Home Books Training Newsletter Resources
Sign up Log in
book cover

Bulletproof TLS Guide  

Comprehensive and yet concise guide to practical SSL/TLS and PKI configuration. Includes coverage of TLS server configuration and web application security. Written by Ivan Ristić.


1.3.5 Disable Caching

Encryption at the network level prevents network attacks, but TLS doesn’t provide end-to-end encryption. Each party involved in the communication has access to the plaintext. Caching is commonly used with HTTP to improve performance, so, for example, browsers may choose to store decrypted data in persistent storage. Intermediate proxy services (e.g., content delivery networks) may choose to not only cache sensitive data, but even share it with other users in some situations.

With the increase of cloud-based application delivery platforms and content delivery networks, it's never been more important to very carefully mark all sensitive content as private. The most secure option is to indicate that the content is private and that it must not be cached:

Cache-Control: private, no-store

With this setting, neither intermediate devices nor browsers will be allowed to cache the served content.

< Prev
^ Table of Contents
Next >
THE FINEST IN TLS
AND PKI EDUCATION
@feistyduck

Books

  • Bulletproof TLS and PKI
  • ModSecurity Handbook
  • OpenSSL Cookbook

Training

  • Practical TLS and PKI

Resources

  • Bulletproof TLS Newsletter
  • SSL/TLS and PKI History
  • Archived Books

Company

  • Support
  • Website Terms of Use
  • Terms and Conditions
  • Privacy Policy
  • About Us