do not cache request containing authorization header

  • Resolved MBayDesign

    (@mbaydesign)


    4 years, 4 months ago

    iThemes Security support is troubleshooting an issue on the wordpress portion of my site and they found that a curl request which produces a response with an authorization header was being cached: X-LiteSpeed-Cache: hit.

    Since caching a request with an Authorization header is not secure, I’m trying to fix this – I don’t know whether it’s the litespeed server settings on my server or the LSCache plugin. Unfortunately, the documentation for the LSCache plugin is NOT helping me make the right settings changes as there is nothing in the interface that directly addresses authorization headers or items that shouldn’t be cached – other than perhaps excluding exact urls or strings, but that doesn’t really help me either. I would think that this setting especially would be default…

    Can you point me in the right direction to correct this? Thank you!

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘do not cache request containing authorization header’ is closed to new replies.