Non-Cachable Content

By
Anandhu Krishnan
Published on
14 May 2024
Vulnerability

Description

Non-Storable Content vulnerability occurs when response contents are not eligible for caching by components like proxy servers. This can lead to inefficient performance and increased load times. If the response does not contain sensitive, personal, or user-specific information, configuring it to be cacheable can significantly enhance performance and reduce server load. Proper caching strategies should be employed to ensure non-sensitive data is efficiently stored and retrieved.

Recommendation

To enable storage and caching, ensure that the request method is understood by the cache (GET, HEAD, POST) and has a valid status code (1XX, 2XX, 3XX, 4XX, 5XX). Additionally, make sure to avoid using ‘no-store’ cache directives in request or response headers. For shared caches like proxy caches, ensure that the ‘private’ directive doesn’t appear in responses and the ‘Authorization’ header field is absent unless explicitly allowed. At least one of the following conditions must also be met: include an ‘Expires’ header field, a ‘max-age’ response directive, a ‘s- maxage’ response directive for shared caches, or a ‘Cache Control Extension’ that allows caching.

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Anandhu Krishnan
Anandhu Krishnan
Lead Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
Find surface-level website security issues in under a minute
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.