diff --git a/profiles/__init__.py b/profiles/__init__.py
index 90f43de..04cfd44 100644
--- a/profiles/__init__.py
+++ b/profiles/__init__.py
@@ -78,6 +78,14 @@
 # pylint: enable=wrong-import-position
 
 
+@app.after_request
+def set_cache_headers(response):
+    if "Cache-Control" not in response.headers:
+        response.headers["Cache-Control"] = "no-store"
+        response.headers["Vary"] = "Cookie"
+    return response
+
+
 @app.route("/", methods=["GET"])
 @auth.oidc_auth("default")
 @before_request