diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
index 0635c23902..d35a9ea7bb 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
@@ -157,6 +157,7 @@ public final class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
      * <ul>
      * <li>Cache-Control: no-cache, no-store, max-age=0, must-revalidate</li>
      * <li>Pragma: no-cache</li>
+     * <li>Expires: 0</li>
      * </ul>
      *
      * @return the {@link HeadersConfigurer} for additional customizations
diff --git a/docs/manual/src/docbook/headers.xml b/docs/manual/src/docbook/headers.xml
index fb732e2f00..4aa49e0236 100644
--- a/docs/manual/src/docbook/headers.xml
+++ b/docs/manual/src/docbook/headers.xml
@@ -90,7 +90,8 @@ public class WebSecurityConfig extends
                 browser history to view the cached page. To help mitigate this Spring Security has added cache control support
                 which will insert the following headers into you response.</para>
             <programlisting><![CDATA[Cache-Control: no-cache, no-store, max-age=0, must-revalidate
-Pragma: no-cache]]></programlisting>
+Pragma: no-cache
+Expires: 0]]></programlisting>
             <para>Simply adding the <link linkend="nsa-headers">&lt;headers&gt;</link> element with no child elements will
                 automatically add Cache Control and quite a few other protections. However, if you only want cache control, you can
                 enable this feature using Spring Security's XML namespace with the
diff --git a/web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java
index 5c61994e1b..c0a752e764 100644
--- a/web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java
@@ -26,6 +26,7 @@ import org.springframework.security.web.header.Header;
  * <ul>
  * <li>Cache-Control: no-cache, no-store, max-age=0, must-revalidate</li>
  * <li>Pragma: no-cache</li>
+ * <li>Expires: 0</li>
  * </ul>
  *
  * @author Rob Winch