Pages that show sensitive information — account details, order history, admin panels, search results with personal data — need a Cache-Control header telling browsers and shared caches (like a corporate proxy or CDN) not to store a copy, or the next person on that shared connection can see the previous user's page.
Login, account, and dashboard pages without Cache-Control: no-store can be saved by shared caches and browsers — meaning the next person on a shared or public computer might see the previous user's authenticated page.
Pages with account-specific or sensitive content send Cache-Control: no-store, private; public pages continue caching normally.
Fix it, then re-scan — the check confirms itself. No manual checkbox, the scan is the truth.
Run this check in H.I.V.E. →