We've implemented several rules into a policy which we are applying to our sites to do several functions, like inserting cache-control, pragma and removing X-powered-by, etc. We have a developer who is complaining because one site they have that they want to ensure isn't caching content, isn't working as they intended. He has noticed that not all the files are showing the cache rules on them. Here are the Rules we have in place specifically to this.
Conditions:
HTTP Header full string named 'Cache-Control' is not 'no-cache', 'no-store', 'must-revalidate', or 'no-cache, no-store, must-revalidate' at response time.
Actions:
Insert HTTP Header named 'Cache-Control' with value 'no-cache, no-store, must-revalidate' at response time.
I'm concerned that we aren't using it correctly or that it doesn't work inside of a policy. Or that there is a misunderstanding that it won't show on specific files.
FYI, to evaluate, we are opening up the page in Chrome, opening Developer tools. and then viewing the results in the Network tab. When clicking on individual named items on the left, we can see the applied Response and Request headers.
Thank you. I've adjusted our policies based on your information and it appears to have fixed the issues. The policy now has 2 rules, that look like the following.
Rule 1:
Conditions:
HTTP Header full string named 'Cache-Control' does not exist at response time.
Actions:
Insert HTTP Header named 'Cache-Control' with value 'no-cache, no-store, must-revalidate' at response time.
Rule 2:
Conditions:
HTTP Header full string named 'Cache-Control' exists at response time.
Actions:
Replace HTTP Header named 'Cache-Control' with value 'no-cache, no-store, must-revalidate' at response time
