Practical studies of local HTTP cache security

The current security status of the local HTTP cache mechanism has been analysed. We discuss regulating the security of cache mechanism via HTTP headers, study the extent of usage of the headers within the top 100 webpages and their impact on the behaviour of the local cache implementation within six leading web browsers. Finally, we present known attack vectors and propose four practical principles that one should follow to balance the security and usability of the local cache mechanism.