diff --git a/app/controllers/api/v1/invitades_controller.rb b/app/controllers/api/v1/invitades_controller.rb
index 2951b20a..eb2a4f24 100644
--- a/app/controllers/api/v1/invitades_controller.rb
+++ b/app/controllers/api/v1/invitades_controller.rb
@@ -56,12 +56,13 @@ module Api
       #
       # Enviamos un token de protección CSRF
       def set_cookie
+        # TODO: Volver configurable por sitio
+        expires = ENV.fetch('COOKIE_DURATION', '30').to_i.minutes
+
         headers['Access-Control-Allow-Origin'] = return_origin
         headers['Access-Control-Allow-Credentials'] = true
         headers['Vary'] = 'Origin'
-
-        # TODO: Volver configurable por sitio
-        expires = ENV.fetch('COOKIE_DURATION', '30').to_i.minutes
+        headers['Cache-Control'] = "private, max-age=#{expires}, stale-while-revalidate=#{expires}"
 
         cookies.encrypted[site_id] = {
           httponly: true,