6.16. Cache Deception Security Checks#
Checks for Cloudflare Cache Deception Armor configuration.
6.16.1. Check Summary#
Check ID |
Title |
Severity |
Compliance |
|---|---|---|---|
CFL-CDA-001 |
Cache Deception Armor |
medium |
CIS 4.8, SOC2 CC6.1, NIST PR.DS-5 |
6.16.1.1. CFL-CDA-001: Cache Deception Armor#
Severity: medium | Category: cache | Compliance: CIS 4.8
Cache Deception Armor prevents attackers from tricking Cloudflare into caching sensitive content by appending cacheable file extensions to URLs.
Remediation: Enable Cache Deception Armor in Cache → Configuration → Cache Deception Armor.