why not just Cache-Control: private? The added ", proxy-revalidate" seems to fall under a cache extension, right?
While I could imagine the proxy-revalidate would seem to make sense on the surface, while reading through the section on Cache Revalidation and Reload Controls, the last entry is on proxy-revalidate and states 2 specific things:
1) "does not apply to non-shared user agent caches", so this doesn't make much sense since we're specifically disallowing shared caches already with the "private" header.
2) "Note that such authenticated responses also need the public cache control directive in order to allow them to be cached at all." which agrees with the first in that this response shouldn't be cached at shared caches since we didn't tag it as public
did a google for "site:livejournal.com caching" to see if existing caching behavior was already explained somewhere, but nothing seemed like a good match.