1. Support Center
  2. Issue Definitions
  3. Cacheable HTTPS response

Cacheable HTTPS response

Description: Cacheable HTTPS response

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Remediation: Cacheable HTTPS response

Applications should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

  • Cache-control: no-store
  • Pragma: no-cache

Vulnerability classifications

Typical severity

Information

Type index

0x00700100

Burp Scanner

Burp Scanner

This issue - and many more like it - can be found using our web vulnerability scanner

Read more
Get Burp

Get Burp

Scan your web application from just $399.00

Find out more
back-to-top