Prevent caching when you download active documents over SSL

This article discusses how to download active documents over Secure Sockets Layer (SSL) without permanently caching them on the client computers.

When you try to open or to download an active document over SSL, you can use one the following methods to prevent permanent client-side caching. The solutions listed here only work when you try to open or to download the active document as a result of a POST request or by clicking a hyperlink on a Web page.

• Change security settings in Microsoft Internet Explorer. To do this, follow these steps:
  1. On the Tools menu, click Internet Options.
  2. On the Advanced tab, scroll to Security, and then click to select the Do not save encrypted pages to disk check box.
• Add a Cache-control: no-store HTTP header to the response message.
• You can also add the Cache-control: no-cache HTTP header to the response message. Currently, when you add the Cache-control: no-cache header, the download fails.

Internet Explorer must save the file to the local cache to enable the associated application to load the file. Temporary client caching of active documents has only been implemented for hyperlink or for POST request scenarios to allow the associated application to load the documents. Therefore, if you use the above methods and try to open or to download the active document directly by typing the URL of the document in the Internet Explorer Address bar, the download fails.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

A fix is available to allow Internet Explorer to open or to download the active document directly by typing the URL of the document in the Internet Explorer Address bar and to prevent caching when the above methods are used. This fix also corrects the behavior with the Cache-Control: no-cache HTTP header. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

If this fix is installed, you can use the three solutions that are discussed in the article to prevent caching when you try to open or to download an active document as a result of a POST request, by clicking a hyperlink, and by directly browsing to the URL of the active document. This will be the default behavior from Internet Explorer 6.0 Service Pack 2 (SP2).

Another similar fix is available to allow Internet Explorer to open or to download the active document when Cache-Control headers are used to prevent caching. Please note that this fix only works with the Cache-Control: no-cache and the Cache-Control: no-store HTTP headers. However, the download fails with the client side setting "Do not save encrypted pages to disk" when browsing to the URL of the active document directly. For more information, click the following article number to view the article in the Microsoft Knowledge Base: The only difference between the 812935 hotfix and the 323308 hotfix is that the 323308 fix sets the following registry key with a DWORD value of 1:By default, this registry key is added when you install the 323308 hotfix. Also, by default, the BypassSSLNoCacheCheck registry value is not set if you install a security update (MS04-004) that upgrades Wininet to version 6.0.2800.1400 or later.