Cache Browsing

Introduction

Browsers often store information in a client-side cache, which can leave behind sensitive information for other users to find and exploit, such as passwords or credit card numbers.

How to Test

After you log out of an application and clicked the browser back button, it should not go to previously visited pages inside the application. If you can able to navigate through the history then cache browsing is enabled.

How to Fix

PHP

We have to add the following code in the required php file.

<?php 
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); 
header("Pragma: no-cache"); 
?>

JSP

<% 
response.addHeader("Cache-Control", "no-cache, no-store, must-revalidate"); 
response.addHeader("Pragma", "no-cache"); 
response.setDateHeader("Expires", 0); 
%>

PreviousImplementation of BASIC Authentication NextInsecure Direct Object Reference

Last updated 5 years ago

Was this helpful?