A system has undergone a vulnerability scan indicating that the login page has "Cache Control" enabled. The scan results suggested that the form caching be set to 'Pragma:no-Cache" along with 'Cache-Control:no-Store,no_Cache' to prevent caching of content within the form. I've tracked through the Alfresco Share Login process found on another site but to no avail. Can't seem to find where the Cache-Control is being set. I have used both grep and find to search to no avail.
Number of forms in the page cache = 1
<form autocomplete=off class=form-fields action=/share/page/dologin method=post
accept-charset=UTF-8 id=page_x002e_components_x002e_slingshot-login_x0023_default-form >
<input type=hidden value=/share/page/ name=success id=page_x002e_components_x002e_slingshot-login_x0023_default-success >
<input type=hidden value=/share/page/?&error=true name=failure >
<input type=text maxlength=255 autocomplete=off name=username id=page_x002e_components_x002e_slingshot-login_x0023_default-username >
<input type=password maxlength=255 autocomplete=off name=password id=page_x002e_components_x002e_slingshot-login_x0023_default-password >
<input type=button tabindex=0
Can't seem to find the file where the cache is being set.