Inadequate caching settings can lead to sensitive information being stored locally on clients or proxies. Ensure that the cache-control header is properly configured for all resources.
To prevent unauthorized caching, set the cache-control HTTP header to ‘no-cache, no-store, must-revalidate’. For public assets, consider setting ‘public, max-age, immutable’ instead.