Safari doesn't respect Cache-Control HTTP headers?

Using a variety of resources, I've come up with the following django middleware to prevent browser caching for authenticated users:

class NoBrowserCachingMiddleware:
    def add_to_header(self, response, key, value):
        if response.has_header(key):
            values = re.split(r'\s*,\s*', response[key])
            if not value in values:
                response[key] = ', '.join(values + [value])
        else:
            response[key] = value

    def process_response(self, request, response):
        if hasattr(request, 'user') and request.user.is_authenticated():
            response['Expires'] = 0
            self.add_to_header(response, 'Cache-Control', 'no-cache')
            self.add_to_header(respo开发者_运维问答nse, 'Cache-Control', 'no-store')
            self.add_to_header(response, 'Cache-Control', 'must-revalidate')
            self.add_to_header(response, 'Pragma', 'no-cache') #HTTP 1.0
            if request.is_ajax():
                return response
            if response.status_code != 200:
                return response
            if 'text/html' not in response['Content-Type']:
                return response

            # safari back button fix
            response.content = response.content.replace('<body', '<body onunload=""')

        return response

I would like to remove the piece where I have to modify the response content. If I do, however, Safari will display the previous cached page after a logout if the user hits the back button. Is there any way to prevent this using standard HTTP headers?

Thanks, Pete