What if you need (or want) to send cache-unfriendly, uncachable responses? To accomplish this, it’s only a matter of adding a few specific headers.

If you just want to count the requests, you don’t need to make the response uncachable. Instead, you can make caches revalidate the response for each client request. To do this, use the no-cache, max-age=0 or must-revalidate directives. Of these, no-cache is the strongest, max-age=0 is the weakest, and must-revalidate is somewhere in the middle. To insert the no-cache directive with Apache’s headers module, use this configuration line:

Header: append Cache-control no-cache

If you just want to prevent users from sharing a cached response, you can use the private directive. That still allows the response to be stored in single-user caches.

If your goal is truly to defeat caching, you should use the no-store directive.

Cache-control is an HTTP/1.1 feature; how can you ensure that HTTP/1.0 agents do not store the response? Unfortunately, this is a little bit confusing, and both of the following techniques should probably be used.

According to the HTTP/1.0 specification RFC1945, “If the [Expires] date given is equal to or earlier than the value of the Date header, the recipient must not cache the enclosed entity.” This rule is unfortunate because expiration and cachability are really separate characteristics. Nonetheless, an HTTP/1.0-compliant cache should not cache a response if the date and expires values are identical ...