Bug #81160
closedMajor problem with config.sendCacheHeaders
100%
Description
Hi all
We've discovered a major problem in TYPO3 standard installations (all versions) due to a wrong interpretation of "Cache-Control: private": https://docs.typo3.org/typo3cms/TyposcriptReference/Setup/Config/#sendcacheheaders
Contrary to the documentation, "Cache-Control: private" does NOT tell the browser to avoid caching! Instead, it says "browsers can cache the page but proxies should not" (https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/http-caching#public_vs_private)
This leads to situations where browsers show old content to users. There are even situations where requests never hit the server, like orders in online shops not being created in the database. The correct default setting to avoid that must be "Cache-Control: no-store"