we currently treat 'cache-control: must-revalidate' as a synonym for 'cache-control: no-cache'. but according to the http/1.1 spec there is a subtle difference between the two, and 'must-revalidate' is actually much less strict. from section 14.9.4: When the must-revalidate directive is present in a response received by a cache, that cache MUST NOT use the entry after it becomes stale to respond to a subsequent request without first revalidating it with the origin server. this simply means that we are permitted to reuse a cached response provided the cached response is still fresh. currently, we revalidate the cached response whenever it is requested (as a 'no-cache' directive would require). in other words, even if the user has selected a cache validation frequency of VALIDATE_ONCE_PER_SESSION or VALIDATE_NEVER, we'll still need to revalidate cached responses (when stale) that contain the 'must-revalidate' control header.

fixed with the landing of the patch for bug 112564.

Verified per darin's comment.