Details
Alert Id 10015
Alert Type Passive Scan Rule
Status release
Risk
CWE
WASC

Summary

The cache-control and pragma HTTP header have not been set properly or are missing allowing the browser and proxies to cache content.

Solution

Whenever possible ensure the cache-control HTTP header is set with no-cache, no-store, must-revalidate; and that the pragma HTTP header is set with no-cache.

References

Code

org/zaproxy/zap/extension/pscanrules/CacheControlScanRule.java