It sends a revalidation request, so unlikely in theory, but probably many [shared] hosting providers set up a forced cache on server side ... or otherwise the server-side was wrong. (After all if someone used no-cache instead of no-store maybe they mucked up something else too.)