From be6d46446fcaffb5e2dd7cd1a2c7357e536c4532 Mon Sep 17 00:00:00 2001
From: Seth <seth@collectiveaccess.org>
Date: Sun, 3 Oct 2021 22:57:53 -0400
Subject: [PATCH] Add no-store to Cache-Control to ensure back button does not
 reveal elements from previous session in an unclosed tab

---
 index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.php b/index.php
index 9e2e90171d..c8cd4d5f9f 100755
--- a/index.php
+++ b/index.php
@@ -108,7 +108,7 @@
 		if (caDeviceIsMobile()) { AssetLoadManager::register('mobile'); }
 	
 		// Prevent caching
-		$resp->addHeader("Cache-Control", "no-cache, must-revalidate");
+		$resp->addHeader("Cache-Control", "no-cache, no-store, must-revalidate");
 		$resp->addHeader("Expires", "Mon, 26 Jul 1997 05:00:00 GMT");
 		
 		// Security headers