Add no-store to Cache-Control to ensure back button does not reveal e…

…lements from previous session in an unclosed tab
collectiveaccess · Oct 4, 2021 · be6d464 · be6d464
1 parent 335159c
commit be6d464
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/index.php b/index.php
@@ -108,7 +108,7 @@
 		if (caDeviceIsMobile()) { AssetLoadManager::register('mobile'); }
 
 		// Prevent caching
-		$resp->addHeader("Cache-Control", "no-cache, must-revalidate");
+		$resp->addHeader("Cache-Control", "no-cache, no-store, must-revalidate");
 		$resp->addHeader("Expires", "Mon, 26 Jul 1997 05:00:00 GMT");
 
 		// Security headers