Typically, you can call WordPress’ nocache_headers() function when you don’t want content to be cached. Typically, but when you’re serving from behind Nginx as a reverse proxy, consideration must be paid.
It’s a year old now, so I shouldn’t have been surprised by it, but this thread on the Nginx forums explains that Cache-Control: private headers are meaningless when Nginx is being used as a reverse proxy:
nginx completely ignores the ‘private’ keyword and will cache your document regardless.
The recommendation is for the upstream app to send an X-Accel-Expires: 0 header.
The easy fix? Add a filter to nocache_headers() that inserts the additional header:
add_action( 'nocache_headers' , 'my_nocache_headers' , 1 );
function my_nocache_headers( $headers )
{
$headers['X-Accel-Expires'] = 0;
return $headers;
}