http-security Section

Configures HTTP security for Co-browse resources.

disableCaching

Default value: false
Valid Values: true, false
Changes take effect: Immediately

Disables HTTP client / proxy caching for all resources including static resources. When the option value is set to true, ZAP proxy does not generate the following warnings:

• Incomplete or no cache-control and pragma HTTPHeader set (Low Risk)
• Secure page browser cache (Medium Risk)

When the option is set to false or has no set value:

• Static resources are cached according to the option values set in the static-web-resources section.
• Dynamic data exchange is not cached.
• Proxied resources are cached in accordance with caching policy of the original resources.

More information can be found here:

• https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Web_Content_Caching
• https://blog.42.nl/articles/securing-web-applications-using-owasp-zap-passive-mode/