Why set max-age=0 if no-store is already set?
A result of a recent pentest suggested that the HTTP Cache-Control Header max-age=0 should be set when no-store is set.
As I understand cache control, no-store is the strictest we can set; the page should not even land in cache, let alone … Continue reading Why set max-age=0 if no-store is already set?