{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,12]],"date-time":"2025-07-12T01:07:15Z","timestamp":1752282435464},"reference-count":37,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"2","license":[{"start":{"date-parts":[[2021,1,29]],"date-time":"2021-01-29T00:00:00Z","timestamp":1611878400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,4,1]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Many browser cache attacks have been proposed in the literature to sniff the user\u2019s browsing history. All of them rely on specific time measurements to infer if a resource is in the cache or not. Unlike the state-of-the-art, this paper reports on a novel cache-based attack that is not a timing attack but that abuses the HTTP cache-control and expires headers to extract the exact date and time when a resource was cached by the browser. The privacy implications are serious as this information can not only be utilized to detect if a website was visited by the user but it can also help build a timeline of the user\u2019s visits. This goes beyond traditional history sniffing attacks as we can observe patterns of visit and model user\u2019s behavior on the web. To evaluate the impact of our attack, we tested it on all major browsers and found that all of them, except the ones based on WebKit, are vulnerable to it. Since our attack requires specific HTTP headers to be present, we also crawled the T<jats:sc>ranco<\/jats:sc> Top 100K websites and identified 12, 970 of them can be detected with our approach. Among them, 1, 910 deliver resources that have expiry dates greater than 100 days, enabling long-term user tracking. Finally, we discuss possible defenses at both the browser and standard levels to prevent users from being tracked.<\/jats:p>","DOI":"10.2478\/popets-2021-0033","type":"journal-article","created":{"date-parts":[[2021,4,6]],"date-time":"2021-04-06T21:07:17Z","timestamp":1617743237000},"page":"391-406","source":"Crossref","is-referenced-by-count":1,"title":["D\u00e9j\u00e0 vu: Abusing Browser Cache Headers to Identify and Track Online Users"],"prefix":"10.56553","volume":"2021","author":[{"given":"Vikas","family":"Mishra","sequence":"first","affiliation":[{"name":"Inria, Univ . Lille"}]},{"given":"Pierre","family":"Laperdrix","sequence":"additional","affiliation":[{"name":"Univ. Lille , CNRS , Inria"}]},{"given":"Walter","family":"Rudametkin","sequence":"additional","affiliation":[{"name":"Univ. Lille , Inria"}]},{"given":"Romain","family":"Rouvoy","sequence":"additional","affiliation":[{"name":"Univ. Lille , Inria , IUF"}]}],"member":"35752","published-online":{"date-parts":[[2021,1,29]]},"reference":[{"key":"2022043002461484499_j_popets-2021-0033_ref_001_w2aab3b7c40b1b6b1ab1ab1Aa","unstructured":"[1] Optionally partition cache to prevent using cache for tracking \u2013 WebKit Bug tracker. https:\/\/bugs.webkit.org\/show_bug.cgi?id=110269, 2013."},{"key":"2022043002461484499_j_popets-2021-0033_ref_002_w2aab3b7c40b1b6b1ab1ab2Aa","unstructured":"[2] Add Cache-Isolation behind a pref \u2013 Mozilla Central. https:\/\/hg.mozilla.org\/mozilla-central\/rev\/a5e791146ef5, 2019."},{"key":"2022043002461484499_j_popets-2021-0033_ref_003_w2aab3b7c40b1b6b1ab1ab3Aa","unstructured":"[3] Double-keyed HTTP cache \u2013 WHATWG Fetch GitHub Repository. https:\/\/github.com\/whatwg\/fetch\/issues\/904, 2019."},{"key":"2022043002461484499_j_popets-2021-0033_ref_004_w2aab3b7c40b1b6b1ab1ab4Aa","unstructured":"[4] CORS safelisted headers from the Fetch living standard \u2013 WHATWG Standards. https:\/\/fetch.spec.whatwg.org\/#cors-safelisted-response-header-name, 2020."},{"key":"2022043002461484499_j_popets-2021-0033_ref_005_w2aab3b7c40b1b6b1ab1ab5Aa","unstructured":"[5] Determine the scope to which storage and communications should be scoped in the third-party context \u2013 Mozilla Bug tracker. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1558932, 2020."},{"key":"2022043002461484499_j_popets-2021-0033_ref_006_w2aab3b7c40b1b6b1ab1ab6Aa","unstructured":"[6] Explainer - Partition the HTTP Cache \u2013 GitHub. http:\/\/github.com\/shivanigithub\/http-cache-partitioning, 2020."},{"key":"2022043002461484499_j_popets-2021-0033_ref_007_w2aab3b7c40b1b6b1ab1ab7Aa","unstructured":"[7] HTTP Cache Threat Model - Partitioning the cache. https:\/\/docs.google.com\/document\/d\/1U5zqfaJCFj_URrAmSxJ0C7z0AilLLJ30lgAqShVWnck\/, 2020."},{"key":"2022043002461484499_j_popets-2021-0033_ref_008_w2aab3b7c40b1b6b1ab1ab8Aa","unstructured":"[8] Issue 910708: Split Disk Cache Meta Bug \u2013 Chrome Bug tracker. https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=910708, 2020."},{"key":"2022043002461484499_j_popets-2021-0033_ref_009_w2aab3b7c40b1b6b1ab1ab9Aa","unstructured":"[9] [meta] Top-level site partitioning \u2013 Mozilla Bug tracker. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1590107, 2020."},{"key":"2022043002461484499_j_popets-2021-0033_ref_010_w2aab3b7c40b1b6b1ab1ac10Aa","unstructured":"[10] Puppeteer repository \u2013 GitHub. https:\/\/github.com\/puppeteer\/puppeteer, 2020."},{"key":"2022043002461484499_j_popets-2021-0033_ref_011_w2aab3b7c40b1b6b1ab1ac11Aa","unstructured":"[11] SimilarWeb: Website Traffic Statistics & Analytics. https:\/\/www.similarweb.com\/, 2020."},{"key":"2022043002461484499_j_popets-2021-0033_ref_012_w2aab3b7c40b1b6b1ab1ac12Aa","unstructured":"[12] Server response header \u2013 MDN Web Docs. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\/Server."},{"key":"2022043002461484499_j_popets-2021-0033_ref_013_w2aab3b7c40b1b6b1ab1ac13Aa","unstructured":"[13] Content SecurityPolicy (CSP) \u2013 MDN Web Docs., 2019. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/CSP, 2019."},{"key":"2022043002461484499_j_popets-2021-0033_ref_014_w2aab3b7c40b1b6b1ab1ac14Aa","unstructured":"[14] Same-origin policy (SOP) \u2013 MDN Web Docs. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/Security\/Same-origin_policy, 2019."},{"key":"2022043002461484499_j_popets-2021-0033_ref_015_w2aab3b7c40b1b6b1ab1ac15Aa","unstructured":"[15] HTTP Caching \u2013 MDN Web Docs. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Caching, 2020."},{"key":"2022043002461484499_j_popets-2021-0033_ref_016_w2aab3b7c40b1b6b1ab1ac16Aa","unstructured":"[16] WebGL: 2D and 3D graphics for the web \u2013 MDN Web Docs. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/WebGL_API, 2020."},{"key":"2022043002461484499_j_popets-2021-0033_ref_017_w2aab3b7c40b1b6b1ab1ac17Aa","doi-asserted-by":"crossref","unstructured":"[17] Gunes Acar, Christian Eubank, Steven Englehardt, Marc Juarez, Arvind Narayanan, and Claudia Diaz. The web never forgets: Persistent tracking mechanisms in the wild. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 674\u2013689, 2014.10.1145\/2660267.2660347","DOI":"10.1145\/2660267.2660347"},{"key":"2022043002461484499_j_popets-2021-0033_ref_018_w2aab3b7c40b1b6b1ab1ac18Aa","doi-asserted-by":"crossref","unstructured":"[18] Mika D Ayenson, Dietrich James Wambach, Ashkan Soltani, Nathan Good, and Chris Jay Hoofnagle. Flash cookies and privacy ii: Now with html5 and etag respawning. Available at SSRN 1898390, 2011.10.2139\/ssrn.1898390","DOI":"10.2139\/ssrn.1898390"},{"key":"2022043002461484499_j_popets-2021-0033_ref_019_w2aab3b7c40b1b6b1ab1ac19Aa","doi-asserted-by":"crossref","unstructured":"[19] Chetan