Demonstration of browsers' failure to honor HTTP caching headers on history navigation

app.rb

#!/usr/bin/env ruby

require "sinatra"
require "json"

get "/data.json" do
  content_type :json
  headers({
    "Cache-Control" => "must-revalidate, no-store, no-cache, private",
    "Pragma" => "no-store, no-cache",
    "Etag" => "\"#{SecureRandom.hex}\"",
  })

  { value: SecureRandom.hex }.to_json
end

get "/" do
  content_type :html

  <<-HTML
  <!doctype html>
  <html>
    <body>
      <h1 id="data-header"></h1>
      <a href="/other">Go To Other</a>
      <script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/2.0.2/jquery.min.js"></script>
      <script type="text/javascript">
        $(function() {
          $.getJSON('/data.json', function(data, text_status, xhr) {
            $('#data-header').html(data['value']);
          });
        });
        $(window).unload(function(){});
      </script>
    </body>
  </html>
  HTML
end

get "/other" do
  content_type :html

  <<-HTML
  <!doctype html>
  <html>
    <body>
      <h1>Welcome To Other</h1>
      <a href="/">Go Home</a>
    </body>
  </html>
  HTML
end

Gemfile

source "https://rubygems.org"

gem "sinatra"

To demo:

bundle install
ruby app.rb

Then open http://localhost:4567/ in a browser. Fails on: Chrome, Firefox, Safari.