diff --git a/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs b/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs
index 61e4609b..3d608597 100644
--- a/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs
+++ b/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs
@@ -208,7 +208,7 @@ public static partial class OpenIddictServerAspNetCoreHandlers
                 response.ContentLength = buffer.Length;
                 response.ContentType = "text/html;charset=UTF-8";
 
-                response.Headers[HeaderNames.CacheControl] = "no-cache";
+                response.Headers[HeaderNames.CacheControl] = "no-store";
                 response.Headers[HeaderNames.Pragma] = "no-cache";
                 response.Headers[HeaderNames.Expires] = "-1";
 
diff --git a/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Authentication.cs b/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Authentication.cs
index 4a24d218..a640d79b 100644
--- a/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Authentication.cs
+++ b/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Authentication.cs
@@ -200,7 +200,7 @@ public static partial class OpenIddictServerOwinHandlers
                 response.ContentLength = buffer.Length;
                 response.ContentType = "text/html;charset=UTF-8";
 
-                response.Headers[Headers.CacheControl] = "no-cache";
+                response.Headers[Headers.CacheControl] = "no-store";
                 response.Headers[Headers.Pragma] = "no-cache";
                 response.Headers[Headers.Expires] = "-1";