How secure page browser cache vulnerability makes web application in secure?
问题 I am using OWASP's ZAP tool for vulnerability scanning, it shows alert for "secure page browser cache" vulnerability. Below are the details of ZAP alert: Risk: Medium Reliability: Warning Description : Secure page can be cached in browser. Cache control is not set in HTTP header nor HTML header. Sensitive content can be recovered from browser storage. Solution: The best way is to set HTTP header with: 'Pragma: No-cache' and 'Cache-control: No-cache'. Alternatively, this can be set in the HTML