diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000..8350312
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,4 @@
+{
+    "debug.allowBreakpointsEverywhere": true,
+    "files.autoGuessEncoding": true
+}
\ No newline at end of file
diff --git a/internal/auth/bearer.go b/internal/auth/bearer.go
index 923ebd4..451e079 100644
--- a/internal/auth/bearer.go
+++ b/internal/auth/bearer.go
@@ -54,6 +54,13 @@ func (ss *BearerSecurityScheme) GetHeaders() http.Header {
 		header.Set(AuthorizationHeader, fmt.Sprintf("%s %s", BearerPrefix, attackValue))
 	}
 
+	//add cache-control based on authorization
+	if ss.HasValidValue() {
+		header.Set("Cache-Control", "private, max-age=0")
+	} else {
+		header.Set("Cache-Control", "public, max-age=3600")
+	}
+
 	return header
 }
 
diff --git a/internal/auth/bearer_test.go b/internal/auth/bearer_test.go
index d664a7b..86b1d42 100644
--- a/internal/auth/bearer_test.go
+++ b/internal/auth/bearer_test.go
@@ -73,6 +73,7 @@ func TestBearerSecurityScheme_GetHeaders(t *testing.T) {
 
 	assert.Equal(t, http.Header{
 		"Authorization": []string{"Bearer xyz789"},
+		"Cache-Control": []string{"private, max-age=0"},
 	}, headers)
 }
 
@@ -85,6 +86,7 @@ func TestBearerSecurityScheme_GetHeaders_WhenNoAttackValue(t *testing.T) {
 
 	assert.Equal(t, http.Header{
 		"Authorization": []string{"Bearer abc123"},
+		"Cache-Control": []string{"private, max-age=0"},
 	}, headers)
 }
 
@@ -94,7 +96,9 @@ func TestBearerSecurityScheme_GetHeaders_WhenNoAttackAndValidValue(t *testing.T)
 
 	headers := ss.GetHeaders()
 
-	assert.Equal(t, http.Header{}, headers)
+	assert.Equal(t, http.Header{
+		"Cache-Control": []string{"public, max-age=3600"},
+	}, headers)
 }
 
 func TestBearerSecurityScheme_GetCookies(t *testing.T) {
diff --git a/internal/auth/jwt_bearer.go b/internal/auth/jwt_bearer.go
index d28c4f8..b8af0ab 100644
--- a/internal/auth/jwt_bearer.go
+++ b/internal/auth/jwt_bearer.go
@@ -68,6 +68,13 @@ func (ss *JWTBearerSecurityScheme) GetHeaders() http.Header {
 		header.Set(AuthorizationHeader, fmt.Sprintf("%s %s", BearerPrefix, attackValue))
 	}
 
+	//add cache-control based on authorization
+	if ss.HasValidValue() {
+		header.Set("Cache-Control", "private, max-age=0")
+	} else {
+		header.Set("Cache-Control", "public, max-age=3600")
+	}
+
 	return header
 }
 
diff --git a/internal/auth/jwt_bearer_test.go b/internal/auth/jwt_bearer_test.go
index c3a4ab9..0e97288 100644
--- a/internal/auth/jwt_bearer_test.go
+++ b/internal/auth/jwt_bearer_test.go
@@ -87,6 +87,7 @@ func TestJWTBearerSecurityScheme_GetHeaders(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Equal(t, http.Header{
 		"Authorization": []string{"Bearer xyz789"},
+		"Cache-Control": []string{"private, max-age=0"},
 	}, headers)
 }
 
@@ -100,6 +101,7 @@ func TestJWTBearerSecurityScheme_GetHeaders_WhenNoAttackValue(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Equal(t, http.Header{
 		"Authorization": []string{"Bearer " + jwt.FakeJWT},
+		"Cache-Control": []string{"private, max-age=0"},
 	}, headers)
 }
 
@@ -110,7 +112,9 @@ func TestJWTBearerSecurityScheme_GetHeaders_WhenNoAttackAndValidValue(t *testing
 	headers := ss.GetHeaders()
 
 	assert.NoError(t, err)
-	assert.Equal(t, http.Header{}, headers)
+	assert.Equal(t, http.Header{
+		"Cache-Control": []string{"public, max-age=3600"},
+	}, headers)
 }
 
 func TestJWTBearerSecurityScheme_GetCookies(t *testing.T) {
diff --git a/internal/auth/oauth.go b/internal/auth/oauth.go
index 3e3b4a4..3d485a9 100644
--- a/internal/auth/oauth.go
+++ b/internal/auth/oauth.go
@@ -83,6 +83,13 @@ func (ss *OAuthSecurityScheme) GetHeaders() http.Header {
 		header.Set(AuthorizationHeader, fmt.Sprintf("%s %s", BearerPrefix, attackValue))
 	}
 
+	//add cache-control based on authorization
+	if ss.HasValidValue() {
+		header.Set("Cache-Control", "private, max-age=0")
+	} else {
+		header.Set("Cache-Control", "public, max-age=3600")
+	}
+
 	return header
 }
 
diff --git a/internal/auth/oauth_test.go b/internal/auth/oauth_test.go
index 514939c..a8da4e6 100644
--- a/internal/auth/oauth_test.go
+++ b/internal/auth/oauth_test.go
@@ -91,6 +91,7 @@ func TestNewOAuthSecurityScheme_GetHeaders(t *testing.T) {
 
 	assert.Equal(t, http.Header{
 		"Authorization": []string{"Bearer xyz789"},
+		"Cache-Control": []string{"private, max-age=0"},
 	}, headers)
 }
 
@@ -104,6 +105,7 @@ func TestNewOAuthSecurityScheme_GetHeaders_WhenNoAttackValue(t *testing.T) {
 
 	assert.Equal(t, http.Header{
 		"Authorization": []string{"Bearer abc123"},
+		"Cache-Control": []string{"private, max-age=0"},
 	}, headers)
 }
 
@@ -113,7 +115,9 @@ func TestNewOAuthSecurityScheme_GetHeaders_WhenNoAttackAndValidValue(t *testing.
 
 	headers := ss.GetHeaders()
 
-	assert.Equal(t, http.Header{}, headers)
+	assert.Equal(t, http.Header{
+		"Cache-Control": []string{"public, max-age=3600"},
+	}, headers)
 }
 
 func TestNewOAuthSecurityScheme_GetCookies(t *testing.T) {