diff --git a/src/BCards.Web/Middleware/AuthCacheMiddleware.cs b/src/BCards.Web/Middleware/AuthCacheMiddleware.cs
index d74b360..811d455 100644
--- a/src/BCards.Web/Middleware/AuthCacheMiddleware.cs
+++ b/src/BCards.Web/Middleware/AuthCacheMiddleware.cs
@@ -53,10 +53,13 @@ namespace BCards.Web.Middleware
                         // Só adicionar se não foi definido explicitamente pelo controller
                         if (!context.Response.Headers.ContainsKey("Cache-Control"))
                         {
-                            context.Response.Headers["Cache-Control"] = "no-cache, must-revalidate";
-                            context.Response.Headers["Vary"] = "Cookie";
-                            
-                            _logger.LogDebug("AuthCache: Applied no-cache for authenticated user on {Path}", path);
+                            // Headers mais fortes para garantir que CDNs como Cloudflare não façam cache
+                            context.Response.Headers["Cache-Control"] = "no-store, no-cache, must-revalidate, proxy-revalidate";
+                            context.Response.Headers["Pragma"] = "no-cache";
+                            context.Response.Headers["Expires"] = "0";
+                            context.Response.Headers["Vary"] = "Cookie, Authorization";
+
+                            _logger.LogDebug("AuthCache: Applied strong no-cache headers for authenticated user on {Path}", path);
                         }
                     }
                     else