diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index fad1aa167..ee0aced35 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -169,6 +169,8 @@ class AccountController < ApplicationController
         end
       end
     end
+
+    no_store
   end
 
   # Token based account activation
diff --git a/app/controllers/auth_sources_controller.rb b/app/controllers/auth_sources_controller.rb
index a88d87016..02d069103 100644
--- a/app/controllers/auth_sources_controller.rb
+++ b/app/controllers/auth_sources_controller.rb
@@ -32,6 +32,7 @@ class AuthSourcesController < ApplicationController
   end
 
   def new
+    no_store
   end
 
   def create
@@ -39,11 +40,13 @@ class AuthSourcesController < ApplicationController
       flash[:notice] = l(:notice_successful_create)
       redirect_to auth_sources_path
     else
+      no_store
       render :action => 'new'
     end
   end
 
   def edit
+    no_store
   end
 
   def update
@@ -52,6 +55,7 @@ class AuthSourcesController < ApplicationController
       flash[:notice] = l(:notice_successful_update)
       redirect_to auth_sources_path
     else
+      no_store
       render :action => 'edit'
     end
   end
diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb
index 9a9be1585..9e7021041 100644
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@@ -41,17 +41,20 @@ class RepositoriesController < ApplicationController
 
   def new
     @repository.is_default = @project.repository.nil?
+    no_store
   end
 
   def create
     if @repository.save
       redirect_to settings_project_path(@project, :tab => 'repositories')
     else
+      no_store
       render :action => 'new'
     end
   end
 
   def edit
+    no_store
   end
 
   def update
@@ -59,6 +62,7 @@ class RepositoriesController < ApplicationController
     if @repository.save
       redirect_to settings_project_path(@project, :tab => 'repositories')
     else
+      no_store
       render :action => 'edit'
     end
   end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 3a88475c4..d0b5b9f89 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -114,6 +114,8 @@ class UsersController < ApplicationController
                      :mail_notification => Setting.default_notification_option)
     @user.safe_attributes = params[:user]
     @auth_sources = AuthSource.all
+
+    no_store
   end
 
   def create
@@ -150,8 +152,14 @@ class UsersController < ApplicationController
       @user.password = @user.password_confirmation = nil
 
       respond_to do |format|
-        format.html {render :action => 'new'}
-        format.api  {render_validation_errors(@user)}
+        format.html do
+          no_store
+          render :action => 'new'
+        end
+
+        format.api do
+          render_validation_errors(@user)
+        end
       end
     end
   end
@@ -159,6 +167,8 @@ class UsersController < ApplicationController
   def edit
     @auth_sources = AuthSource.all
     @membership ||= Member.new
+
+    no_store
   end
 
   def update
@@ -196,8 +206,13 @@ class UsersController < ApplicationController
       @user.password = @user.password_confirmation = nil
 
       respond_to do |format|
-        format.html {render :action => :edit}
-        format.api  {render_validation_errors(@user)}
+        format.html do
+          no_store
+          render :action => :edit
+        end
+        format.api do
+          render_validation_errors(@user)
+        end
       end
     end
   end
diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb
index 3b9a4403f..dbcd643cc 100644
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@@ -291,6 +291,7 @@ class AccountControllerTest < Redmine::ControllerTest
     with_settings :self_registration => '3' do
       get :register
       assert_response :success
+      assert_includes @response.headers['Cache-Control'], 'no-store'
 
       assert_select 'input[name=?]', 'user[password]'
       assert_select 'input[name=?]', 'user[password_confirmation]'
@@ -357,6 +358,27 @@ class AccountControllerTest < Redmine::ControllerTest
     end
   end
 
+  def test_post_register_with_failure
+    post(
+      :register,
+      :params => {
+        :user => {
+          :login => 'register',
+          :password => 'secret123',
+          :password_confirmation => 'secret1234567890',
+          :firstname => 'John',
+          :lastname => 'Doe',
+          :mail => 'register@example.com'
+        }
+      }
+    )
+
+    assert_response :success
+    assert_includes @response.headers['Cache-Control'], 'no-store'
+
+    assert_select_error /Password doesn't match confirmation/i
+  end
+
   def test_post_register_with_registration_off_should_redirect
     with_settings :self_registration => '0' do
       assert_no_difference 'User.count' do
diff --git a/test/functional/auth_sources_controller_test.rb b/test/functional/auth_sources_controller_test.rb
index 9233ae675..0f1503a43 100644
--- a/test/functional/auth_sources_controller_test.rb
+++ b/test/functional/auth_sources_controller_test.rb
@@ -34,6 +34,7 @@ class AuthSourcesControllerTest < Redmine::ControllerTest
   def test_new
     get :new
     assert_response :success
+    assert_includes @response.headers['Cache-Control'], 'no-store'
 
     assert_select 'form#auth_source_form' do
       assert_select 'input[name=type][value=AuthSourceLdap]'
@@ -90,6 +91,7 @@ class AuthSourcesControllerTest < Redmine::ControllerTest
         }
       )
       assert_response :success
+      assert_includes @response.headers['Cache-Control'], 'no-store'
     end
     assert_select_error /host cannot be blank/i
   end
@@ -102,6 +104,7 @@ class AuthSourcesControllerTest < Redmine::ControllerTest
       }
     )
     assert_response :success
+    assert_includes @response.headers['Cache-Control'], 'no-store'
 
     assert_select 'form#auth_source_form' do
       assert_select 'input[name=?]', 'auth_source[host]'
@@ -165,6 +168,8 @@ class AuthSourcesControllerTest < Redmine::ControllerTest
       }
     )
     assert_response :success
+    assert_includes @response.headers['Cache-Control'], 'no-store'
+
     assert_select_error /host cannot be blank/i
   end
 
diff --git a/test/functional/repositories_controller_test.rb b/test/functional/repositories_controller_test.rb
index dae0a6a95..db2e6df64 100644
--- a/test/functional/repositories_controller_test.rb
+++ b/test/functional/repositories_controller_test.rb
@@ -38,6 +38,8 @@ class RepositoriesControllerTest < Redmine::RepositoryControllerTest
       }
     )
     assert_response :success
+    assert_includes @response.headers['Cache-Control'], 'no-store'
+
     assert_select 'select[name=?]', 'repository_scm' do
       assert_select 'option[value=?][selected=selected]', 'Subversion'
     end
@@ -114,6 +116,8 @@ class RepositoriesControllerTest < Redmine::RepositoryControllerTest
       )
     end
     assert_response :success
+    assert_includes @response.headers['Cache-Control'], 'no-store'
+
     assert_select_error /URL is invalid/
     assert_select 'select[name=?]', 'repository_scm' do
       assert_select 'option[value=?][selected=selected]', 'Subversion'
@@ -124,6 +128,8 @@ class RepositoriesControllerTest < Redmine::RepositoryControllerTest
     @request.session[:user_id] = 1
     get(:edit, :params => {:id => 11})
     assert_response :success
+    assert_includes @response.headers['Cache-Control'], 'no-store'
+
     assert_select 'input[name=?][value=?][disabled=disabled]', 'repository[url]', 'svn://localhost/test'
   end
 
@@ -154,6 +160,8 @@ class RepositoriesControllerTest < Redmine::RepositoryControllerTest
       }
     )
     assert_response :success
+    assert_includes @response.headers['Cache-Control'], 'no-store'
+
     assert_select_error /Password is too long/
   end
 
diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb
index e18c1f3d1..aade7675a 100644
--- a/test/functional/users_controller_test.rb
+++ b/test/functional/users_controller_test.rb
@@ -323,6 +323,8 @@ class UsersControllerTest < Redmine::ControllerTest
   def test_new
     get :new
     assert_response :success
+    assert_includes @response.headers['Cache-Control'], 'no-store'
+
     assert_select 'input[name=?]', 'user[login]'
     assert_select 'label[for=?]>span.required', 'user_password', 1
   end
@@ -439,6 +441,8 @@ class UsersControllerTest < Redmine::ControllerTest
       post :create, :params => {:user => {:login => 'foo'}}
     end
     assert_response :success
+    assert_includes @response.headers['Cache-Control'], 'no-store'
+
     assert_select_error /Email cannot be blank/
   end
 
@@ -525,6 +529,8 @@ class UsersControllerTest < Redmine::ControllerTest
     end
 
     assert_response :success
+    assert_includes @response.headers['Cache-Control'], 'no-store'
+
     assert_select 'h2>a+img.gravatar'
     assert_select 'input[name=?][value=?]', 'user[login]', 'jsmith'
     assert_select 'label[for=?]>span.required', 'user_password', 0
@@ -580,6 +586,8 @@ class UsersControllerTest < Redmine::ControllerTest
       }
     end
     assert_response :success
+    assert_includes @response.headers['Cache-Control'], 'no-store'
+
     assert_select_error /First name cannot be blank/
   end