Will content requested over https still be cached by web browsers or do they consider this insecure behaviour? If this is the case is there anyway to tell them it\'s ok to cache?
问题:
回答1:
By default web browsers should cache content over HTTPS the same as over HTTP, unless explicitly told otherwise via the HTTP Headers received.
This link is a good introduction to setting cache setting in HTTP headers.
is there anyway to tell them it\'s ok to cache?
This can be achieved by setting the max-age
value in the Cache-Control
header to a non-zero value, e.g.
Cache-Control: max-age=3600
will tell the browser that this page can be cached for 3600 seconds (1 hour)
回答2:
As of 2010, all modern, current-ish browsers cache HTTPS content by default, unless explicitly told not to.
It is not required to set cache-control:public
for this to happen.
Source: Chrome, IE, Firefox.
回答3:
Https is cached by default. This is managed by a global setting that cannot be overridden by application-defined cache directives. To override the global setting, select the Internet Options applet in the control panel, and go to the advanced tab. Check the \"Do not save encrypted pages to disk\" box under the \"Security\" section, but the use of HTTPS alone has no impact on whether or not IE decides to cache a resource.
WinINet only caches HTTP and FTP responses not HTTPS response. https://msdn.microsoft.com/en-us/library/windows/desktop/aa383928%28v=vs.85%29.aspx