StackHawk Documentation StackHawk Logo HawkDocs
vulnerabilities
10049

No results found

Try different keywords or check your spelling

Search documentation

Find guides, API references, and more

esc
Back to Index

Content Cacheability

Reference
Plugin ID: 10049 CWE: 524 WASC: 13 Unknown Passive Information Exposure

Remediation

  1. Set cache-control headers: Use appropriate cache-control headers (no-cache, no-store, private) for sensitive content.
  2. Review cacheable content: Audit all responses to ensure sensitive data is not cacheable by proxies or CDNs.
  3. Use private caching: Set Cache-Control: private for user-specific content to prevent shared caching.
  4. Implement proper expiration: Set appropriate cache expiration times based on content sensitivity.
  5. Test caching behavior: Verify that sensitive content is not cached by testing with proxy servers.

About

Content cacheability issues occur when web applications allow sensitive, personal, or user-specific information to be cached by intermediate servers, proxies, or CDNs. This can lead to information disclosure when cached sensitive content is served to unauthorized users.

Risks

Medium Inappropriate content caching can expose sensitive user data, personal information, or confidential content to unauthorized users through shared cache systems, potentially violating privacy and security requirements.

Your privacy settings

We use first and third party cookies to ensure that we give you the best experience on our website and in our products.

Privacy Policy