Details
-
Improvement
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
None
-
None
Description
Unspecified Cache-Control HTTP header is vulnerable. Set it to no-store to avoid caching sensitive data for stronger security. It should be the default unless users override it.
Reference: https://www.virtuesecurity.com/kb/cache-controls-explained/