diff --git a/etc/RT_Config.pm.in b/etc/RT_Config.pm.in
index 6433198a36b..39b4e296f64 100644
--- a/etc/RT_Config.pm.in
+++ b/etc/RT_Config.pm.in
@@ -1573,6 +1573,20 @@ off I<unless> user connections to RT are secured by some other method.
 
 Set($WebSecureCookies, 1);
 
+=item C<$WebStrictBrowserCache>
+
+As part of normal operation, browsers typically store some browsing
+history, enabling the Back button to work. Browsers also often
+cache pages in the browsing history to improve performance.
+
+Enable this option if you are using RT with highly ssensitive
+information and want to signal the browser to not store any history
+or cache any data. The default is disabled.
+
+=cut
+
+Set($WebStrictBrowserCache, 0);
+
 =item C<$WebHttpOnlyCookies>
 
 Default RT's session cookie to not being directly accessible to
diff --git a/lib/RT/Config.pm b/lib/RT/Config.pm
index 04fbe3dcd5c..5a7edccc358 100644
--- a/lib/RT/Config.pm
+++ b/lib/RT/Config.pm
@@ -1889,6 +1889,9 @@ our %META;
     WebSecureCookies => {
         Widget => '/Widgets/Form/Boolean',
     },
+    WebStrictBrowserCache => {
+        Widget => '/Widgets/Form/Boolean',
+    },
     WikiImplicitLinks => {
         Widget => '/Widgets/Form/Boolean',
     },
diff --git a/share/html/Elements/Header b/share/html/Elements/Header
index 14be9196afa..6dc9396461b 100644
--- a/share/html/Elements/Header
+++ b/share/html/Elements/Header
@@ -123,8 +123,7 @@ $lang = $session{'CurrentUser'}->LanguageHandle->language_tag
      && $session{'CurrentUser'}->LanguageHandle
      && $session{'CurrentUser'}->LanguageHandle->language_tag;
 
-$r->headers_out->{'Pragma'} = 'no-cache';
-$r->headers_out->{'Cache-control'} = 'no-cache';
+$m->comp('/Elements/HttpResponseHeaders');
 
 my $id = $m->request_comp->path;
 $id =~ s|^/||g;
diff --git a/share/html/Elements/HttpResponseHeaders b/share/html/Elements/HttpResponseHeaders
new file mode 100644
index 00000000000..b1c635b8d5d
--- /dev/null
+++ b/share/html/Elements/HttpResponseHeaders
@@ -0,0 +1,67 @@
+%# BEGIN BPS TAGGED BLOCK {{{
+%#
+%# COPYRIGHT:
+%#
+%# This software is Copyright (c) 1996-2023 Best Practical Solutions, LLC
+%#                                          <sales@bestpractical.com>
+%#
+%# (Except where explicitly superseded by other copyright notices)
+%#
+%#
+%# LICENSE:
+%#
+%# This work is made available to you under the terms of Version 2 of
+%# the GNU General Public License. A copy of that license should have
+%# been provided with this software, but in any event can be snarfed
+%# from www.gnu.org.
+%#
+%# This work is distributed in the hope that it will be useful, but
+%# WITHOUT ANY WARRANTY; without even the implied warranty of
+%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+%# General Public License for more details.
+%#
+%# You should have received a copy of the GNU General Public License
+%# along with this program; if not, write to the Free Software
+%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+%# 02110-1301 or visit their web page on the internet at
+%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
+%#
+%#
+%# CONTRIBUTION SUBMISSION POLICY:
+%#
+%# (The following paragraph is not intended to limit the rights granted
+%# to you to modify and distribute this software under the terms of
+%# the GNU General Public License and is only of importance to you if
+%# you choose to contribute your changes and enhancements to the
+%# community by submitting them to Best Practical Solutions, LLC.)
+%#
+%# By intentionally submitting any modifications, corrections or
+%# derivatives to this work, or any other work intended for use with
+%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
+%# you are the copyright holder for those contributions and you grant
+%# Best Practical Solutions,  LLC a nonexclusive, worldwide, irrevocable,
+%# royalty-free, perpetual, license to use, copy, create derivative
+%# works based on those contributions, and sublicense and distribute
+%# those contributions and any derivatives thereof.
+%#
+%# END BPS TAGGED BLOCK }}}
+<%INIT>
+if ( RT->Config->Get('WebStrictBrowserCache') ) {
+
+    # Instruct the browser not to cache content
+    $r->headers_out->{'Cache-control'} = 'no-cache, no-store, must-revalidate, max-age=0, s-maxage=0';
+
+    my $expires = RT::Date->new(RT->SystemUser);
+    $expires->SetToNow;
+    # Make sure it's in the past to allow no cache
+    $expires->AddSeconds(-10);
+    $r->headers_out->{'Expires'} = $expires->RFC2616;
+}
+else {
+    $r->headers_out->{'Cache-control'} = 'no-cache';
+}
+
+$r->headers_out->{'Pragma'} = 'no-cache';
+
+$m->callback( %ARGS, CallbackName => 'End' );
+</%INIT>
diff --git a/share/html/m/_elements/header b/share/html/m/_elements/header
index fbf873c61fe..e82459e578a 100644
--- a/share/html/m/_elements/header
+++ b/share/html/m/_elements/header
@@ -50,8 +50,7 @@ $title => loc('RT for [_1]', RT->Config->Get('rtname'))
 $show_home_button => 1
 </%args>
 <%init>
-$r->headers_out->{'Pragma'} = 'no-cache';
-$r->headers_out->{'Cache-control'} = 'no-cache';
+$m->comp('/Elements/HttpResponseHeaders');
 </%init>
 <html>
 <head>