SharePoint 2013 has weak cache control headers

Hi All,

We are checking internet exposed SharePoint portal from a vulnerability assessment tool for security issues. 

VA test recommends to change Cache-Control to 'no-store'Will there be any impact doing this IIS

February 10th, 2015 4:16am

If you're talking about the STS tokens used in Claims based web apps (ie. all 2013 web applications) then i'd expect so.

You can switch to session cookies which may help that somewhat:

http://blog.robgarrett.com/2013/05/06/sharepoint-authentication-and-session-management/

Free Windows Admin Tool Kit Click here and download it now
February 10th, 2015 4:23am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics