Abstract: The disclosure is directed towards controlling the persistency of information provided to a service worker. A method includes receiving a response that includes response data. The response is received at a security service and was transmitted by a second computing device in response to receiving an information request from a first computing device. The first computing device implements a service worker. Sensitive data included in the response data is identified. The response includes caching instructions that instruct the service worker to cache the sensitive data at the first computing device. In response to identifying the sensitive data, the caching instructions are updated such that any portion of the response data that the updated caching instructions instruct the service worker to cache at the first computing device excludes the sensitive data. The updated response is transmitted to the first computing device and includes the response data and the updated caching instructions.

Abstract: The disclosure is directed towards controlling the persistency of information provided to a service worker. A method includes receiving a response that includes response data. The response is received at a security service and was transmitted by a second computing device in response to receiving an information request from a first computing device. The first computing device implements a service worker. Sensitive data included in the response data is identified. The response includes caching instructions that instruct the service worker to cache the sensitive data at the first computing device. In response to identifying the sensitive data, the caching instructions are updated such that any portion of the response data that the updated caching instructions instruct the service worker to cache at the first computing device excludes the sensitive data. The updated response is transmitted to the first computing device and includes the response data and the updated caching instructions.

Abstract: Context menu item operations pose risks to sensitive data, such as confidentiality violations from data exfiltration during “search” or “translate” communications with external sites, as well as “paste”, “delete”, “move” and other context menu item operations that may harm data integrity or data availability even if no external site is involved. Control scripts injected by a security broker or proxy, working with event listeners in a web page, may be used to monitor and control web browser context menu item displays and functionalities based on suggested or mandated context menu policy actions obtained from a policy server. Policy that is specific to context menus is also enforced in other interactive programs that use context menus, thereby protecting sensitive data against both malevolent efforts and innocent mistakes. Protection may be provided for any kind of sensitive data, regardless of the sensitivity designation criteria or mechanism.