Description
In response to our study of 30 websites, which found that 21 of the sites failed to send the necessary HTTP header to prevent disk caching of content in all browsers, ISE developed a browser addon, available for the desktop version of Firefox, to allow a user to configure the browser to block disk caching of HTTPS content, regardless of any headers the server did or did not send with the response.
The Firefox add-on works by providing a user interface to control the
otherwise
hidden preference browser.cache.disk_cache_ssl, which
controls the browser's
HTTPS caching policy. The default setting in Firefox 4.0 and later,
true causes all HTTPS responses to be disk cached
unless the server
sends the header Cache-Control: no-store. When the preference
is set to
false, either manually or using the interface provided
by our
extension, the browser does not disk cache any HTTPS content unless
the server sends
the header Cache-Control: public.
Installation
To install the HTTPS Cache Controller Firefox add-on:
- Click here to download and install the add-on.
- When prompted, restart the browser.
The extension adds a new toolbar button. The button displays an icon representing the current HTTPS disk caching setting, and hovering the mouse over the button displays a textual representation of the setting. Clicking the button toggles the HTTPS disk caching configuration.
The possible configurations and the corresponding icons on the toolbar are:
| Disk caching of HTTPS content is disabled. HTTPS content may only be cached in memory, therefore, no content remains on disk whether the browser is open or closed. | |
| Disk caching of HTTPS content is enabled, i.e., the browser uses the same caching policy that originally used before the extension was installed. After browsing HTTPS sites that fail to set the header Cache-Control: no-store, unencrypted copies of information accessed on those sites persists on disk, even after the browser is closed. |