I'm working through the results of a security audit on a site, and the audit recommends setting the Cache-Control: no-store, instead of Cache-Control: no-cache which is sent now. This is supposed to stop pages from being accessible when using the back button after logging out.
Cache-Control: no-store
Cache-Control: no-cache
DNN has a two cacheability settings (for authenticated and unauthenticated views), but no-store isn't an option. Is there a clean way to implement this? My two thoughts so far are to change the header via the web.config (not sure if that will work) or to add code into the theme to add no-store. Is there an option I'm missing?
no-store
web.config
These Forums are dedicated to the discussion of DNN Platform.
For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:
Awesome! Simply post in the forums using the link below and we'll get you started.