You can’t force a browser (or other User Agent) to do anything. You must carefully implement your server side code to prevent malicious or accidental damage. That said, you can sometimes improve the user experience a lot by asking browsers nicely not to cache anything and thus to request the page again when (amongst other things) the Back button is used.
You can do this with the following HTTP headers. (Note: This doesn’t work on Opera as it does on other browsers.)
Cache-Control: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache
In PHP you can do this with:
header("Cache-Control: no-cache"); // Forces caches to obtain a new copy of the page from the origin server header("Cache-Control: no-store"); // Directs caches not to store the page under any circumstance header("Expires: " . date('D, d M Y H:i:s', 0) . ' GMT'); //Causes the proxy cache to see the page as "stale" header("Pragma: no-cache"); // HTTP 1.0 backward compatibility
This is not the perfect solution. If the browser ignores these headers (
as Opera will – see comments) then you can still go back and see stale pages. I wonder what banks do to get around this where the viewing of a stale page can be considered a security breach?