I notice that a lot of sensitive pages in my app are getting cached on the browser. How do I prevent that?
In order to improve performance, browsers often cache web pages. All the cached web pages are automatically stored in the Temporary Internet files on the local PC. An adversary is able to access these files by just clicking any link from the history of the browser or else clicking on the link in the temporary Internet files folder. Web pages can be prevented from getting cached by issuing the correct cache control headers in the server response. The cache control directives can be set from the code and these prevent caching of the web pages on the browser. The directives to be set are:
A great resource to learn about caching is Mark Nottingham's paper on caching.