Comment A gem from the discussion (Score 2) 324
I fully support this proposal. In addition to APIs, I'd like to propose prohibiting caching any resources loaded over insecure HTTP, regardless of Cache-Control header, in Phase 2.N. The reasons are:
1) MITM can pollute users' HTTP cache, by modifying some JavaScript files with a long time cache control max-age.
2) It won't break any websites, just some performance penalty for them.
3) Many website operators and users avoid using HTTPS, since they believe HTTPS is much slower than plaintext HTTP. After deprecating HTTP cache, this argument will be more wrong.
I'm sure the users will appreciate the extra traffic!
I can see 1 being a thing, but 2 is a penalty for the end-user on metered connections, and 3 is an argument for "Mozilla is much slower than [insert browser here]".