I have a requirement that application should not save sensitive data to browser's local cache.
I can see from response headers that Cache-Control is set max-age=0. But still application responses are getting stored in Temporary Internet Files folder. I don't want the response to be stored in Temporary Internet Files.
I tried the settings <env name="initialization/DefaultCachingTimeout" value="0" /> which I found in PDN. But it is not working.
Is there a way to control browser cache in pega?
***Updated by moderator: Marissa. Removed user added Ask the Expert & #Helpme tags. Apologies for confusion, shouldn't have been an end-user option.***
Can you try the below setting and let us know if it's of any help ?
<env name="http/UseNoCacheHeaders" value="true"/>
This setting is used to prevent dynamic content from being cached on the client machine. The default for this setting is false, meaning that the dynamic content will be cached on the client machine. When this entry is set to true, the dynamic content sent to the client will not only be set to expire immediately, but also will not be cached.
We applied the settings <env name="http/UseNoCacheHeaders" value="true"/> and tested.
We can see that now header Cache-Control: no-cache is added to the response and works in IE. But our internal risk management team tested it and informed that this setting will not work in all the browsers. And they suggested to include the following in header: