diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index d2ebd668d..62ebd01eb 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -121,6 +121,8 @@ class UsersController < ApplicationController
                      :mail_notification => Setting.default_notification_option)
     @user.safe_attributes = params[:user]
     @auth_sources = AuthSource.all
+
+    no_store
   end
 
   def create
@@ -157,8 +159,14 @@ class UsersController < ApplicationController
       @user.password = @user.password_confirmation = nil
 
       respond_to do |format|
-        format.html {render :action => 'new'}
-        format.api  {render_validation_errors(@user)}
+        format.html do
+          no_store
+          render :action => 'new'
+        end
+
+        format.api do
+          render_validation_errors(@user)
+        end
       end
     end
   end
@@ -166,6 +174,8 @@ class UsersController < ApplicationController
   def edit
     @auth_sources = AuthSource.all
     @membership ||= Member.new
+
+    no_store
   end
 
   def update
@@ -203,8 +213,13 @@ class UsersController < ApplicationController
       @user.password = @user.password_confirmation = nil
 
       respond_to do |format|
-        format.html {render :action => :edit}
-        format.api  {render_validation_errors(@user)}
+        format.html do
+          no_store
+          render :action => :edit
+        end
+        format.api do
+          render_validation_errors(@user)
+        end
       end
     end
   end
diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb
index ee7256086..02ad3d7b3 100644
--- a/test/functional/users_controller_test.rb
+++ b/test/functional/users_controller_test.rb
@@ -438,6 +438,8 @@ class UsersControllerTest < Redmine::ControllerTest
   def test_new
     get :new
     assert_response :success
+    assert_includes @response.headers['Cache-Control'], 'no-store'
+
     assert_select 'input[name=?]', 'user[login]'
     assert_select 'label[for=?]>span.required', 'user_password', 1
   end
@@ -554,6 +556,8 @@ class UsersControllerTest < Redmine::ControllerTest
       post :create, :params => {:user => {:login => 'foo'}}
     end
     assert_response :success
+    assert_includes @response.headers['Cache-Control'], 'no-store'
+
     assert_select_error /Email cannot be blank/
   end
 
@@ -640,6 +644,8 @@ class UsersControllerTest < Redmine::ControllerTest
     end
 
     assert_response :success
+    assert_includes @response.headers['Cache-Control'], 'no-store'
+
     assert_select 'h2>a+img.gravatar'
     assert_select 'input[name=?][value=?]', 'user[login]', 'jsmith'
     assert_select 'label[for=?]>span.required', 'user_password', 0
@@ -695,6 +701,8 @@ class UsersControllerTest < Redmine::ControllerTest
       }
     end
     assert_response :success
+    assert_includes @response.headers['Cache-Control'], 'no-store'
+
     assert_select_error /First name cannot be blank/
   end