---
title: Set Anti-cache Headers For Sensitive Pages
impact: MEDIUM
impactDescription: prevents sensitive data caching on shared computers
tags: headers, caching, privacy, security, csharp
---

## Set Anti-cache Headers For Sensitive Pages

Sensitive pages shouldn't be cached by browsers or proxies.

**Incorrect (default caching):**

```csharp
// Response might be cached
return Ok(sensitiveData);
```

**Correct (explicit no-cache):**

```csharp
[ResponseCache(Location = ResponseCacheLocation.None, NoStore = true)]
public IActionResult GetSensitiveData()
{
    return Ok(sensitiveData);
}

// Or manually
Response.Headers.Add("Cache-Control", "no-store, no-cache, must-revalidate");
Response.Headers.Add("Pragma", "no-cache");
```

**Tools:** Developer Tools