Missing or Insecure Cache-Control Header

Impact: Informational

Description

Web cache or HTTP cache is a system for optimizing the web. Browsers cache contents of a resource once and reuse it on consequent requests. Caching images on the web can boost page load time. But clients should not be allowed to cache pages that display sensitive, dynamic, or user specific contents.

Recommendation

Set any of following headers to prevent clients from caching the page.

Cache-Control: no-cache, no-store

Cache-Control: max-age=0, must-revalidate

Cache-Control: private

References

OWASP: Session Management Cheat Sheet
CWE-525
OWASP 2021-A4
CWE-200
OWASP 2007-A6
OWASP 2021-A1

👉 You might also like:

X-Powered-By Header Found - Vulnerability

PHP Version Disclosure - Vulnerability

Unreferenced Login Page Found - Vulnerability

ASP.NET Version Disclosure - Vulnerability

Last updated on April 10, 2022

Missing or Insecure Cache-Control Header

Description

Recommendation

References

Use SmartScanner Free version to test for this issue