---
title: Use Anti-Cache Headers for Sensitive Pages
impact: LOW
impactDescription: prevents sensitive data from being cached by browsers or proxies
tags: security, cache, headers
---

## Use Anti-Cache Headers for Sensitive Pages

For pages containing highly sensitive data, use `Cache-Control: no-store` to prevent caching.

**Incorrect (publicly cacheable):**

```ruby
def show_bank_info
  render :profile # Default caching behavior
end
```

**Correct (no-cache headers):**

```ruby
def show_bank_info
  response.headers["Cache-Control"] = "no-store, no-cache, must-revalidate"
  response.headers["Pragma"] = "no-cache"
  render :profile
end
```

**Tools:** Mozilla Observatory, Manual Review
---