I want to find a minimal set of headers, that work with "all" caches and browsers (also when using HTTPS!)

On my (GWT-based) web site, I'll have three kinds of resources:

1. Forever cacheable (public / equal for all users)

These files don't ever change, and they get a filename based on the MD5 of their contents (this is GWT's approach).

They should get cached as much as possible, even when using HTTPS (so I assume, I should set Cache-Control: public, especially for Firefox?)

2. Changing for every new version of the site (public / equal for all users)

These files can be cached, but probably need to be revalidated every time.

3. Individual for each request (private / user specific)

These resources (e. g. JSON responses) should never be cached unencrypted to disk under no circumstances. (Maybe I'll have a few specific requests that could be cached.)

I have a general idea on which headers I would probably use for each type, but there's always something I could be missing.