To prevent this vulnerability you should set ExpireForProxy ACO parameter to YES
When ExipreForProxy=YES, web agent inserts following HTTP headers in the response.
>Expires : Set to Date in the past, which prevents page from being cached by a proxy, as dictated by the HTTP 1.0 specification
Now, this is all good for normal resources but there are certain resources which you might want to still be cached. For e.g. .gif/.jss files which doesn’t change normally and also need not be protected.
If these resources are not cached on the client side, they will put an unnecessary overhead in the network traffic.
To ensure that these files are cached (exception to no-cache setting), here is what you have to do :
> Include the files you want to be cached in IgnoreExt. So IgnoreExt should contain .gif/.jss file extensions.
> Set AllowCacheHeaders=YES
When you make above changes this is what happens :
For any file included in IgnoreExt, web agent will not insert no-cache Cache-control in the response header