers will not store this content
    # which would enable users to hit the 'back' button,  even after a logout,  and potentially see customer PII

   
    if {[HTTP::header Content-Type] contains "html"} {
        HTTP::header insert Pragma "no-cache"
        HTTP::header insert Expires "Fri, 01 Jan 1990 00:00:00 GMT"
       HTTP::header replace Cache-Control "no-cache,no-store,must-revalidate"
    }
}