I'm saying to *not* include the headers, because any compliant proxy will not cache anyway. At the moment, SSL connections do not set the headers (since they also can't be cached), and that is the only current exception.
At the moment, hitting the "back" button in the browser to a protected POSTed page forces you to re-post to view the page. This is generally a-bad-thing, since it results in you getting two copies of Madonna's CD (and charged twice ;-).
+1 from me. Thanks for the explanation :)
Remy
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
