These directives doesn't mitigate any security chance. They are really genuinely meant to pressure UA's to refresh volatile information, not retain UA's from currently being retaining information.Quite simply NoCache attribute won't leak to other actions if they execute little one steps. Also, The category identify really should be NoCacheAttribute