diff --git a/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs b/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs
index 61e4609b4..3d6085972 100644
--- a/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs
+++ b/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs
@@ -208,7 +208,7 @@ from value in values.GetValueOrDefault()
                 response.ContentLength = buffer.Length;
                 response.ContentType = "text/html;charset=UTF-8";
 
-                response.Headers[HeaderNames.CacheControl] = "no-cache";
+                response.Headers[HeaderNames.CacheControl] = "no-store";
                 response.Headers[HeaderNames.Pragma] = "no-cache";
                 response.Headers[HeaderNames.Expires] = "-1";
 
diff --git a/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Authentication.cs b/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Authentication.cs
index 4a24d218f..a640d79b9 100644
--- a/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Authentication.cs
+++ b/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Authentication.cs
@@ -200,7 +200,7 @@ from value in values.GetValueOrDefault()
                 response.ContentLength = buffer.Length;
                 response.ContentType = "text/html;charset=UTF-8";
 
-                response.Headers[Headers.CacheControl] = "no-cache";
+                response.Headers[Headers.CacheControl] = "no-store";
                 response.Headers[Headers.Pragma] = "no-cache";
                 response.Headers[Headers.Expires] = "-1";