Michael M Slusarz wrote: > > Quoting robert sand <[EMAIL PROTECTED]>: > > > We are using https. Sorry I even asked. If you don't know the > > answer why even reply. > > Firefox does *not* cache https. > https://bugzilla.mozilla.org/show_bug.cgi?id=309368 > > IE does, but *only* if the Caching headers allow it. Many browsers > will cache pages even (if expired) if using http only. So there is > absolutely nothing wrong with the statement "you should use https".
Our IMP (pretty much stock Horde 3.2.1 / IMP 4.2) sends this header: Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 It might help to add "private", but "no-store" should trump all that. It means that "the cache MUST NOT intentionally store the information in non-volatile storage, and MUST make a best-effort attempt to remove the information from volatile storage as promptly as possible after forwarding it" (RFC 2616). Firefox uses something like this behaviour for HTTPS responses unless the server explicitly overrides this with a more permissive Cache-Control header. IMP can't do much about user agents that ignore a MUST requirement in their HTTP implementation. -- Tim Bannister Email system administrator IT Services division The University of Manchester w: http://www.manchester.ac.uk/itservices -- IMP mailing list - Join the hunt: http://horde.org/bounties/#imp Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: [EMAIL PROTECTED]