SSL and cached images

olivierV · April 17, 2014, 10:56am

Hello,

In general, we say with SSL, the images are not cached. However, by making a test with a banking site, I get the opposite.

Chrome 35 On Mac: I empty the cache, I connect to the website of the bank, the connection is SSL. I open the Chrome developer tools: the image is not cached. I reload the page (SSL): Chrome now indicates that the image is cached.

Again I delete the cache. I reload the page. Chrome indicates that the image is not cached. I reload the page: the image is now in the cache.

Am I missing something? Or images are now cached with SSL?

Lee_Page · April 17, 2014, 11:55am

I am sure that Google Chrome caches certain HTTPS-delivered content to disk, unless the server sends the Cache-Control: no-store header.

Greg_O_Lone · April 17, 2014, 1:28pm

Keep in mind that the default is to not cache items in SSL. How browsers cache assets can also be controlled using additional http headers.

olivierV · April 18, 2014, 8:06am

Thank you Lee and Greg.

It is still surprising, I tried with Safari and Firefox: same result.

I load the https page, the image is in the cache
I empty the cache, I reload the page, the image is not cached, ok
I reload the page, the image is cached

While the image includes the attribute “cache-control: max-age = 0”!

it seems that the default behavior, that browsers do in fact, even if it is not the norm, is now to keep SSL images in the cache … which is surprising for safety. But convenient for the display speed!

I’ll try later with IE. Anyone know the default behavior on mobiles?

Firefox:

Safari: