Note HTML header type

david-a-wheeler · david-a-wheeler · commit abfe0863289e · 2023-07-14T17:16:00.000-04:00
Signed-off-by: David A. Wheeler &lt;dwheeler@dwheeler.com&gt;
diff --git a/secure_software_development_fundamentals.md b/secure_software_development_fundamentals.md
@@ -3319,15 +3319,15 @@ If your site is publicly accessible, you can easily test your headers using the
 
 If you are serving especially sensitive data, you should *only* serve that data from a few specific web pages and *completely* disable caching of that data on the server, client, and any proxies along the way. Disabling caches prevents accidental spills from a cache. On the server commonly-used systems for caching include memcached and Redis - disable caching of that data when you can. The safest way to ensure that the web browser and web proxy caching is disabled is through this set of HTTP headers (["How do we control web page caching, across all browsers?"](https://stackoverflow.com/questions/49547/how-do-we-control-web-page-caching-across-all-browsers)):
 
-~~~~
+~~~~html_header
 Cache-Control: no-cache, no-store, must-revalidate
 Pragma: no-cache
 Expires: 0
 ~~~~
 
 Some of these settings are only relevant to extremely old browsers. If you only care about current browsers, this HTTP header is enough to disable caching:
 
-~~~~
+~~~~html_header
 Cache-Control: no-store, must-revalidate
 ~~~~
 
