Cache Probing

Abuse window.open, Error Events, Cache, iframes, AbortController
Category Attack
Defenses SameSite Cookies, Vary: Sec-Fetch-Site, Subresource Protections

The principle of Cache Probing consists of detecting whether a resource was cached by the browser. The concept has been known since the beginning of the web 1 and initially relied on detecting timing differences. When a user visits a website, some resources such as images, scripts, and HTML content are fetched and later cached by the browser (under certain conditions). This optimization makes future navigations faster as the browser serves those resources from disk instead of requesting them again. ...