Cache Control Header
Description
The HTTP 'Cache-Control' header is used to specify directives for caching mechanisms. The server did not return (or returned an invalid) 'Cache-Control' header, which means pages containing sensitive information could be stored client-side and then be exposed to unauthorized persons.
Remediation
Whenever possible, ensure the Cache-Control
HTTP header is set with no-cache
, no-store
, must-revalidate
, and that the pragma HTTP header is set with no-cache
.
GraphQL Specific
Apollo
Yoga
Awsappsync
Graphqlgo
Graphqlruby
Hasura
REST Specific
Asp_net
Ruby_on_rails
Next_js
Laravel
Express_js
Django
Symfony
Spring_boot
Flask
Nuxt
Fastapi
Configuration
Identifier:
protocol/header_cache_control
Examples
Ignore this check
checks:
protocol/header_cache_control:
skip: true
Score
- Escape Severity: LOW
Compliance
OWASP: API7:2023
pci: 6.5.10
gdpr: Article-32
soc2: CC1
psd2: Article-95
iso27001: A.14.2
nist: SP800-53
fedramp: SC-28
Classification
- CWE: 524
Score
- CVSS_VECTOR: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- CVSS_SCORE: 4.3