I got a call from a friend the other day with a little bugette on his secure site. Bits of it kept getting cached by the browser – he’d been through the problem with the team and it turned out that several chunks of code generating pages that should not be cached by the browser were forgetting to set the necessary headers.

We started talking and I suggested that actually the page code was the wrong place and that we should get it into one place – in the webserver.

To do this we slapped together a quick NSAPI SAF to add the headers we wanted – in this case Expires, Cache-Control and Pragma.

Continue reading