From df9b6d7b976666526b2713911a353638ee87b2c9 Mon Sep 17 00:00:00 2001
From: Morten Tokle <mortent@yahooinc.com>
Date: Mon, 24 Oct 2022 13:28:34 +0200
Subject: Prevent browsers caching api responses

---
 .../jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java   | 1 +
 1 file changed, 1 insertion(+)

diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java
index 520e22de136..0059fcf1d25 100644
--- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java
+++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java
@@ -20,5 +20,6 @@ public class SecurityHeadersResponseFilter implements SecurityResponseFilter {
         response.setHeader("X-Content-Type-Options", "nosniff");
         response.setHeader("X-Frame-Options", "DENY");
         response.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
+        response.setHeader("Vary", "*");
     }
 }
-- 
cgit v1.2.3