![]() ![]() NOTE: Several of the references caution against the "kitchen-sink" approach to Cache-Control. In other words, if there is an old response already stored for a particular URL, returning no-store will not prevent the old response from being reused. ![]() Specify the value in the following format: Cache-Control: max-age seconds. The no-store directive prevents a response from being stored, but does not delete any already-stored response for the same URL. The minimum expiration time CloudFront supports is 0 seconds. These include:Ĭache-Control: must-revalidate, max-age=0, s-maxage=0Īnd finally, and this may not apply to your situation: These directives are generally robust, although additional flags may be necessary for the Cache-Control header in order to better prevent persistently linked files on the file system. In addition, OWASP mentions but doesn't elaborate on: So by adding the max-age=0 should force a reload of caches since the age would be stale and a refresh would occur. Obey this directive, and communications networks might be Particular, malicious or compromised caches might not recognize or Way a reliable or sufficient mechanism for ensuring privacy. Improve privacy in some cases, we caution that it is NOT in any Of certain users and service authors who are concerned aboutĪccidental releases of information via unanticipated accesses toĬache data structures. The purpose of this directive is to meet the stated requirements At the bottom of the definition it includes this: The no-store Cache-Control is to prevent the inadvertent release or retention of sensitive information. TL DR The addition of max-age=0 to the Cache-Control header could provide some additional security by stating the response is stale and not to use any cached responses. ![]() There's not enough information to comment on the validity of the recommendation. ![]()
0 Comments
Leave a Reply. |