HTTP Information

USING HTTP HEADERS TO CONTROL HISTORY & CACHE

1 Most of the HTTP headers you will be adding are not defined or recommended by the W3C or IETF. If you want to prevent a page from being cached use:
"Cache-Control","No-Cache"
Expires = -1

That's it. The first will tell servers and proxies not to cache the page, the second will tell browsers not to cache the page.

2 HTTP headers are *purely advisory*. No server, proxy, or browser is required to support them at all. You can add whatever headers you want and you have no guarantees any will be followed. None.

3 IE 4 for the Mac ignores the Expires header; there is no way to programmatically expire a page in Mac IE 4. Enough people complained about this that Microsoft implemented it in IE 5.

4 The Back button shows the previous page from the browser history, not the cache. The browser history and cache are totally different and whatever you do to the cache has no effect on the browser history.

5 The browser history contains the pages as they were rendered when the page was downloaded. It does not contain URLs, HTTP headers, or even necessarily HTML. It is totally private to the client and cannot be controlled by the server. By that it doesn't mean servers aren't supposed to control it, or that browser developers don't let you control it; it CAN'T control it, the data already been sent and HTTP is stateless.
The Back button on every browser works this way, yes it really does.

6 If there were a Back button on a browser that didn't work this way, which would reload a page from cache when you clicked back, it would break the HTTP security model, be noncompliant, and a security risk making ILOVEYOU trivial by comparison.

The browser history is private to the browser, if there were some way for a server to change something in the browser history hackers could use it to take over the browser, which has the same access to your machine that you do.

7 When HTTP 1.1 was being proposed so many people asked for things like the Back button to use the cache, or other stateful transactions be added, that the W3C wrote RFC 2616 explaining why this would be very, very bad.
HTTP 1.1 specifically forbids compliant browsers from loading the history from cache. If you want to understand why, the RFC is available at http://www.w3.org/Protocols/rfc2616/rfc2616.html or http://www.w3.org/Protocols/HTTP/1.1/rfc2616.pdf.

If you want to do this programmatically, load pages with document.location.replace(pageURL), which replaces the current page and does not put it in the browser history.