Missing or Insecure Cache-Control Header
Impact: Informational
Description
Web cache or HTTP cache is a system used to optimize web performance. Browsers cache the contents of a resource to reuse it on subsequent requests, which can improve page load times by caching images and other static resources. However, it’s crucial to prevent clients from caching pages that contain sensitive, dynamic, or user-specific content to avoid information disclosure.
Recommendation
To prevent caching of sensitive or dynamic content, ensure that the appropriate Cache-Control headers are set. You can use one of the following headers:
Cache-Control: no-cache, no-store
Cache-Control: max-age=0, must-revalidate
Cache-Control: private
References
👉 You might also like:
X-Powered-By Header Found - Vulnerability
ASP.NET Version Disclosure - Vulnerability
PHP Version Disclosure - Vulnerability
ViewState is not Encrypted - Vulnerability
Last updated on May 13, 2024