Full Page Caching header questions / issues
Relevant to this discussion (among various other headers set by the system), with Full Page Caching off, I see the following headers:
Cache-Control: max-age=21600, s-maxage=21600 Pragma: public Expires: <datetime + 6hrs>
However, when Full Page Caching is on, I see these headers instead:
Set-Cookie: CONCRETE5=<unique string>; path=/; HttpOnly Cache-Control: no-cache, private X-Frame-Options: SAMEORIGIN
Background: I found the issue because I'm running multiple Concrete5 (and other) sites on a single LEMP VPS, so I have set various security related headers within the Nginx file to be applied by default to each site. X-Frame-Options is one of those headers, and in some Concrete5 sites I was seeing the header twice, while other sites only had the header listed one time. Then I noticed the other header differences between the sites (even though the C5 versions were the same, and the Nginx configs were nearly identical). After many trials, I found the difference to be the Full Page Caching, and confirmed that turning it on, did indeed add/modify the headers.
Questions: I don't understand why any of these headers should be affected by a "server cache" setting, and specifically the Cache-Control header seems to have the opposite effect that you would expect: with the full page cache off the browser will cache locally for 6 hrs, but with full page cache on the browser will not cache locally. Should these headers be the same whether full page caching is on or off (at least the X-Frame-Options)? And, since full page caching disables client-side caching, wouldn't full page caching lead to a performance decrease (at least on average)?
Setting Full Page Caching to On did update the headers; however, changing it back to Off did not revert the headers. I have tried to clear the cache and restart the web service, but I still have the undesirable headers. If someone could explain what's going on, I would appreciate it.