Developing Applications Using Cisco Core Platforms and APIs (DEVCOR) — Question 317

A web application has these requirements for HTTP cache control:

• The client browser must be prevented from storing responses that contain sensitive information.
• Assets must be downloaded from the remote server every time.

Which header must the engineer use?

Answer options

• A. no-store
• B. must-revalidate
• C. public
• D. private

Correct answer: A

Explanation

The correct answer is 'no-store' because it explicitly instructs the browser not to cache any responses that contain sensitive information. The 'must-revalidate' option does not prevent caching but requires validation before using cached responses. 'public' allows caching even for sensitive information, and 'private' allows caching by a single user but does not prevent it entirely.