Vulnerability
Description
The content was retrieved from a shared cache. If the response contains sensitive, personal, or user-specific information, it could lead to information leakage or unauthorized session access. This is particularly an issue with proxy caches in corporate or educational environments.
Recommendation
Ensure that responses do not contain sensitive data by implementing HTTP response headers such as Cache-Control: no-cache, must-revalidate, private, Pragma: no-cache, and Expires: 0. These configurations prevent caching servers from storing and retrieving the content without validation.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
