There are a number of different approaches applications can use to defend against cache probing-based XS-Leaks. These approaches are explained in the following sections. Cache Protection via Cache-Control Headers # If it is acceptable to disable caching, doing so provides a strong defense against cache probing attacks. Disabling caching means that every time someone loads a resource, the resource has to be fetched again. To disable caching, set a Cache-Control: no-store header on every single...
