Search This Blog

Friday, May 3, 2013

Cacheable HTTPS response

Some browsers (e.g Internet Explorer) cache content even if accessed via HTTPS, thus  if server returns sensitive information this may be retrieved by other users who have access to the browser.

To fix it, add the following headers into response:

Cache-control: no-store 
Pragma: no-cache 

More info here.

No comments:

Post a Comment