HTTP security header
Cache-Control
Cache-Control governs how responses are cached by browsers and intermediaries. For pages containing sensitive or personalized data, directives like no-store prevent that data from being written to shared or on-disk caches where it could later be exposed.
Example
Cache-Control: no-storeConfiguration guidance
- Use no-store for authenticated or sensitive responses.
- Avoid caching pages that reflect per-user data on shared proxies.
Related headers
Impactr checks security-header configuration as part of testing your web apps and APIs the way an attacker would - and proves what a missing header actually exposes.
Test my app