Is data retrieved over SSL cached by the client browser?

tags:

caching
ssl

views:

146

answers:

+1 Q:

Is data retrieved over SSL cached by the client browser?

I know that data retrieved over SSL (https) is encrypted over the wire, but once it arrives at the browser, is it stored in the client's browser cache? If so, is it stored encrypted or in plain text?

This probably depends on the browser, so perhaps different browsers do different things? Modern browsers better behaved than outdated ones?

+3 A:

You can use the standard Cache-Control HTTP header to control the client's behaviour.

Most of the time caching is disabled (Cache-Control: no-cache) for SSL content because clients store it in plaintext.

KovBal 2009-07-28 16:25:15

+2 A:

I believe that this is browser-specific. For example, Firefox has a preference about this in about:config see this article in Mozilla's KB. I don't know about other browsers (IE might have something in advanced security settings).

B.R. 2009-07-28 16:27:32

Ah, I see the default in Firefox is NOT to cache the SSL-retrieved content. Nice link, thanks.

Marcus 2009-07-28 16:29:36

For Internet Explorer, the setting resides at Tools > Internet Options... > Advanced tab > Security section > Do not save encrypted pages to disk. Appears to be unchecked by default.

Grant Wagner 2009-07-29 22:08:58

ansaurus

tags:

views:

answers:

Is data retrieved over SSL cached by the client browser?

related questions