內容簡介
這個外掛確保網站使用者(包括網站管理員)登出時,瀏覽器會被指示清除所有殘留物,例如 cookies 和快取,以增強安全性。
當使用者登出時,會發送 Clear-Site-Data HTTP 標頭,支援此功能的瀏覽器會根據此標頭刪除所有現有的 cookies、快取和其他存儲。它不會刪除保存的密碼、權限、廣告阻擋規則和其他被視為永久存在的資料。
此外,這個外掛能夠防止可能的安全漏洞,例如在登出後單擊瀏覽器的“返回”按鈕,從而顯示應在登出後無法訪問的頁面。此外,此插件還可以清除瀏覽器快取,從而防止從受害者的瀏覽器快取中訪問驗證的媒體資產(例如已購買的圖像)。
外掛標籤
開發者團隊
原文外掛簡介
This plugin ensures that when users of your website (including site administrators), the browsers are instructed to clear all residue such as cookies and caches to enhance the security.
Clear-Site-Data HTTP header is sent when a user logs out, which supported browsers will react by removing all existing cookies, cache, and other storage. It will not remove saved passwords, permissions, adblocker rules, and other data that are supposed to be permanent.
This plugin prevents possible security vulnerabilities such as clicking the “Back” button in the browser after logging out revealing the pages that should not have been accessible after logging out. Furthermore, this cleans the browser cache, which prevents accessing authenticated media assets (such as purchased images) from the browser cache of a victim.
