Hi bob3160,
Also watch your browser cache. See the handling of meta-tags.
Note that no-cache does actually allow a copy of the document to be stored whereas no-store prohibits it. As you might expect, Internet Explorer (IE) and Mozilla browsers have different implementations of these cache-control directives.
Both browsers will cache a document requested over an HTTP connection that has the "no-cache" directive set. Mozilla will not cache any pages by default over an HTTPS connection, whereas Internet Explorer will, unless the user has enabled the "Do not save encrypted pages to disk" option. A Mozilla browser never stores documents set with the "no-store" directive, but Internet Explorer only fully follows this directive when the page is requested over an HTTPS connection. So the only way of ensuring that your sensitive documents and pages are not cached without requiring your users to manually set any IE options is to use the "no-store" directive over an HTTPS connection. All browsers supporting HTTP 1.1 will support this directive.
You can set the no-store response header in IIS by opening the HTTP Headers property sheet for a Web site or preferably for a folder within a Web site as it not a good idea to use this header globally across an entire Web site but purely for content that absolutely must not be cached on the client.
polonus