Bansal, S\u00f6ren Preibusch, and Natasa Milic-Frayling. Cache timing attacks revisited: Efficient and repeatable browser history, os and network sniffing. In Hannes Federrath and Dieter Gollmann, editors, ICT Systems Security and Privacy Protection, pages 97\u2013111, Cham, 2015. Springer International Publishing.10.1007\/978-3-319-18467-8_7","DOI":"10.1007\/978-3-319-18467-8_7"},{"key":"2022043002461484499_j_popets-2021-0033_ref_020_w2aab3b7c40b1b6b1ab1ac20Aa","unstructured":"[20] David Baron. :visited support allows queries into global history \u2013 Mozilla Bug tracker. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=147777, 2002."},{"key":"2022043002461484499_j_popets-2021-0033_ref_021_w2aab3b7c40b1b6b1ab1ac21Aa","unstructured":"[21] David Baron. Preventing attacks on a user\u2019s history through CSS :visited selectors \u2013 Mozilla Hacks Blog. https:\/\/hacks.mozilla.org\/2010\/03\/privacy-related-changes-coming-to-cssvistited\/, 2010."},{"key":"2022043002461484499_j_popets-2021-0033_ref_022_w2aab3b7c40b1b6b1ab1ac22Aa","unstructured":"[22] Sarah Bird, Ilana Segall, and Martin Lopatka. Replication: Why We Still Can\u2019t Browse in Peace: On the Uniqueness and Reidentifiability of Web Browsing Histories. In Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020), pages 489\u2013503. USENIX Association, August 2020."},{"key":"2022043002461484499_j_popets-2021-0033_ref_023_w2aab3b7c40b1b6b1ab1ac23Aa","doi-asserted-by":"crossref","unstructured":"[23] Norman E Bowie and Karim Jamal. Privacy rights on the internet: self-regulation or government regulation? Business Ethics Quarterly, 16(3):323\u2013342, 2006.10.5840\/beq200616340","DOI":"10.5840\/beq200616340"},{"key":"2022043002461484499_j_popets-2021-0033_ref_024_w2aab3b7c40b1b6b1ab1ac24Aa","doi-asserted-by":"crossref","unstructured":"[24] Yinzhi Cao, Song Li, and Erik Wijmans. (Cross-)Browser Fingerprinting via OS and Hardware Level Features. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26- March 1, 2017. The Internet Society, 2017.10.14722\/ndss.2017.23152","DOI":"10.14722\/ndss.2017.23152"},{"key":"2022043002461484499_j_popets-2021-0033_ref_025_w2aab3b7c40b1b6b1ab1ac25Aa","unstructured":"[25] Chromium. CVE-2018-6137: Leak of visited status of page in Blink. https:\/\/chromereleases.googleblog.com\/2018\/05\/stable-channel-update-for-desktop_58.html, 2018."},{"key":"2022043002461484499_j_popets-2021-0033_ref_026_w2aab3b7c40b1b6b1ab1ac26Aa","unstructured":"[26] Andrew Clover. CSS visited pages disclosure \u2013 BUGTRAQ mailing list posting. https:\/\/seclists.org\/bugtraq\/2002\/Feb\/271, 2002."},{"key":"2022043002461484499_j_popets-2021-0033_ref_027_w2aab3b7c40b1b6b1ab1ac27Aa","doi-asserted-by":"crossref","unstructured":"[27] Steven Englehardt and Arvind Narayanan. Online tracking: A 1-million-site measurement and analysis. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS \u201916, page 1388\u20131401, New York, NY, USA, 2016. Association for Computing Machinery.10.1145\/2976749.2978313","DOI":"10.1145\/2976749.2978313"},{"key":"2022043002461484499_j_popets-2021-0033_ref_028_w2aab3b7c40b1b6b1ab1ac28Aa","doi-asserted-by":"crossref","unstructured":"[28] Edward W Felten and Michael A Schneider. Timing attacks on web privacy. In Proceedings of the 7th ACM conference on Computer and communications security, pages 25\u201332, 2000.10.1145\/352600.352606","DOI":"10.1145\/352600.352606"},{"key":"2022043002461484499_j_popets-2021-0033_ref_029_w2aab3b7c40b1b6b1ab1ac29Aa","doi-asserted-by":"crossref","unstructured":"[29] Yaoqi Jia, Xinshu Dong, Zhenkai Liang, and Prateek Saxena. I know where you\u2019ve been: Geo-inference attacks via the browser cache. IEEE Internet Computing, 19(1):44\u201353, 2014.","DOI":"10.1109\/MIC.2014.103"},{"key":"2022043002461484499_j_popets-2021-0033_ref_030_w2aab3b7c40b1b6b1ab1ac30Aa","unstructured":"[30] Eiji Kitamura. Gaining security and privacy by partitioning the cache. https:\/\/developers.google.com\/web\/updates\/2020\/10\/http-cache-partitioning, 2020."