• caglararli@hotmail.com
  • 05386281520

Cache-control and TLS termination proxies

Çağlar Arlı      -    20 Views

Cache-control and TLS termination proxies

My website is served with TLS and does not use a (TLS-terminating) CDN. Is it still advisable to use Cache-Control: private for protected pages to account for (e.g. corporate) TLS termination proxies on the users‘ end (even though it is not possible to avoid content inspection by these proxies)?

Also, while the RFC states "that a shared cache MUST NOT store the response", Cloudflare says that a "response with a ‘private’ directive can only be cached by the client and never by an intermediary agent, such as a CDN or a proxy." Equating of "must not" with "can not" is valid for RFC-compliant intermediary agents, but in practice, proxies might be configured to ignore the Cache-control header. Is this correct?