diff --git a/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp b/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp
index 8074e85d128..af4113058c8 100644
--- a/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp
+++ b/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp
@@ -199,10 +199,6 @@ nsHttpChannel::Init(nsIURI *uri,
         return NS_ERROR_OUT_OF_MEMORY;
     NS_ADDREF(mConnectionInfo);
 
-    // make sure our load flags include this bit if this is a secure channel.
-    if (usingSSL && !gHttpHandler->IsPersistentHttpsCachingEnabled()) 
-        mLoadFlags |= INHIBIT_PERSISTENT_CACHING;
-
     // Set default request method
     mRequestHead.SetMethod(nsHttp::Get);
 
@@ -2013,8 +2009,12 @@ nsHttpChannel::InitCacheEntry()
     if (mResponseHead->NoStore())
         mLoadFlags |= INHIBIT_PERSISTENT_CACHING;
 
-    // For HTTPS transactions, the storage policy will already be IN_MEMORY.
-    // We are concerned instead about load attributes which may have changed.
+    // Only cache SSL content on disk if the server sent a
+    // Cache-Control: public header, or if the user set the pref
+    if (!gHttpHandler->CanCacheAllSSLContent() &&
+        mConnectionInfo->UsingSSL() && !mResponseHead->CacheControlPublic())
+        mLoadFlags |= INHIBIT_PERSISTENT_CACHING;
+
     if (mLoadFlags & INHIBIT_PERSISTENT_CACHING) {
         rv = mCacheEntry->SetStoragePolicy(nsICache::STORE_IN_MEMORY);
         if (NS_FAILED(rv)) return rv;
@@ -3462,12 +3462,6 @@ NS_IMETHODIMP
 nsHttpChannel::SetLoadFlags(nsLoadFlags aLoadFlags)
 {
     mLoadFlags = aLoadFlags;
-
-    // don't let anyone overwrite this bit if we're using a secure channel.
-    if (mConnectionInfo && mConnectionInfo->UsingSSL() 
-        && !gHttpHandler->IsPersistentHttpsCachingEnabled())
-        mLoadFlags |= INHIBIT_PERSISTENT_CACHING;
-
     return NS_OK;
 }
 
diff --git a/mozilla/netwerk/protocol/http/src/nsHttpHandler.h b/mozilla/netwerk/protocol/http/src/nsHttpHandler.h
index 0b017d34e31..0e4f6adc1cd 100644
--- a/mozilla/netwerk/protocol/http/src/nsHttpHandler.h
+++ b/mozilla/netwerk/protocol/http/src/nsHttpHandler.h
@@ -106,7 +106,7 @@ public:
     nsIIDNService *IDNConverter()            { return mIDNConverter; }
     PRUint32       PhishyUserPassLength()    { return mPhishyUserPassLength; }
     
-    PRBool         IsPersistentHttpsCachingEnabled() { return mEnablePersistentHttpsCaching; }
+    PRBool         CanCacheAllSSLContent()   { return mEnablePersistentHttpsCaching; }
 
     nsHttpAuthCache     *AuthCache() { return &mAuthCache; }
     nsHttpConnectionMgr *ConnMgr()   { return mConnMgr; }
diff --git a/mozilla/netwerk/protocol/http/src/nsHttpResponseHead.cpp b/mozilla/netwerk/protocol/http/src/nsHttpResponseHead.cpp
index 77a53ff870e..a1aef490c00 100644
--- a/mozilla/netwerk/protocol/http/src/nsHttpResponseHead.cpp
+++ b/mozilla/netwerk/protocol/http/src/nsHttpResponseHead.cpp
@@ -482,6 +482,7 @@ nsHttpResponseHead::Reset()
     mContentLength = LL_MAXUINT;
     mCacheControlNoStore = PR_FALSE;
     mCacheControlNoCache = PR_FALSE;
+    mCacheControlPublic = PR_FALSE;
     mPragmaNoCache = PR_FALSE;
     mStatusText.Truncate();
     mContentType.Truncate();
@@ -631,6 +632,7 @@ nsHttpResponseHead::ParseCacheControl(const char *val)
         // clear flags
         mCacheControlNoCache = PR_FALSE;
         mCacheControlNoStore = PR_FALSE;
+        mCacheControlPublic = PR_FALSE;
         return;
     }
 
@@ -642,6 +644,10 @@ nsHttpResponseHead::ParseCacheControl(const char *val)
     // search header value for occurrence of "no-store" 
     if (nsHttp::FindToken(val, "no-store", HTTP_HEADER_VALUE_SEPS))
         mCacheControlNoStore = PR_TRUE;
+
+    // search header value for occurrence of "public" 
+    if (nsHttp::FindToken(val, "public", HTTP_HEADER_VALUE_SEPS))
+        mCacheControlPublic = PR_TRUE;
 }
 
 void
diff --git a/mozilla/netwerk/protocol/http/src/nsHttpResponseHead.h b/mozilla/netwerk/protocol/http/src/nsHttpResponseHead.h
index 03a2d3f6191..890a79ddb9b 100644
--- a/mozilla/netwerk/protocol/http/src/nsHttpResponseHead.h
+++ b/mozilla/netwerk/protocol/http/src/nsHttpResponseHead.h
@@ -56,6 +56,7 @@ public:
                          , mContentLength(LL_MAXUINT)
                          , mCacheControlNoStore(PR_FALSE)
                          , mCacheControlNoCache(PR_FALSE)
+                         , mCacheControlPublic(PR_FALSE)
                          , mPragmaNoCache(PR_FALSE) {}
    ~nsHttpResponseHead() 
     {
@@ -71,6 +72,7 @@ public:
     const nsAFlatCString &ContentCharset() { return mContentCharset; }
     PRBool                NoStore()        { return mCacheControlNoStore; }
     PRBool                NoCache()        { return (mCacheControlNoCache || mPragmaNoCache); }
+    PRBool                CacheControlPublic() { return mCacheControlPublic; }
     /**
      * Full length of the entity. For byte-range requests, this may be larger
      * than ContentLength(), which will only represent the requested part of the
@@ -148,6 +150,7 @@ private:
     nsCString         mContentCharset;
     PRPackedBool      mCacheControlNoStore;
     PRPackedBool      mCacheControlNoCache;
+    PRPackedBool      mCacheControlPublic;
     PRPackedBool      mPragmaNoCache;
 };