},{"key":"2022043002461484499_j_popets-2021-0033_ref_031_w2aab3b7c40b1b6b1ab1ac31Aa","doi-asserted-by":"crossref","unstructured":"[31] Pierre Laperdrix, Walter Rudametkin, and Benoit Baudry. Beauty and the beast: Diverting modern web browsers to build unique browser fingerprints. In 2016 IEEE Symposium on Security and Privacy (SP), pages 878\u2013894. IEEE, 2016.10.1109\/SP.2016.57","DOI":"10.1109\/SP.2016.57"},{"key":"2022043002461484499_j_popets-2021-0033_ref_032_w2aab3b7c40b1b6b1ab1ac32Aa","unstructured":"[32] Lukasz Olejnik, Claude Castelluccia, and Artur Janc. Why Johnny Can\u2019t Browse in Peace: On the Uniqueness of Web Browsing History Patterns. In 5th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs 2012), Vigo, Spain, July 2012."},{"key":"2022043002461484499_j_popets-2021-0033_ref_033_w2aab3b7c40b1b6b1ab1ac33Aa","doi-asserted-by":"crossref","unstructured":"[33] Victor Le Pochat, Tom van Goethem, Samaneh Tajalizadehkhoob, Maciej Korczynski, and Wouter Joosen. Tranco: A research-oriented top sites ranking hardened against manipulation. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24-27, 2019. The Internet Society, 2019.10.14722\/ndss.2019.23386","DOI":"10.14722\/ndss.2019.23386"},{"key":"2022043002461484499_j_popets-2021-0033_ref_034_w2aab3b7c40b1b6b1ab1ac34Aa","unstructured":"[34] Michael Smith, Craig Disselkoen, Shravan Narayan, Fraser Brown, and Deian Stefan. Browser history re: visited. In 12th USENIX Workshop on Offensive Technologies (WOOT 18), 2018."},{"key":"2022043002461484499_j_popets-2021-0033_ref_035_w2aab3b7c40b1b6b1ab1ac35Aa","unstructured":"[35] Steve Souders. Revving Filenames. https:\/\/www.stevesouders.com\/blog\/2008\/08\/23\/revving-filenames-dontuse-querystring\/, 2008."},{"key":"2022043002461484499_j_popets-2021-0033_ref_036_w2aab3b7c40b1b6b1ab1ac36Aa","doi-asserted-by":"crossref","unstructured":"[36] Zachary Weinberg, Eric Y Chen, Pavithra Ramesh Jayaraman, and Collin Jackson. I still know what you visited last summer: Leaking browsing history via user interaction and side channel attacks. In 2011 IEEE Symposium on Security and Privacy, pages 147\u2013161. IEEE, 2011.10.1109\/SP.2011.23","DOI":"10.1109\/SP.2011.23"},{"key":"2022043002461484499_j_popets-2021-0033_ref_037_w2aab3b7c40b1b6b1ab1ac37Aa","doi-asserted-by":"crossref","unstructured":"[37] Gilbert Wondracek, Thorsten Holz, Engin Kirda, and Christopher Kruegel. A practical attack to de-anonymize social network users. In 2010 IEEE Symposium on Security and Privacy, pages 223\u2013238. IEEE, 2010.10.1109\/SP.2010.21","DOI":"10.1109\/SP.2010.21"}],"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.sciendo.com\/pdf\/10.2478\/popets-2021-0033","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,20]],"date-time":"2022-07-20T16:31:29Z","timestamp":1658334689000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2021\/popets-2021-0033.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,1,29]]},"references-count":37,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2021,1,29]]},"published-print":{"date-parts":[[2021,4,1]]}},"alternative-id":["10.2478\/popets-2021-0033"],"URL":"https:\/\/doi.org\/10.2478\/popets-2021-0033","relation":{},"ISSN":["2299-0984"],"issn-type":[{"value":"2299-0984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,1,29]]}}}