Skip to content

Prevent caching #202

New issue
New issue
Open
Open
Prevent caching#202
Assignees
CodeShellDev
Labels
enhancementNew feature or requestplannedSomething is planned and has been added to the backlogspriority/highSomething is of high priorityscale/smallThis is a small change
Milestone
v1.5.0
@CodeShellDev

Description

@CodeShellDev
CodeShellDev
opened on Jan 10, 2026

Description

Clients can store and cache request URLs,
this can make tokens in the URL vulnerable to leaking via cache.

Generally caching isn't advised for dynamic API, since obviously nothing can be reall reused.

Solution

So to disable or discourage the client from caching add [...] to the response headers.

Cache-Control: no-store, no-cache, must-revalidate, max-age=0, private, proxy-revalidate
Pragma: no-cache
Expires: 0
Vary: *
Referrer-Policy: no-referrer

Metadata

Metadata

Assignees

Labels

enhancementNew feature or requestplannedSomething is planned and has been added to the backlogspriority/highSomething is of high priorityscale/smallThis is a small change

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions