diff --git a/handler/middleware/cross_site_request_forgery.go b/handler/middleware/cross_site_request_forgery.go
index c8ed1a4..9fbca5f 100644
--- a/handler/middleware/cross_site_request_forgery.go
+++ b/handler/middleware/cross_site_request_forgery.go
@@ -2,11 +2,10 @@ package middleware
 
 import (
 	"fmt"
+	"net/http"
 	"strings"
 
 	"me-fit/service"
-
-	"net/http"
 )
 
 type csrfResponseWriter struct {
diff --git a/handler/middleware/logger.go b/handler/middleware/logger.go
index 1514114..63d6eb4 100644
--- a/handler/middleware/logger.go
+++ b/handler/middleware/logger.go
@@ -1,12 +1,12 @@
 package middleware
 
 import (
-	"me-fit/log"
-
 	"net/http"
 	"strconv"
 	"time"
 
+	"me-fit/log"
+
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promauto"
 )
diff --git a/main_test.go b/main_test.go
index 1268cfc..59db842 100644
--- a/main_test.go
+++ b/main_test.go
@@ -32,6 +32,34 @@ var (
 
 func TestSecurity(t *testing.T) {
 	t.Parallel()
+	t.Run("should keep caching for static content", func(t *testing.T) {
+		t.Parallel()
+
+		_, basePath, ctx := setupIntegrationTest(t)
+
+		req, err := http.NewRequestWithContext(ctx, "GET", basePath+"/static/favicon.svg", nil)
+		assert.Nil(t, err)
+
+		resp, err := httpClient.Do(req)
+		assert.Nil(t, err)
+
+		cacheControl := resp.Header.Get("Cache-Control")
+		assert.Equal(t, "", cacheControl)
+	})
+	t.Run("should disable caching for dynamic content", func(t *testing.T) {
+		t.Parallel()
+
+		_, basePath, ctx := setupIntegrationTest(t)
+
+		req, err := http.NewRequestWithContext(ctx, "GET", basePath, nil)
+		assert.Nil(t, err)
+
+		resp, err := httpClient.Do(req)
+		assert.Nil(t, err)
+
+		cacheControl := resp.Header.Get("Cache-Control")
+		assert.Equal(t, "no-cache, no-store, must-revalidate", cacheControl)
+	})
 }
 
 func TestAuth(t *testing.T) {