"Cache-Control: no-store" considered incomplete?

410 views
Skip to first unread message

Nicolas Christin

unread,
Jul 2, 2020, 10:20:36 AM7/2/20
to OWASP ZAP User Group
Passive rule "10015 - Incomplete or No Cache-control and Pragma HTTP Header Set" gets triggered when a response contains a "Cache-Control: no-store" header. Is it really intended?


no-store
The response may not be stored in any cache. Although other directives may be set, this alone is the only directive you need in preventing cached responses on modern browsers.

Thanks,
Nicolas

TeeWeTee

unread,
Feb 16, 2021, 7:12:54 AM2/16/21
to OWASP ZAP User Group
Interesting. On the English page I see the exact same thing:

NoCache.png
However the page in German shows something different:

NoCache-german.png

I think this probably changed recently? Anyway this should be clarified...

nic.ch...@gmail.com

unread,
Feb 16, 2021, 8:21:35 AM2/16/21
to OWASP ZAP User Group
I recently opened an issue for this: https://github.com/zaproxy/zaproxy/issues/6446
Reply all
Reply to author
Forward
0 new messages