Cache-Control
The Cache-Control header controls how the browser caches web resources. To make sure that no sensitive files are ever stored on the file system, enable the Cache-Control header to prevent the files from being cached by the browser.
The feature can be switched on by running the following commands in the
<server installation directory>\tomcat\spotfire-bin directory on the command line. (For details on using the
Spotfire command line, see
Executing commands on the command line.)
config export-config --force
config set-config-prop -n security.cache-control.enabled -v true
config import-config -c "Enabled Cache-Control"
The feature can be switched off by running the following commands:
config export-config --force
config set-config-prop -n security.cache-control.enabled -v false
config import-config -c "Disabled Cache-Control"
When this feature is enabled, the server will include the HTTP header "Cache-Control: no-cache, no-store, must-revalidate" in all responses.
Use the following commands to customize the header directive:
config export-config --force
config set-config-prop -n security.cache-control.directive -v <value>
config import-config -c "Customized Cache-Control directive"
Replace
<value>
with any valid cache-control header directive.
Note: You cannot customize the Cache-Control header for files ending with ".html" or attachments with content type "text/html" or "text/plain". These files will always have the value "no-cache, no-store, must-revalidate". They will also get the "Pragma" header set to "no-cache" and the "Expires" header set to "0". The Pragma headers are legacy HTTP 1.0 headers and serve the same purpose as the "Cache-Control" header in HTTP 1.1.
Parent topic: Optional security HTTP headers