|
|
|
|
|
|
by xyzzy123
2899 days ago
|
|
|
* Most APIs are authenticated. * HTTPS has broken intermediate caches. * Most responses are personalised or highly dynamic. * Many responses contain PII or sensitive information and should not be cached. * Many requests are rate-limited, billed or metered. Observation: people go out of their way to cache static resources but tend to disable caching entirely on their JSON APIs. I do have some bias; recovering pentester who rarely worked with APIs that served the same response to all users. |
|
|