Today we set the Cache-Control header to no-cache. The current best practice advice we're seeing states
Whenever possible ensure the cache-control HTTP header is set with no-cache, no-store, must-revalidate; and that the pragma HTTP header is set with no-cache.
This is not a security vulnerability to be missing these headers, it is a security hardening measure
Today we set the Cache-Control header to no-cache. The current best practice advice we're seeing states
This is not a security vulnerability to be missing these headers, it is a security hardening measure