cache-control mess in the headers and posible leak of secure

I did exactly that you instructed to do and that I listed above. All other that you see on video is just demonstrations the content (.htaccess and other).

I definitely did NOT do anything else. So, the experiment was absolutely clean.

All the manipulation with .htaccess were out of our experiment (before, when I created the table a days ago).

Hi Alexander,

We are looking at this, we will get back to your shortly.

We are having a hard time understanding the full picture of what you did and what you didn't do (the video doesn't help much). For example, did you modify the .htaccess file? If so, we expect you to mention it in the reproduction steps, along with screenshots of the modifications you made.

To bring more clarity to the situation, let's start from the beginning. Please provide us with the reproduction steps for #5 using the following format (it is important that you follow this format):

== How to reproduce the issue ==

1. Go to X page

2. Click on Y button, screenshot: https://example.com/screenshot.png

3. Enter Z in the input field

4. You will see A, screenshot: https://example.com/screenshot.png

== Expected result ==

In step 4, I expect to see B, screenshot: https://example.com/screenshot.png

Here's an example:?https://prnt.sc/m5B4xGNc3JOi

Let us know if you have any questions.

Hi,
as I wrote above (I hope you read me very carefully):
I ONLY did exactly that you instructed to do and that I listed above ONLY. I definitely did NOT do anything else.

So, I did NOT do anything with .htaccess!!!!!!!!!!!

Please, ask you technical team to stop dreaming on my actions and read me carefully, please. I believe that I described clear enough the huge investigation work that I had done for your team.

I believe that the issueES lay on top and can be reproduced without any difficulties.

Hi Alexander,

I am just checking this with the development team

Hi @forcesail

I followed the same steps you’ve demonstrated in your video and I couldn’t able to reproduce the issue. Please watch the video and let me know where I went wrong.

https://drive.google.com/file/d/1aVvGK1ovDPvN9eUd1ueROrYr_j0HdAZv/view?usp=drive_link

In my testing, there is no cache-control header by default in WordPress. As per the apache documentation
https://httpd.apache.org/docs/2.4/mod/mod_headers.html#header

Only using add causes 2 or more headers with the same name. Whereas WP-O uses set in its .htaccess rules.

If this is browser specific or server specific (i.e. specific version of module header, rewrite) then I’m afraid I couldn’t do much to help you.

You could disable browser caching in WP-Optimize and setup your own rules in your server to solve the issue?

Hello Venkat Raj,

the difference is in Incognito mode: you do in unloged-in.
1) WP adds headers for logged in users
2) WPO adds headers:
– for “Browser static file caching settings”
– when minifying is on
– when cached
2) Apache doesn’t join same named headers from PHP and from mod_headers (it seems to be an error in Apache 2.4). Some other servers do.

See 2 screenshots:
1) unlogged: https://forcesail.ru/Cache-Control/not-logged.jpg
2) logged-in: https://forcesail.ru/Cache-Control/logged-in.jpg

Hello Alexander,

Here is logged in version of the same steps.
https://drive.google.com/file/d/1mKcxfLJQnDZrKC8P5NEjasd_vtLgIr3X/view?usp=drive_link

It is also from Apache 2.4 as you can see in screencast.

Minify only overwrite the value on static assets, doesn’t send separate headers
https://plugins.trac.www.ads-software.com/browser/wp-optimize/tags/3.2.16/minify/class-wp-optimize-minify-front-end.php#L2115

Since this seems to be a specific environment issue, I’m afraid I couldn’t help much.

I agree with one thing that If an URL is excluded then browser cache shouldn’t send caching headers for that page. I’ve added this to our to do list.

Hello Venkat,

unfortunately I have to report you that it’s quite common problem with Apache server.

I have passed through your support request list and, although the most of requesters don’t use WPO any more I have found a few websites with the same problem: duplicate Cache-Control header. For example this one: https://petrbarvik.cz/

Another thing is that is issue is known and disputed in internet:
https://www.google.co.uk/search?&q=mod_headers+sends+duplicate+headers

So, the only reason is to avoid use mod_headers at all.

Please, indicate will and when will have you fixed the issues that I have reported you recently or you advice to avoid to use WPO as it will keep breaking sites (I mean all issues that I have reported recently, especially that one that connects with WPTouch).

Hi,

We have created an internal ticket for the fix. Unfortunately we cannot offer a time frame for this. My advice would be to keep an eye on the changelog.