11-08-2019, 11:27 AM
Are you using HTTPS?
If using simple HTTP your pages are vulnerable even if expired and there is no way on earth that you can make a browser not to show its history.
There is an answer here on SO that explains it well:
https://stackoverflow.com/questions/4954...l-browsers
From where we can extract this link which contains the actual reason for this behavior:
https://httpwg.org/specs/rfc7234.html#history.lists
If using simple HTTP your pages are vulnerable even if expired and there is no way on earth that you can make a browser not to show its history.
There is an answer here on SO that explains it well:
https://stackoverflow.com/questions/4954...l-browsers
From where we can extract this link which contains the actual reason for this behavior:
https://httpwg.org/specs/rfc7234.html#history.lists