Cache-Control HTTP header value (instance security hardening)
Use the glide.http.cache_control property to set the default cache-control value in the HTTP response headers that the ServiceNow AI Platform sends when requesting static content data for a page. Examples of static content include images, CSS, and JavaScript rendered from within, for a page.
The glide.http.cache_control property sets the default
Cache-Control value in HTTP response headers to private or
public. The default is public.
| Value | Description |
|---|---|
| private | Static content can be cached at the browser (client) level, but not at the proxy server level. |
| public | Static content can be cached at the browser (client) level, and also at the proxy server level. |
The Expires value in the HTTP response headers control when the static content expires, and has a default value of 369 days. To manually override the default value, use the glide.http.expire.days property.
Note:
You can use the glide.http.cache property designate whether to
enable or disable setting of the Cache-Control and Expires values in HTTP response
headers. Its default is true, which allows you to set the:
- Cache-Control value default using the glide.http.cache_control property.
- Expires value default using the glide.http.expire.days property.
More information
| Attribute | Description |
|---|---|
| Property name | glide.http.cache_control |
| Configuration type | System Properties (/sys_properties_list.do) |
| Configure in Instance Security Center | Yes |
| Purpose | To configure the Cache-Control HTTP response header value for static content. |
| Recommended value | private |
| Default value | public |
| Functional Impact | Sets the default Cache-Control value in an HTTP response header. |
| Security risk | (High) If you set this property to public, instances
with CDN/proxies may cache static content and render without authentication.
|
To learn more about adding or creating a system property, see Add a system property.