I don't understand why by default ASP.NET sends a cache-control="private" header to the client? Surely .aspx pages should not be cached because they're dynamic.

But then, it seems that browsers always go back to the server for each request anyway. What's going on?

Cache-Control private says that it's OK for the client to cache the page, subject to its expiration date.  The expiration can either be provided with Cache-Control: max-age, or with an Expires HTTP header.  In the default case, the page is set to expire immediately, which means that it won't be cached.

One of the purposes of Cache-Control: private is really to tell intermediate proxies that they should not cache the page.

BTW, just because a page is dynamic doesn't mean that it should never be cached.  There are many cases where caching a dynamic page is appropriate.  You can cache not only at the client, but also in proxies and in the server's output cache.

(FWIW, I cover this subject in detail in my book).

Thanks for your reply. Which is your book (I'm sure you were hoping I'd ask!!)? The main reason I posted is because IE8 is being funny with my pages. I can always reproduce as follows:

1. Open www.mydomain.com/test.aspx in IE8 (Safe Mode)
   
2. Modify page in VS.NET, and upload
3. Open www.mydomain.com/test.aspx in IE8 again (by clicking in the address bar and pressing Enter)

No changes appear. Of course, I can see changes by clearing the cache, or pressing Ctrl-F5 - or even just navigating to another page and back. No such problem in Firefox 3.5.

The only cache-related header that is sent is cache-control="private" (no expires, etc). Presumably I can fix with Response.Cache.SetCacheability(HttpCacheability.NoCache) in Global.asax - but I still don't see how this is a good default setting.

Or is this just IE8 being a terrible browser?

The book I mentioned is the one in my signature:

Ultra-fast ASP.NET: Building Ultra-Fast and Ultra-Scalable Websites Using ASP.NET and SQL Server

Hard to say what's going on.  Have you looked at the returned HTML with Fiddler, to see what's happening?

With no Expires or max-age headers, the browser should request the page again if you come to it again.  However, browsers are free to do some "extra" caching when you're moving back-and-forth between a requested page in the same browser session.

In general, users (and websites) expect at least a minimal amount of caching on the client.  That's why Cache-control: private is the default.  If you don't want any caching at all, then you should disable it with NoCache, as you said.