In short: the
nocache middleware aims to disable browser caching by setting several headers.
Caching has lots of benefits, but it can cause users to get stale versions.
This module deals with four caching headers.
Cache-Controlis a header that has many directives. For example,
Cache-Control: max-age=864000will tell browsers to cache the response for 10 days. In those 10 days, browsers will pull from their caches. Setting this header to
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidatewill obliterate caching, as far as this header is concerned.
Surrogate-Controlis another header that CDNs respect. You can use it to tell intermediate caches to eschew caching.
Pragmais a legacy HTTP header. Setting
Pragma: no-cachewill tell supported browsers to stop caching the response. It has fewer features than
Cache-Controlbut it can better support old browsers.
Expiresspecifies when the content should be considered out of date, or expired. Setting this to
0will tell browsers the content expires immediately. In other words, they shouldn’t cache it.
Absent from this list is the ETag header, which is a pretty safe caching mechanism.
- Cache-Control RFC
- Pragma RFC
- “Cache control tutorial” on Fastly’s documentation
- “HTTP Caching” on Google Developers
noCache is a relatively simple middleware that will set the four HTTP headers noted above:
You can use this module as part of Helmet:
// Make sure you run "npm install helmet" to get the Helmet package. const helmet = require('helmet') app.use(helmet.noCache())
You can also use it as a standalone module:
// Make sure you run "npm install nocache" to get the nocache package. const noCache = require('nocache') app.use(noCache())
This header is not included in the default Helmet bundle.