Hi Everyone

One of our client recently conducted a vulnerability assessment scan and it was mentioned that cache-control is configured to public in the web server. I check the default default virtual proxy and confirmed that cache-control is set to no-store as seen below.

Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-control: no-store
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: accelerometer=(), camera=(), microphone=(), geolocation=()
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src * data:; font-src * data:;

But when I checked it from browser it shows different cache control for different resources. Why is it so and can we have a same cache control for all the resources? Do I have to follow below article?

Applying a custom cache control policy in Qlik Sense Enterprise on Windows 

Qlik Sense Enterprise on Windows @Sonja_Bauernfeind @Vicky_Z