Cache Header Question
116 views
Skip to first unread message
Rambo 2000
Apr 11, 2018, 8:36:02 AM4/11/18
to OWASP ZAP User Group
Hi,
i'm testing the passive scan with my website and i got many alerts about caching: Incomplete or No Cache-control and Pragma HTTP Header Set The cache-control and pragma HTTP header have not been set properly or are missing allowing the browser and proxies to cache content.
My goal is disallow caching and the response header is:
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
X-Frame-Options: SameOrigin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536001
X-UA-Compatible: IE=edge
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'none'
Date: Wed, 11 Apr 2018 11:35:09 GMT
Content-Length: 3844
Why this alert is raised? I forgot something?
Thank you
thc...@gmail.com
Apr 11, 2018, 9:22:44 AM4/11/18
to zaprox...@googlegroups.com
Hi.
It's missing the directive "must-revalidate" in the Cache-Control header
(I think the solution of the alert mentions that).
Best regards.
On 11/04/18 13:36, Rambo 2000 wrote:
> Hi,
>
> i'm testing the passive scan with my website and i got many alerts about
> caching: *Incomplete or No Cache-control and Pragma HTTP Header Set The
It's missing the directive "must-revalidate" in the Cache-Control header
(I think the solution of the alert mentions that).
Best regards.
On 11/04/18 13:36, Rambo 2000 wrote:
> Hi,
>
> i'm testing the passive scan with my website and i got many alerts about
> cache-control and pragma HTTP header have not been set properly or are
> missing allowing the browser and proxies to cache content.*
Rambo 2000
Apr 12, 2018, 1:11:18 AM4/12/18
to OWASP ZAP User Group
Thank you. Now it works.
Reply all
Reply to author
Forward
0 new messages