The default is specified in System.Web.HttpResponse.CacheControl
:
/// <devdoc>
/// <para>
/// Provided for ASP compatiblility. Use the <see cref='System.Web.HttpResponse.Cache'/>
/// property instead.
/// </para>
/// </devdoc>
public string CacheControl {
get {
if (_cacheControl == null) {
// the default
return "private";
}
return _cacheControl;
}
While you can override the header through (global) filters, this doesn't work for error pages caused by authentication/authorization. Luckily there's a nice entry point for each request, allowing you to override this default:
// In Global.asax.cs:
protected void Application_BeginRequest()
{
Context.Response.CacheControl = "no-cache";
}
Update: Setting cache-control per above will disable caching of bundles. I'm now using the following workaround. It only changes the page's cacheability when it was not explicitly set. The default value of '6' comes from here:
// In Global.asax.cs:
protected void Application_EndRequest()
{
if ((int)Response.Cache.GetCacheability() == ((int)HttpCacheability.ServerAndPrivate) + 1)
Response.Cache.SetCacheability(HttpCacheability.NoCache);
}
Furthermore when there's an error and the YSOD (yellow error page) is rendered through ReportRuntimeError
, the framework will call ClearHeaders
and your custom cache-control setting will be overridden. I haven't found a solution for this.