Get a quote

Vulnerability Fixation
Cacheable Https Response

Book a Free Consultation

What is cacheable HTTPS?
Caching is an optional feature of HTTP designed to reduce the need for repeated requests by reusing stored responses. By default, web browsers can cache content over HTTPS the same way as over HTTP unless the server explicitly instructs otherwise using HTTP headers.

The most common cached response is a 200 OK result from a GET request. However, browsers can also cache:

  • Permanent redirects
  • 404 Not Found responses
  • Partial content (206 responses)
  • Responses to other methods if caching is allowed

If an application stores sensitive information in cache for a long period, it can lead to confidentiality breaches. Cached sensitive data may allow future users to access another user's session details, potentially leading to privilege escalation (horizontal or vertical).

Verification of Vulnerability

By default, HTTPS responses are cached unless instructed not to via headers. To verify vulnerability, inspect HTTP headers:

  • If Cache-Control header has a non-zero max-age value (e.g. Cache-Control: max-age=3600), it indicates the browser is allowed to cache the page for 1 hour.
  • Absence of restrictive cache headers suggests sensitive data may remain cached locally.

                                                                                                   Remediation
The web server should return the following HTTP headers in all responses containing sensitive content:

                                Cache-control: no-store
                                Pragma: no-cache

Standard Cache-Control directives that can be used by the client in an HTTP request:

        Cache-Control: max-age=<seconds>
        Cache-Control: max-stale[=<seconds>]
        Cache-Control: min-fresh=<seconds>
        Cache-Control: no-cache
        Cache-Control: no-store
        Cache-Control: no-transform
        Cache-Control: only-if-cached

Standard Cache-Control directives that can be used by the server in an HTTP response:

         Cache-Control: must-revalidate
         Cache-Control: no-cache
         Cache-Control: no-store
         Cache-Control: no-transform
         Cache-Control: public
         Cache-Control: private
         Cache-Control: proxy-revalidate
         Cache-Control: max-age=<seconds>
         Cache-Control: s-maxage=<seconds>

Also Read :

Content Sniffing

How To Enable Content Sniffing?

Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...

Read More

Content Sniffing

How To Enable Content Sniffing?

Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...

Read More

Content Sniffing

How To Enable Content Sniffing?

Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...

Read More

Content Sniffing

How To Enable Content Sniffing?

Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...

Read More