11

On my website, I get this error message in the console:

DOM7011: The code on this page disabled back and forward caching. For more information, see: http://go.microsoft.com/fwlink/?LinkID=291337

That link includes a list of conditions a web site must meet to enable the back navigation cache, which can restore a page from memory without reloading or reconstructing.

The first condition to enable this cache is:

Served using the HTTP: protocol (HTTPS pages are not cached for security reasons)

This is according to the official documentation for the feature, which you can read for yourself by following the link.

What are the "security reasons" that makes IE11 choose to disable the back navigation cache for HTTPS pages?

Flimm
  • 1,230
  • 3
  • 13
  • 22

1 Answers1

2

The primary reason for not caching pages is if the page contains sensitive information, and that information might then be accessible to anyone using the computer. Good examples include banking details, medical records, or passwords. A public computer or a computer that falls into the wrong persons hands could then gain access to secret information through the cached pages.

Furthermore, there's specific requirements for things like HIPPA compliance in the US, where medical records can't be stored in unencrypted form. This creates a problem when creating web applications if the web application caches pages.

Doing this for SSL is likely just a guess that the page contains sensitive information. A better design would be to obey a header on the page that directs that the page not be cached.

Steve Sether
  • 21,480
  • 8
  • 50
  • 76
  • And yet, normal resource caching is enabled for HTTPS! Why is IE11 so concerned about physical access when it comes to back navigation caching, but not when it comes to normal caching? – Flimm Oct 29 '15 at 08:50
  • @Flimm I'm not sure I understand. The article specifically says "By default, pages are unloaded from memory when you navigate away from them. Beginning with IE11, webpages that meet specific conditions are cached when the user navigates away." and "Served using the HTTP: protocol (HTTPS pages are not cached for security reasons)" So https isn't cached. Where are you seeing that https is cached? It's held in memory while the page is displayed, but that's hardly a security concern. – Steve Sether Oct 29 '15 at 13:57
  • There are two different types of cache: 1) the back navigation cache in IE11 which this question is about 2) normal caching which all browsers do. The article is about (1). The question is about (1). Normal caching (2) does happen in HTTPS. – Flimm Oct 29 '15 at 13:58
  • @Flimm Can you define what "normal caching" means, and when it takes effect? Your article reference doesn't mention normal caching. – Steve Sether Oct 29 '15 at 14:08
  • "Normal caching": When you load a page (by for example typing an address in the address bar), the HTML is downloaded. If the HTML references resources that have already been downloaded and exist in the cache, it may not be downloaded again. This can be configured with headers like `Cache-Control` and `Last-Modified`. This works for both HTTP and HTTPS. – Flimm Oct 29 '15 at 14:52
  • @Flimm That sounds like caching in memory, which the article references as being removed from memory when the page is navigated away from. The link you provided for what you call "back button caching" is useful as it defines the behavior very well. To figure out what's going on anyone would need as much detail about "normal caching". As I said, your linked article seems to indicate that "normal caching" is erased when the page is navigated away from. – Steve Sether Oct 29 '15 at 15:16