diff --git a/drama/__main__.py b/drama/__main__.py
index 3f23779a5..2021641f0 100644
--- a/drama/__main__.py
+++ b/drama/__main__.py
@@ -322,8 +322,10 @@ def after_request(response):
 	response.headers.add('Access-Control-Allow-Headers',
 						 "Origin, X-Requested-With, Content-Type, Accept, x-auth"
 						 )
-	response.headers.add("Cache-Control",
-						 "maxage=600")
+	response.headers.remove("Cache-Control")
+	response.headers.add("Cache-Control", "public")
+	response.headers.add("Access-Control-Allow-Origin", app.config["SERVER_NAME"])
+
 	response.headers.add("Strict-Transport-Security", "max-age=31536000")
 	response.headers.add("Referrer-Policy", "same-origin")
 	# response.headers.add("X-Content-Type-Options","nosniff")
diff --git a/drama/helpers/wrappers.py b/drama/helpers/wrappers.py
index 21ec40093..efefc9a52 100644
--- a/drama/helpers/wrappers.py
+++ b/drama/helpers/wrappers.py
@@ -138,13 +138,6 @@ def auth_desired(f):
 		check_ban_evade(v)
 
 		resp = make_response(f(*args, v=v, **kwargs))
-		if v:
-			resp.headers.add("Cache-Control", "private")
-			resp.headers.add(
-				"Access-Control-Allow-Origin",
-				app.config["SERVER_NAME"])
-		else:
-			resp.headers.add("Cache-Control", "public")
 		return resp
 
 	wrapper.__name__ = f.__name__
@@ -172,11 +165,6 @@ def auth_required(f):
 
 		# an ugly hack to make api work
 		resp = make_response(f(*args, v=v, **kwargs))
-
-		resp.headers.add("Cache-Control", "private")
-		resp.headers.add(
-			"Access-Control-Allow-Origin",
-			app.config["SERVER_NAME"])
 		return resp
 
 	wrapper.__name__ = f.__name__
@@ -206,10 +194,6 @@ def is_not_banned(f):
 		g.v = v
 
 		resp = make_response(f(*args, v=v, **kwargs))
-		resp.headers.add("Cache-Control", "private")
-		resp.headers.add(
-			"Access-Control-Allow-Origin",
-			app.config["SERVER_NAME"])
 		return resp
 
 	wrapper.__name__ = f.__name__
@@ -246,10 +230,6 @@ def admin_level_required(x):
 			else:
 				resp = make_response(response)
 
-			resp.headers.add("Cache-Control", "private")
-			resp.headers.add(
-				"Access-Control-Allow-Origin",
-				app.config["SERVER_NAME"])
 			return resp
 
 		wrapper.__name__ = f.__name__
@@ -325,10 +305,6 @@ def api(*scopes, no_ban=False):
 				if not isinstance(resp, RespObj):
 					resp = make_response(resp)
 
-				resp.headers.add("Cache-Control", "private")
-				resp.headers.add(
-					"Access-Control-Allow-Origin",
-					app.config["SERVER_NAME"])
 				return resp
 
 			else:
diff --git a/drama/routes/static.py b/drama/routes/static.py
index 307e79035..64a299545 100644
--- a/drama/routes/static.py
+++ b/drama/routes/static.py
@@ -98,7 +98,6 @@ def archivesindex():
 @limiter.exempt
 def archives(path):
 	resp = make_response(send_from_directory('/archives', path))
-	resp.headers.add("Cache-Control", "public")
 	if request.path.endswith('.css'): resp.headers.add("Content-Type", "text/css")
 	return resp
 
@@ -106,8 +105,6 @@ def archives(path):
 @limiter.exempt
 def static_service(path):
 	resp = make_response(send_from_directory('./assets', path))
-	resp.headers.add("Cache-Control", "public")
-
 	if request.path.endswith('.css'):
 		resp.headers.add("Content-Type", "text/css")
 	return resp