Good evening! I have a client and a server, one on html , the other - jsp , I meet the following response directive:

response.setHeader("Cache-Control", "no-store");

I read the description and do not understand how a proxy server can harm me?

PS jsp code

    1 answer 1

    Cache-Control is a caching header.

    The browser can cache the page, and instead of requesting the server, retrieve the page from the cache. As a result, on the page of the old data.

     Cache-Control: no-cache, no-store

    The title does not allow the browser to cache pages.

    The HTTP proxy server can cut the HTTP request headers, and getting a page without a header ( Cache-Control ) can cache it (and old data on the page again), so often (for critical data) a special parameter with a random value is added to the url (fingerprint fingerprint ) this proxy won't exactly cut it.

    Stop writing everything on jsp, it hurts subsequent support.

    • why the proxy has the right to cut the request headers? Apparently in cases where the message is too long? As far as I understand, such a situation is possible only in the case of a GET request, where the length of the url is simply physically limited. - voipp
    • Yes, this is the most obvious reason, when the proxy is limited to the size of the header, but most likely not the only one. - Vladislav Pyatkov