Description
Non-Storable Content vulnerability occurs when response contents are not eligible for caching by components like proxy servers. This can lead to inefficient performance and increased load times. If the response does not contain sensitive, personal, or user-specific information, configuring it to be cacheable can significantly enhance performance and reduce server load. Proper caching strategies should be employed to ensure non-sensitive data is efficiently stored and retrieved.
Recommendation
To enable storage and caching, ensure that the request method is understood by the cache (GET, HEAD, POST) and has a valid status code (1XX, 2XX, 3XX, 4XX, 5XX). Additionally, make sure to avoid using ‘no-store’ cache directives in request or response headers. For shared caches like proxy caches, ensure that the ‘private’ directive doesn’t appear in responses and the ‘Authorization’ header field is absent unless explicitly allowed. At least one of the following conditions must also be met: include an ‘Expires’ header field, a ‘max-age’ response directive, a ‘s- maxage’ response directive for shared caches, or a ‘Cache Control Extension’ that allows caching.
