diff --git a/docs/security.md b/docs/security.md
index 8250549..310c665 100644
--- a/docs/security.md
+++ b/docs/security.md
@@ -10,3 +10,4 @@ Configured correctly, Django SQL Dashboard uses a number of measures to keep you
 - Your allow-list of tables should not include tables with sensitive information. Django's auth_user table contains password hashes, and the django_session table contains user session information. Neither should be exposed using this tool.
 - Access to the dashboard is controlled by Django's permissions system, which means you can limit access to trusted team members.
 - SQL queries can be passed to the dashboard using a ?sql= query string parameter - but this parameter needs to be signed before it will be executed. This should prevent attempts to trick you into executing malevolent SQL queries by sending you crafted links - while still allowing your team to create links to queries that can be securely shared.
+- Any time a user views a dashboard page while logged in, `Cache-Control: private` is set on the response to ensure the authenticated dashboard will not be stored in any intermediary HTTP caches