Friday, May 3, 2013
Cacheable HTTPS response
Some browsers (e.g Internet Explorer) cache content even if accessed via HTTPS, thus if server returns sensitive information this may be retrieved by other users who have access to the browser.
To fix it, add the following headers into response:
Cache-control: no-store
Pragma: no-cache
More info here.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment