Incorrect caching headers

Description:

The Cache-Control header is used to determine if the requested page content should be cached or not. This caching can be done by a server, browser and proxies. The Cache-Control header is necessary to set when the response of the server contains sensitive information.

Issue example:

The Jenkins web-application uses incorrect cache-control headers. Below is an server response as an example. This is a structural issue.
HTTP/1.1 200 OK
Date: Tue, 25 Mar 2014 09:40:06 GMT
Server: Winstone Servlet Engine v0.9.10
Expires: 0
Cache-Control: no-cache,must-revalidate
X-Hudson-Theme: default
X-Frame-Options: SAMEORIGIN
Content-Type: text/html;charset=UTF-8
X-Hudson: 1.395
X-Jenkins: 1.509.5.1 (Jenkins Enterprise by CloudBees 13.05)
X-Jenkins-Session: 8456547e
X-Hudson-CLI-Port: 46210
X-Jenkins-CLI-Port: 46210
X-Jenkins-CLI2-Port: 46210
X-SSH-Endpoint: 10.75.35.116:59696
X-Instance-Identity: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAufrFdr90ezSs51p3k56pEZ/57ErRzzF3jtp+FLU/f7M+84J6S35Y2NWo379t/sCTHCk/X/mUxy9ytx+lERSB1Vx4juXay/O+IaP2JrVD0NPQSrGmQo6ww/UzKkpZoAwRZFmHavm+dY0CtIuQkVD8M9BhaLLhtXzZipkEIM43Zj9gj04gP3kpsciu9U2jQ06sXWIJHdv9i51aa3iiW+kaFhmJea2KDI9h5trwOn8CqsTqAPfViubt4SrEhSrgklUnymJOAW8Auwy7he1B92nqf1k49Oi5XQ8amMFt8K3HCwxvQLE5rnp4gf4p+FaNYikqx5l10bPDAchMC9EnqdrxlwIDAQAB
Content-Length: 25927
X-Powered-By: Servlet/2.5 (Winstone/0.9.10)
Set-Cookie: JSESSIONID.414ae189=f714820873e51a11e4110cc582dab384; Path=/; HttpOnly
X-XSS-PROTECTION: 1; mode=block
Connection: close

Advice:

Implement the correct cache-control header, no-store no-cache for all the pages that contains sensitive information.