AUTOCOMPLETE MISSING

Feature Value
Type Detection
Risk OWASP A3
Covered by Agent

The application has a form that may leak potentially sensitive information. This could cause the browser to cache that information insecurely because neither the <form> tag nor the relevant <input> fields have the AUTOCOMPLETE attribute disabled.

More information

How to solve it

Disabling AUTOCOMPLETE for form values is straightforward. It can be achieved by setting the AUTOCOMPLETE attribute to OFF

AUTOCOMPLETE can be disabled on an entire <form>:

<form action="/login" method="POST" autocomplete="off">
   <input type="text" name="user">
   <input type="password" name="pass">
</form>

It can also be disabled in a single (sensitive) field as is shown in the password field:

<form action="/login" method="POST">
   <input type="text" name="user">
   <input type="password" name="pass" autocomplete="off">
</form>