How to clear insecure browser caching
Application Type
Traditional Web

Hi,

I have the penetration issue about Insecure browser caching, Could you please suggest us the solution to prevent the attacker able to get sensitive data (details page) in cache files? The testing result shown that a sensitive data was store in the client side cache.


Recently, I implemented the solution to add Header action that founded in the forum (reference URL: https://www.outsystems.com/forums/discussion/51579/how-to-prevent-cache-in-web-page/)

but it still didn't pass the penetration test.


Thank you in advance.

I guess this link from OWASP and other explaining each attributes can give you a north how to do it.


Testing for Browser Cache Weaknesses

https://is.gd/jVSpSA

Cache Control

https://is.gd/erSsSj


Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.