|Requires Admin Access:||Yes|
|Credit:||Internal Security Team|
It has been reported that many dotCMS Admin screens do not include Cache-Control headers. This can allow a client browser to cache dotCMS admin pages (as rendered) locally on the client's computer, which if examined, could expose sensitive content.
This does not affect proxy servers - because all dotCMS pages are served with cookies
All web pages that contain sensitive content should be served with Cache-Control and Pragma headers that prevent any information from being cached.
dotCMS includes cache control meta tags in its html, which is respected by all major browsers. If you would like to include Using a static plugin, override the /html/common/top_inc.jsp and include the appropriate response headers, like this: