Skip to content

Prevent caching #202

New issue
New issue
Closed
#205
Closed
Prevent caching#202
#205
Assignees
CodeShellDev
Labels
choreSomething doesn't envolve new features and instead focuses on the devex and codebasepriority/highSomething is of high priorityscale/smallThis is a small change
Milestone
v1.5.0
@CodeShellDev

Description

@CodeShellDev
CodeShellDev
opened on Jan 10, 2026

Description

Clients can store and cache request URLs,
this can make tokens in the URL vulnerable to leaking via cache.

Generally caching isn't advised for dynamic API, since obviously nothing can be reall reused.

Solution

So to disable or discourage the client from caching add [...] to the response headers.

Cache-Control: no-store, no-cache, must-revalidate, max-age=0, private, proxy-revalidate
Pragma: no-cache
Expires: 0
Vary: *
Referrer-Policy: no-referrer

Metadata

Metadata

Assignees

Labels

choreSomething doesn't envolve new features and instead focuses on the devex and codebasepriority/highSomething is of high priorityscale/smallThis is a small change

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions