Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
In the code inside the function imagecache_transfer the header is set as below
$headers[] = 'Cache-Control: max-age=1209600, private, must-revalidate';
Should this private header be set only if its a private file (i.e. pass in the flag to see if this is private?
I would propose having the flag set to this function and only include the 'private, must-revalidate' if the file being served is from the private location.