diff --git a/test/Microsoft.AspNetCore.Mvc.FunctionalTests/AntiforgeryTests.cs b/test/Microsoft.AspNetCore.Mvc.FunctionalTests/AntiforgeryTests.cs
index 540bcb26a1..43967aca1f 100644
--- a/test/Microsoft.AspNetCore.Mvc.FunctionalTests/AntiforgeryTests.cs
+++ b/test/Microsoft.AspNetCore.Mvc.FunctionalTests/AntiforgeryTests.cs
@@ -36,6 +36,10 @@ namespace Microsoft.AspNetCore.Mvc.FunctionalTests
             // Even though there are two forms there should only be one response cookie,
             // as for the second form, the cookie from the first token should be reused.
             Assert.Single(setCookieHeader);
+
+            Assert.True(response.Headers.CacheControl.NoCache);
+            var pragmaValue = Assert.Single(response.Headers.Pragma.ToArray());
+            Assert.Equal("no-cache", pragmaValue.Name);
         }
 
         [Fact]
@@ -84,6 +88,10 @@ namespace Microsoft.AspNetCore.Mvc.FunctionalTests
 
             var setCookieHeader = response.Headers.GetValues("Set-Cookie").ToArray();
             Assert.Single(setCookieHeader);
+
+            Assert.True(response.Headers.CacheControl.NoCache);
+            var pragmaValue = Assert.Single(response.Headers.Pragma.ToArray());
+            Assert.Equal("no-cache", pragmaValue.Name);
         }
 
         [Fact]
@@ -145,5 +153,27 @@ namespace Microsoft.AspNetCore.Mvc.FunctionalTests
             // Assert
             Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
         }
+
+        [Fact]
+        public async Task AntiforgeryTokenGeneration_SetsDoNotCacheHeaders_OverridesExistingCachingHeaders()
+        {
+            // Arrange & Act
+            var response = await Client.GetAsync("http://localhost/Antiforgery/AntiforgeryTokenAndResponseCaching");
+
+            // Assert
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            var header = Assert.Single(response.Headers.GetValues("X-Frame-Options"));
+            Assert.Equal("SAMEORIGIN", header);
+
+            var setCookieHeader = response.Headers.GetValues("Set-Cookie").ToArray();
+
+            // Even though there are two forms there should only be one response cookie,
+            // as for the second form, the cookie from the first token should be reused.
+            Assert.Single(setCookieHeader);
+
+            Assert.True(response.Headers.CacheControl.NoCache);
+            var pragmaValue = Assert.Single(response.Headers.Pragma.ToArray());
+            Assert.Equal("no-cache", pragmaValue.Name);
+        }
     }
 }
\ No newline at end of file
diff --git a/test/WebSites/BasicWebSite/Controllers/AntiforgeryController.cs b/test/WebSites/BasicWebSite/Controllers/AntiforgeryController.cs
index 4123e97a7f..7da1b783c2 100644
--- a/test/WebSites/BasicWebSite/Controllers/AntiforgeryController.cs
+++ b/test/WebSites/BasicWebSite/Controllers/AntiforgeryController.cs
@@ -56,5 +56,13 @@ namespace BasicWebSite.Controllers
         {
             return "OK";
         }
+
+        [HttpGet]
+        [AllowAnonymous]
+        [ResponseCache(Duration = 60)]
+        public ActionResult AntiforgeryTokenAndResponseCaching()
+        {
+            return View();
+        }
     }
 }
\ No newline at end of file
diff --git a/test/WebSites/BasicWebSite/Views/Antiforgery/AntiforgeryTokenAndResponseCaching.cshtml b/test/WebSites/BasicWebSite/Views/Antiforgery/AntiforgeryTokenAndResponseCaching.cshtml
new file mode 100644
index 0000000000..06ccac8f5e
--- /dev/null
+++ b/test/WebSites/BasicWebSite/Views/Antiforgery/AntiforgeryTokenAndResponseCaching.cshtml
@@ -0,0 +1,13 @@
+
+@{
+    ViewData["Title"] = "Antiforgery token and response caching";
+}
+
+<h2>@ViewData["Title"]</h2>
+
+@using (Html.BeginForm("Login", "Antiforgery", FormMethod.Post, new { @class = "form-horizontal", role = "form" }))
+{
+    <label>Name</label>
+    <input type="text" name="Name" />
+    <input type="submit" />
+}
\ No newline at end of file