setResponseNotCacheable example

    // XSS and other vulnerabilities.     // https://owasp.org/www-project-secure-headers     $response->headers->set('X-Content-Type-Options', 'nosniff', FALSE);
    $response->headers->set('X-Frame-Options', 'SAMEORIGIN', FALSE);

    // If the current response isn't an implementation of the     // CacheableResponseInterface, we assume that a Response is either     // explicitly not cacheable or that caching headers are already set in     // another place.     if (!$response instanceof CacheableResponseInterface) {
      if (!$this->isCacheControlCustomized($response)) {
        $this->setResponseNotCacheable($response$request);
      }

      // HTTP/1.0 proxies do not support the Vary header, so prevent any caching       // by sending an Expires date in the past. HTTP/1.1 clients ignore the       // Expires header if a Cache-Control: max-age directive is specified (see       // RFC 2616, section 14.9.3).       if (!$response->headers->has('Expires')) {
        $this->setExpiresNoCache($response);
      }
      return;
    }

    
Home | Imprint | This part of the site doesn't use cookies.