> ## Documentation Index
> Fetch the complete documentation index at: https://docs.go-mizu.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# No Cache

> Prevent caching middleware for sensitive or dynamic content.

## Overview

The `nocache` middleware sets headers to prevent browsers and proxies from caching responses. Use it for sensitive data or frequently changing content.

## Installation

```go theme={null}
import "github.com/go-mizu/mizu/middlewares/nocache"
```

## Quick Start

```go theme={null}
app := mizu.New()
app.Use(nocache.New())
```

## Headers Set

```
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Pragma: no-cache
Expires: 0
Surrogate-Control: no-store
```

## Examples

### Global No-Cache

```go theme={null}
app.Use(nocache.New())
```

### Specific Routes

```go theme={null}
// Don't cache sensitive endpoints
app.Get("/api/user", userHandler, nocache.New())
app.Get("/api/account", accountHandler, nocache.New())
```

### API Group

```go theme={null}
api := app.Group("/api")
api.Use(nocache.New())

api.Get("/users", listUsers)
api.Get("/data", getData)
```

## API Reference

```go theme={null}
func New() mizu.Middleware
```

## When to Use

* User-specific data
* Authentication responses
* Frequently changing data
* Sensitive information
* Real-time data

## Technical Details

The nocache middleware is implemented as a simple wrapper that sets anti-caching headers before passing control to the next handler in the chain.

### Implementation

The middleware:

1. Retrieves the response header object from the context
2. Sets four HTTP headers to prevent caching at multiple levels:
   * `Cache-Control`: Provides comprehensive cache directives for HTTP/1.1
   * `Pragma`: Backward compatibility with HTTP/1.0 caches
   * `Expires`: Sets expiration to prevent caching
   * `Surrogate-Control`: Controls CDN and proxy caching behavior
3. Calls the next handler in the middleware chain

### Performance

* Zero-allocation implementation
* Minimal overhead (4 header writes per request)
* No configuration or state management required
* Thread-safe for concurrent requests

## Best Practices

* Apply to routes serving sensitive or user-specific data
* Use sparingly on static content to avoid performance degradation
* Consider combining with HTTPS for maximum security
* Test cache behavior with browser developer tools
* Apply at the route level rather than globally when possible

## Testing

The middleware includes comprehensive tests to verify correct header configuration.

| Test Case                | Description                                   | Expected Behavior                                                       |
| ------------------------ | --------------------------------------------- | ----------------------------------------------------------------------- |
| Cache-Control Header     | Validates the Cache-Control header is set     | Sets "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0" |
| Pragma Header            | Validates the Pragma header is set            | Sets "no-cache" for HTTP/1.0 compatibility                              |
| Expires Header           | Validates the Expires header is set           | Sets "0" to indicate immediate expiration                               |
| Surrogate-Control Header | Validates the Surrogate-Control header is set | Sets "no-store" to prevent CDN/proxy caching                            |

## Related Middlewares

* [cache](/middlewares/cache) - Enable caching