---
title: Set Anti-cache Headers
impact: MEDIUM
impactDescription: prevents sensitive data caching
tags: headers, cache, sensitive-data, security
---

## Set Anti-cache Headers

Sensitive pages cached in browsers or proxies can be accessed by other users on shared machines.

**Incorrect (no cache control):**

```go
func AccountHandler(w http.ResponseWriter, r *http.Request) {
    json.NewEncoder(w).Encode(sensitiveData)
    // May be cached!
}
```

**Correct (anti-cache headers):**

```go
func noCache(next http.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        w.Header().Set("Cache-Control", "no-store, no-cache, must-revalidate, private")
        w.Header().Set("Pragma", "no-cache")
        w.Header().Set("Expires", "0")
        next.ServeHTTP(w, r)
    })
}

// Usage in router
mux.Handle("/api/account", noCache(http.HandlerFunc(AccountHandler)))
```

**When to use anti-cache:**
- Account pages
- Financial data
- Personal information (PII)
- Any authenticated content

**Tools:** Security Headers, Browser DevTools
