We have received few bugs and customer cases where CF11 is adding cache-control and expire headers as part of the response. Thereby causing few issues to the existing code.
We have investigated this issue and found that this issue is happening only when the server is installed using development profile. And we found that in development profile we are enabling some settings on the server which will he helpful when setting environment for development purpose. The one setting which is causing this issue is Remote Inspection. Remote inspection helps in debugging & inspecting the mobile applications generated by coldfusion.
It is recommended to use Production profile or Production secure profile when installing CF for production environments. In case of production profile this setting is not enabled and its respective web.xml filters are disabled. But still in development environment some might be running some regression tests and this feature might be causing the test cases to fail.
Enabling this feature is includes cache-control headers in each and every CF response. This issue needs to be fixed but for now one can disable this feature in their development environment by unchecking the Allow Remote Inspection feature. The setting can be found at Debugging & Logging -> Remote Inspection in CF admin. Optionally one can even disable this feature in web.xml by commenting out the remote inspection j2ee filter. When someone again accidentally changes this setting does not make it effective when it commented out in web.xml.