Karen's right that we have to work with ISP proxies, and we should. The only thing I might consider ignoring is if someone is using personal caching software that is buggy or misconfigured. But ISPs generally run something well-known and clean like Squid, and we have to work there.
I noticed that I while I was sending cache-control headers on articles, I wasn't sending them on redirects, which are used for the random page function (among others), so it was using server defaults. I fixed the code to make sure it turns off caching for everything. Karen, you should start working as soon as your last attempt expires--the server default was three hours. 0