http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.1

private:

Indicates that all or part of the response message is intended for a single user and MUST NOT be cached by a shared cache. This allows an origin server to state that the specified parts of the response are intended for only one user and are not a valid response for requests by other users. A private (non-shared) cache MAY cache the response. Note: This usage of the word private only controls where the response may be cached, and cannot ensure the privacy of the message content.

注意，该header仅对代理(proxy server)有效，对浏览器而言只有一个用户