We currently send E-Tags to ensure that caches are correctly invalidated, but as more people put more sensitive data in Elasticsearch and view it in Kibana, is this still okay? In order to make use of E-Tags browsers must store the response somewhere, which means that sensitive data _could_ be leaked (in extraordinary circumstances).
Adding the Cache-control: no-store and Pragma: no-cache headers will prevent the browser from caching these responses.
We currently send E-Tags to ensure that caches are correctly invalidated, but as more people put more sensitive data in Elasticsearch and view it in Kibana, is this still okay? In order to make use of E-Tags browsers must store the response somewhere, which means that sensitive data _could_ be leaked (in extraordinary circumstances).
Adding the
Cache-control: no-storeandPragma: no-cacheheaders will prevent the browser from caching these responses.