Preventing Your Web Page from Being Cached

Jan Wolter
August 2001

This page is badly in need of an update.

My Guide to Web Authentication suggests that pages with login forms not be cached. If they are cached, it is possible re-login by going back to the form and resubmitting it.

Several HTTP headers effect caching. Most don't work as expected. This page represents an attempt to figure out how exactly to prevent caching. It is generated mostly from web gleanings and only a few personal tests. More of the latter are needed.

The prefered alternative is to send actual HTTP response headers. From a CGI program, this is easy. Just print them along with the Content-Type: header before printing the HTML portion of your document.

The following HTTP response headers are useful:

It is possible to set some HTTP response headers using the HTML <META HTTP-EQUIV> tag. This is generally less effective. For one thing, they usually effect only browsers,not proxies. For another, they are often flakey. Usually these tags need to appear at the top of the HTML document in the <HEAD> section.

Another way to keep the login form from begin resubmitted is to put the following directive on the <BODY> line of the page containing the form:

   <BODY onLoad="document.forms[0].reset();">
In Netscape 4.61 this causes the first form on the page (forms[0]) to be cleared whenever the page is reloaded, including when you go BACK to it. I haven't experimented with other browsers. It certainly won't work for browsers that don't support Javascript or for people who surf with Javascript turned off.