HOWTO: Prevent Caching in Internet Explorer

ID: Q234067

The information in this article applies to:

Microsoft Internet Explorer (Programming) versions 4.0, 4.01, 4.01 SP1, 4.01 SP2, 5.0

SUMMARY

This article describes the use of HTTP headers to control the caching of Web pages in Internet Explorer.

You can use Microsoft Internet Information Server (IIS) to easily mark highly volatile or sensitive pages using the following script at the extreme beginning of the specific Active Server Pages (ASP) pages:


<% Response.CacheControl = "no-cache" %>
<% Response.AddHeader "Pragma", "no-cache" %>
<% Response.Expires = -1 %>

MORE INFORMATION

Expiration and the Expires Header

It is highly recommended that all Web servers use a scheme for the expiration of all Web pages. It is bad practice for a Web server not to supply expiration information via the HTTP Expires response header for every resource returned to requesting clients. Most browsers and intermediate proxies today respect this expiration information and use it to increase the efficiency of communications over the network.

The Expires header should always be used to specify the most reasonable time when a particular file on the server needs to be updated by the client. When pages are updated regularly, the next period for update is the most efficient response. Take, for example, a daily news page on the Internet that is updated every day at 5 A.M. The Web server for this news page should return an Expires header with a value for 5 A.M. the next day. When this is done, the browser does not need to contact the Web server again until the page has actually changed.

Pages that are not expected to change should be marked with an expiration date of approximately one year.

In many cases, Web servers have one or more volatile pages on a server that contain information, which is subject to change immediately. These pages should be so marked by the server with a value of "-1" for the Expires header. On future requests by the user, Internet Explorer usually contacts the Web server for updates to that page via a conditional If-Modified-Since request. However, the page remains in the disk cache ("Temporary Internet Files") and is used in appropriate situations without contacting the remote Web server, such as when the BACK and FORWARD buttons are used to access the navigation history or when the browser is in offline mode.

The Cache-Control Header

Certain pages, however, are so volatile or sensitive that they require no disk caching. To this end, Internet Explorer supports the HTTP 1.1 Cache-Control header, which prevents all caching of a particular Web resource when the no-cache value is specified by an HTTP 1.1 server.

Because pages that are kept out of the cache are not accessible until the browser can re-contact the Web server, servers should use the Cache-Control header sparingly. In most cases, the use of "Expires: -1" is preferred.

The Pragma: No-Cache Header

Unfortunately, legacy HTTP 1.0 servers cannot use the Cache-Control header. For purposes of backward compatibility with HTTP 1.0 servers, Internet Explorer supports a special usage of the HTTP Pragma: no-cache header. If the client communicates with the server over a secure connection (https://) and the server returns a Pragma: no-cache header with the response, Internet Explorer does not cache the response.

Note, however, that the Pragma: no-cache header was not intended for this. According to the HTTP 1.0 and 1.1 specifications, this header is defined in the context of a request only, not a response, and is actually intended for proxy servers that may prevent certain important requests from reaching the destination Web server. For future applications, the Cache-Control header is the proper means for controlling caching.

HTTP-EQUIV META Tags

HTML pages allow for a special HTTP-EQUIV form of the META tag that specifies particular HTTP headers from within the HTML document. Here is a short example HTML page that uses both Pragma: no-cache and Expires: -1:


<HTML><HEAD>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
</HEAD><BODY>
</BODY>
</HTML>

Pragma: no-cache prevents caching only when used over a secure connection. A Pragma: no-cache META tag is treated identically to Expires: -1 if used in a non-secure page. The page will be cached but marked as immediately expired.

Cache-Control META HTTP-EQUIV tags are ignored and have no effect in Internet Explorer versions 4 or 5. To use Cache-Control this header must be specified using HTTP headers as described in the Cache-Control section above.

Note that the use of standard HTTP headers are much preferred over META tags. META tags typically must appear at the top of the HTML HEAD section. And there is at least one known problem with the Pragma HTTP-EQUIV META tag. For additional information, please see the following article in the Microsoft Knowledge Base:

Q222064 "Pragma: No-cache" Tag May Not Prevent Page from Being Cached

REFERENCES

For more information, see the following articles in the Microsoft Knowledge Base:

Q189409 INFO: Controlling the Caching of Web Pages with IIS 4.0

Q165150 How to Use Pragma: No-cache with IIS and IE

Additional query words:


Keywords          : kbIE400 kbIE401 kbIE401sp1 kbIE401sp2 kbGrpInet kbIE500 kbCaching 
Version           : WINDOWS:4.0,4.01,4.01 SP1,4.01 SP2,5.0
Platform          : WINDOWS 
Issue type        : kbhowto

Last Reviewed: June 24, 1999