Retrieved from Cache

Remediation

1. Review cached content: Audit all content served from shared caches to ensure no sensitive data is included.
2. Set appropriate headers: Use Cache-Control: no-cache, no-store, private for sensitive content to prevent shared caching.
3. Implement cache validation: Add cache validation mechanisms to ensure appropriate content is being served.
4. User-specific content controls: Ensure user-specific or sensitive content is never cached in shared cache systems.
5. Monitor cache behavior: Regularly test and monitor caching behavior to prevent information leakage.

About

Content retrieved from cache indicates that sensitive or user-specific information may be served from shared cache systems rather than the origin server. This can lead to information disclosure when one user’s sensitive data is inadvertently served to another user through shared caching mechanisms.

Risks

High Cached sensitive content can result in serious information disclosure, session hijacking, unauthorized access to personal data, and potential complete compromise of user sessions depending on cached content and cache configuration.