Caching Strategies: Redis + CDN + Edge Computing · Lesson

Cache Poisoning & Defending the Cache Layer

Learn how cache poisoning and deception attacks work and how to harden your caching layer against them with careful key and header handling.

What Is Cache Poisoning?

Web cache poisoning tricks a cache into storing a malicious response that is then served to other users. The attacker manipulates an input that influences the response but is not part of the cache key.

Attacker sends a crafted request
Origin reflects attacker input into the response
Cache stores it and serves it to everyone

Unkeyed Inputs Are the Risk

The root cause is an unkeyed input: a header or parameter that changes the response but is excluded from the cache key. If an attacker controls it, they poison the shared entry.

All lessons in this course

Cache Fallbacks & Circuit Breakers
Security Best Practices for Caches
Future Trends in Caching
Cache Poisoning & Defending the Cache Layer

← Back to Caching Strategies: Redis + CDN + Edge Computing