When a password was transmitted to “/wp-login.php?action=postpass”, “Pragma: no cache” etc. were sent out on HTTP header, but cache control was not set on the protected page.
Therefore, the protected page will be saved in proxy servers.
I think If other people who uses the same proxy server accessed to the protected page, they could read the page without password from the proxy server.
- The topic ‘cache on proxy server of protected page’ is closed to new replies.