The certification suite currently enforces the presence of
pragma: no-cache response header as well as the presence of
cache-control: no-store (or optionally in some tests
cache-control: no-cache, no-store.
cache-control: no-store on its own is the strongest directive available, making
The proposal / question here is to make it so that the certification suite only performs
cache-control presence assertion with a check for
no-store directive presence in it for all scenarios where “do not cache” directives should be present. The extent of this update meets the intersection of what is incorrectly required by 6749 with what is technically correct and enough to instruct clients and intermediaries not to cache.
This does not mean the suite will start rejecting requests that include
I have a PR open for this adjustment in the certification suite and @Joseph Heenan asked to have this ran by the WG.