Description

The application lacks the Cache Control security header or sets the header in a insecure value.

Impact

- Store sever responses with sensitive information in the browsers cache. - Produce potentially harmful server responses using Cache Poison attacks.

Recommendation

Set the Cache Control header in the server responses using a secure value such as no-store , no-cache and must-revalidate.

Threat

Unauthorized attacker from local network.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

Fixes