aaronstephenson
commented
3 years ago This is a "low" level vulnerability and should be remediated within a month.
Closed aaronstephenson closed 3 years ago
aaronstephenson
commented
3 years ago This is a "low" level vulnerability and should be remediated within a month.
aaronstephenson
commented
3 years ago Closing because we can ignore "low" level vulnerabilities.
Acunetix scan reports this contains possible sensitive information (e.g. a password parameter) and could be potentially cached. Even in secure SSL channels sensitive data could be stored by intermediary proxies and SSL terminators. To prevent this, a Cache-Control header should be specified.
Prevent caching by adding "Cache Control: No-store" and "Pragma: no-cache" to the HTTP response header.
I can help with this if necessary.