On April 2, Twitter’s official Twitter blog said that the way Mozilla Firefox stores the cache may result in the user’s nonpublic information being stored in the browser’s cache, which means that if you use Mozilla Firefox to access Twitter on a public or shared computer and take action such as downloading an archive or sending a private message, the information may still be stored in the browser’s cache after you log it out.
Twitter says the private message cache issue only affects Firefox and doesn’t affect Safari or Chrome. So should Firefox be blamed for this problem? Mozilla disagrees, and Mozilla’s official blog responded on April 3rd that Twitter itself was responsible for the problem.
Mozilla developers point out that Twitter’s Cache-Control instructions are not set correctly. RFC 7234 defines the caching mechanism, the key of which is the Cache-Control header file, which websites use to tell the browser what content can be safely stored in the cache. Cached content speeds up content access, so unless the site makes it clear that browsers are not allowed to cache most of the content, this mechanism is called Heuristic caching.
Firefox’s heuristic cache cache caches content for seven days. Twitter does not add a no-store directive to the cache of private messages. This problem is not reproduced on other browsers because they disable heuristic caching when Content-Disposition occurs. On Firefox, Content-Disposition does not disable heuristic caching. The problem appears to be that Twitter did not test the caching behavior of its sites on Firefox. This is actually a very common phenomenon.