Issue: Does the user have complete control over a private cache?
I.e., can the user configure the cache to ignore/override
certain cache directives/defaults, as is commonly known in
browsers as the "never check" mode?
Answer: Yes. There is no way for the protocol to prevent it,
regardless of our opinions on the matter.
Issue: Given the above, is it reasonable to require some indication
be presented (not necessarily a dialog box -- more likely a
broken-key type symbol) which indicates that the origin
server's requirements are being overridden?
http working group issues