You might be on position re: details leakage and this should be a crucial consideration for any person rolling their own authentication/authorization plan. +one for mentioning OWASP.When viewing the reaction headers from CloudFront, note the X-Cache: (hit/pass up) and Age: (how much time in the past this particular web page was cached) responses. T