For my site, Mongoose is serving HTTP requests with header including "Cache-Control: no-cache", and "If-None-Match" parameter providing the previous ETag. Usually this works correctly, and a 304 response is sent.
However, when the request includes an "Authorization" header, the 304 response is never sent, and the full document is transferred with a status 200 response. Is this correct behaviour? Perhaps it is a bug in Mongoose.