As of 2010, all modern, current-ish browsers cache HTTPS content by default, unless explicitly told not to.
It is not required to set cache-control:public for this to happen.
More Related Contents:
- How to redirect all HTTP requests to HTTPS
- Are querystring parameters secure in HTTPS (HTTP + SSL)? [duplicate]
- Are HTTPS headers encrypted?
- With HTTPS, are the URL and the request headers protected as the request body is?
- Username and password in https url
- If you use HTTPS will your URL params will be safe from sniffing? [duplicate]
- Should I hash the password before sending it to the server side?
- https URL with token parameter : how secure is it?
- Is it secure to submit from a HTTP form to HTTPS?
- SSL Error: unable to get local issuer certificate
- Is HTTP header Referer sent when going to a http page from a https page?
- curl – Is data encrypted when using the –insecure option?
- How to redirect all HTTP requests to HTTPS using .htaccess rules?
- WS on HTTP vs WSS on HTTPS
- Why not use HTTPS for everything?
- Difference between Hashing a Password and Encrypting it
- XMLHttpRequest cannot load file. Cross origin requests are only supported for HTTP
- Why Does OAuth v2 Have Both Access and Refresh Tokens?
- What is the best way to prevent session hijacking?
- How to restrict Firebase data modification?
- Why is security through obscurity a bad idea? [closed]
- The necessity of hiding the salt for a hash
- Classic ASP SQL Injection Protection
- Password hashing, salt and storage of hashed values
- How are software license keys generated?
- Are Google Cloud Functions protected from DDoS attacks?
- OAuth2 and Google API: access token expiration time?
- What is the best Distributed Brute Force countermeasure? [closed]
- How to pass the value of a variable to the standard input of a command?
- How to protect against direct access to images? [closed]