The cache-control header is not present to specify that the response should not be cached.
If UIs may contain other sensitive information, set the cache to prevent inadvertent page caching:
- Cache-control header (HTTP 1.1) set to "no-cache, no-store"
- Pragma header (HTTP 1.0) set to "no-cache"
- Expires header served pre-expired (i.e. backdated one year)