•Use POST instead of GET
•Use random strings and “?” char in URL
•Omit Content-Length & Last-Modified
•Send explicit headers on response
–Breaks the back button
–Only as a last resort
•Cache-Control:
max-age=0,no-cache,no-store
•Expires:
Tue, 11 Oct 1977 12:34:56 GMT
•Pragma:
no-cache