Does Cache-Control: no-cache="Set-Cookie, Set-Cookie2" actually prevent caching cookies?
This OWASP recommendation says:
it is highly recommended to use the Cache-Control: no-cache="Set-Cookie, Set-Cookie2" directive, to allow web clients to cache everything except the session ID
But the mozilla docs say
The no-ca…