HttpFixerErrors → Security: Authenticated Response Cached

Security: Authenticated Response Cached

When Cache-Control allows shared caching of responses that include user-specific data, another visitor might receive someone else’s payload from an edge POP. This is both a privacy incident and a compliance failure.

Mark dynamic responses private, no-store or bypass cache when Authorization or session cookies appear. Validate with EdgeFix on logged-in and logged-out sessions.

Cloudflare cache, Nginx cache.

Related: Cache-Control · Fix cache (Nginx) · HttpFixer vs security header checkers
Open EdgeFix →