alll browsers WILL not cache a url if ALL of the following are true:
- the response has an Expires header in the past, present, or very-near future
- the response has a Date header
- the response status code is 200
- certain proxies want Cache-Control: Private to avoid local caching.
if a 304 slips out, the browser gets paranoid and usually pings the script url going forward.
at that point, if your Date and Expires are different, or the content-length has changed, and yet expires is in the past, a new copy should be shipped.
you can bank on that algo by avoiding 304s altogether.
other things like etags, pragma, can help good caching, but don't really work to prevent caching.
the url creeping of using a random() or timestamp in the url pollutes the cache and purges useful content, don't do it.