HTTP response headers
You can improve the security of a web application by taking control of the HTTP response headers sent to the browser. Many web applications e.g. leak version numbers through default response headers added by the web server or the framework on which the application is built. Such headers should be removed from the response, raising the bar for an attacker that is looking for vulnerabilites in your website.
There are also a handful of security headers that your web application could include in its responses headers, triggering particular security features implemented in browsers.
Learn more about:
If you're overly interested in how browsers behave in relation to cache headers you can easily waste a few hours on cache testing.