HTTPS Disk Cache Controller Browser Extensions
In response to our study of 30 websites, which found
that 21 of the sites failed to send the necessary HTTP header to prevent
disk caching of content in all browsers, ISE developed a browser
addon, available for the desktop version of Firefox,
to allow a user to configure the browser to block disk caching of
HTTPS content, regardless of any headers the server did or did not send with
The Firefox add-on works by providing a user interface to control the
otherwise hidden preference browser.cache.disk_cache_ssl, which controls
the browser's HTTPS caching policy. The default setting in Firefox 4.0 and
true causes all HTTPS responses to be disk cached unless the
server sends the header Cache-Control: no-store. When the preference
is set to
false, either manually or using the interface provided
by our extension, the browser does not disk cache any HTTPS content unless the
server sends the header Cache-Control: public.
To install the HTTPS Cache Controller Firefox add-on:
- Click here to download and install the add-on.
- When prompted, restart the browser.
The extension adds a new toolbar button. The button displays
an icon representing the current HTTPS disk caching setting, and hovering the
mouse over the button displays a textual representation of the setting.
Clicking the button toggles the HTTPS disk caching configuration.
The possible configurations, and the corresponding icons on the toolbar are:
Disk caching of HTTPS content is disabled. HTTPS content may only be cached
in memory, therefore, no content remains on disk whether the browser is open or
Disk caching of HTTPS content is enabled, i.e., the browser uses the same
caching policy that originally used before the extension was installed.
After browsing HTTPS sites that fail to set the header Cache-Control:
no-store, unencrypted copies of information accessed on those sites
persists on disk, even after the browser is closed.