Login Start Free Trial Login Start Free Trial
 

HawkScan Test Info for Content Cacheability

HawkScan Test Info for Content Cacheability

Content Cacheability

Reference

Plugin Id: 10049 | CWE: 524

Remediation

  1. Set cache-control headers: Use appropriate cache-control headers (no-cache, no-store, private) for sensitive content.
  2. Review cacheable content: Audit all responses to ensure sensitive data is not cacheable by proxies or CDNs.
  3. Use private caching: Set Cache-Control: private for user-specific content to prevent shared caching.
  4. Implement proper expiration: Set appropriate cache expiration times based on content sensitivity.
  5. Test caching behavior: Verify that sensitive content is not cached by testing with proxy servers.

About

Content cacheability issues occur when web applications allow sensitive, personal, or user-specific information to be cached by intermediate servers, proxies, or CDNs. This can lead to information disclosure when cached sensitive content is served to unauthorized users.

Risks

Medium Inappropriate content caching can expose sensitive user data, personal information, or confidential content to unauthorized users through shared cache systems, potentially violating privacy and security requirements.