Ref: https://stackoverflow.com/questions/10314174/difference-between-pragma-and-cache-control-headers
"The Pragma: no-cache header field is an HTTP/1.0 header intended for use in requests. It is a means for the browser to tell the server and any intermediate caches that it wants a fresh version of the resource, not for the server to tell the browser not to cache the resource. Some user agents do pay attention to this header in responses, but the HTTP/1.1 RFC specifically warns against relying on this behavior."
Pragma
is the HTTP/1.0 implementation and cache-control
is the HTTP/1.1 implementation of the same concept. They both are meant to prevent the client from caching the response. Older clients may not support HTTP/1.1 which is why that header is still in use.
Although the answer of cnst below is much more complicated, it is also much more correct according to the specification. Pragma: no-cache
is intended to be used only in requests (meaning "I want the original, not a cached copy") and its behaviour is not specified for responses.
Cache-Control: no-cache
has the same meaning for requests but is actually also defined for responses, meaning "If you want to use a cached copy of this in future, you must first check with me that it is up-to-date (i.e. perform revalidation)".