The meta headers are only used when the page is requested from the local disk file system instead of over HTTP. You need to set the real HTTP response headers instead.
Create a filter which does basically the following job:
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse hsr = (HttpServletResponse) res;
hsr.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
hsr.setHeader("Pragma", "no-cache"); // HTTP 1.0.
hsr.setDateHeader("Expires", 0); // Proxies.
chain.doFilter(req, res);
}
Map it on an URL pattern of for example *.jsp
to get it to run on all JSP pages.
You had it right with the Cache-Control
headers in your original question, it's mandatory to have no-store
and must-revalidate
along no-cache
. Almost all other answers posted as far are basically MSIE targeted.
See also: