diff --git a/lib/public/AppFramework/Http/Response.php b/lib/public/AppFramework/Http/Response.php
index 8591d6abc6..051e68f314 100644
--- a/lib/public/AppFramework/Http/Response.php
+++ b/lib/public/AppFramework/Http/Response.php
@@ -43,11 +43,11 @@ use OCP\AppFramework\Http;
 class Response {
 
 	/**
-	 * Headers - defaults to ['Cache-Control' => 'no-cache, must-revalidate']
+	 * Headers - defaults to ['Cache-Control' => 'no-cache, no-store, must-revalidate']
 	 * @var array
 	 */
 	private $headers = array(
-		'Cache-Control' => 'no-cache, must-revalidate'
+		'Cache-Control' => 'no-cache, no-store, must-revalidate'
 	);
 
 
diff --git a/tests/lib/AppFramework/Controller/ControllerTest.php b/tests/lib/AppFramework/Controller/ControllerTest.php
index 63cc287357..640853ccda 100644
--- a/tests/lib/AppFramework/Controller/ControllerTest.php
+++ b/tests/lib/AppFramework/Controller/ControllerTest.php
@@ -182,7 +182,7 @@ class ControllerTest extends \Test\TestCase {
 	public function testFormatDataResponseJSON() {
 		$expectedHeaders = [
 			'test' => 'something',
-			'Cache-Control' => 'no-cache, must-revalidate',
+			'Cache-Control' => 'no-cache, no-store, must-revalidate',
 			'Content-Type' => 'application/json; charset=utf-8',
 			'Content-Security-Policy' => "default-src 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'",
 		];
diff --git a/tests/lib/AppFramework/Http/DataResponseTest.php b/tests/lib/AppFramework/Http/DataResponseTest.php
index cde553cdf5..159efded97 100644
--- a/tests/lib/AppFramework/Http/DataResponseTest.php
+++ b/tests/lib/AppFramework/Http/DataResponseTest.php
@@ -67,7 +67,7 @@ class DataResponseTest extends \Test\TestCase {
 		$response = new DataResponse($data, $code, $headers);
 
 		$expectedHeaders = [
-			'Cache-Control' => 'no-cache, must-revalidate',
+			'Cache-Control' => 'no-cache, no-store, must-revalidate',
 			'Content-Security-Policy' => "default-src 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'",
 		];
 		$expectedHeaders = array_merge($expectedHeaders, $headers);
diff --git a/tests/lib/AppFramework/Http/ResponseTest.php b/tests/lib/AppFramework/Http/ResponseTest.php
index 0c582f8f6e..3ed946dc6c 100644
--- a/tests/lib/AppFramework/Http/ResponseTest.php
+++ b/tests/lib/AppFramework/Http/ResponseTest.php
@@ -97,7 +97,7 @@ class ResponseTest extends \Test\TestCase {
 
 	public function testCacheHeadersAreDisabledByDefault(){
 		$headers = $this->childResponse->getHeaders();
-		$this->assertEquals('no-cache, must-revalidate', $headers['Cache-Control']);
+		$this->assertEquals('no-cache, no-store, must-revalidate', $headers['Cache-Control']);
 	}