These directives will not mitigate any security danger. They may be actually meant to force UA's to refresh risky information, not maintain UA's from becoming retaining information., to tell the server not to use its personal cache procedure when responding. This is certainly unrelated into the browser/server dynamic, and more about the server/data