diff --git a/app/src/routes/oauth/callback/+server.js b/app/src/routes/oauth/callback/+server.js
index 7517e73..3512972 100644
--- a/app/src/routes/oauth/callback/+server.js
+++ b/app/src/routes/oauth/callback/+server.js
@@ -7,7 +7,8 @@ import { fetchJwks } from 'drap-email/jwks';
 import { jwtVerify } from 'jose';
 import { parse } from 'valibot';
 
-export async function GET({ fetch, locals: { db }, cookies, url: { searchParams } }) {
+export async function GET({ fetch, locals: { db }, cookies, setHeaders, url: { searchParams } }) {
+    setHeaders({ 'Cache-Control': 'no-store' });
     const sid = cookies.get('sid');
     if (typeof sid === 'undefined') redirect(307, '/oauth/login/');
 
diff --git a/app/src/routes/oauth/login/+server.js b/app/src/routes/oauth/login/+server.js
index fcdb62e..b450fc9 100644
--- a/app/src/routes/oauth/login/+server.js
+++ b/app/src/routes/oauth/login/+server.js
@@ -3,7 +3,8 @@ import { error, redirect } from '@sveltejs/kit';
 import { Buffer } from 'node:buffer';
 import GOOGLE from '$lib/server/env/google';
 
-export async function GET({ locals: { db }, cookies, url: { searchParams } }) {
+export async function GET({ locals: { db }, cookies, setHeaders, url: { searchParams } }) {
+    setHeaders({ 'Cache-Control': 'no-store' });
     const sid = cookies.get('sid');
     const hasExtendedScope = searchParams.has('extended');
     if (typeof sid !== 'undefined') {