Cache-Control Header value 'no-store' raises an alert Incomplete or No Cache-control Header Set

Describe the bug When running tests with no-store value in Cache-Control header, like ‘Cache-Control: no-store; max-age=0’ I still get a low severity alert. The proposed solution is to use values no-cache, no-store, must-revalidate. So no-store should not raise an alert. To Reproduce Run a test with ‘Cache-Control: no-store’ header and find a low severity alert in the report. I have also tried to change the value to ‘no-cache’ with the same result - a low severity alert is being raised.

HTTP/1.1 200 OK
Content-Type: text/html
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Content-Security-Policy: default-src 'self'; frame-ancestors 'none'; form-action 'none'
Cache-Control: no-store

Expected behavior alert “Incomplete or No Cache-control Header Set” should not be raised when no-store value is used

Screenshots

Software versions

• ZAP:2.10.0
• Add-on: pscanrules, Cache Control Scan Rule https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/CacheControlScanRule.java
• OS: Windows 10
• Java: 1.8.0_281
• Browser: no

Errors from the zap.log file

Additional context

Only value ‘no-store’ can in some cases not be enough. By adding ‘max-age=0’ together with ‘no store’ one can prevent a valid pre-existing cached response from being returned (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control). However, it is an adjustment to the existing rule and is probably not a part of this issue.

The solution part:

Would you like to help fix this issue? not this time, sorry