← Back to Findings

info Re-examine Cache-control Directives

Details

Severityinfo
StatusOpen
Enginezap
Target URLhttps://www.liifeid.com/get-a-liife-how-one-startup-is-securing-patient-identity/embed/
First Seen2026-07-14 13:12:02 UTC
Last Seen2026-07-14 13:12:02 UTC
CWECWE-525

Description

The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.

Raw Output

{
  "alert": "Re-examine Cache-control Directives",
  "alertRef": "10015",
  "attack": "",
  "confidence": "Low",
  "cweid": "525",
  "description": "The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.",
  "evidence": "",
  "id": "1218",
  "inputVector": "",
  "messageId": "732",
  "method": "GET",
  "name": "Re-examine Cache-control Directives",
  "other": "",
  "param": "cache-control",
  "pluginId": "10015",
  "reference": "https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/",
  "risk": "Informational",
  "solution": "For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".",
  "sourceMessageId": 732,
  "sourceid": "3",
  "tags": {
    "CWE-525": "https://cwe.mitre.org/data/definitions/525.html",
    "POLICY_PENTEST": "",
    "SYSTEMIC": "https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic",
    "WSTG-v42-ATHN-06": "https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses"
  },
  "url": "https://www.liifeid.com/get-a-liife-how-one-startup-is-securing-patient-identity/embed/",
  "wascid": "13"
}

Update Status