ASVS Requirement 14.2.5

• Level: 3
• Chapter: V14 Data Protection
• Section: V14.2 General Data Protection
• Source: 0x23-V14-Data-Protection.md

Description

Verify that caching mechanisms are configured to only cache responses which have the expected content type for that resource and do not contain sensitive, dynamic content. The web server should return a 404 or 302 response when a non-existent file is accessed rather than returning a different, valid file. This should prevent Web Cache Deception attacks.