Description
I want a easy way to customize (or remove) the "Cache-Control" header.
Symfony always provide a "Cache-Control" header with following default: "Cache-Control: no-cache, private".
I think this is coming from here => ResponseHeaderBag.php:computeCacheControlValue()

We had a security audit and they recommend to use "Cache-Control: no-cache, no-store, must-revalidate"

To solve this I wrote a Subscriber (ResponseEvent::class => ['onKernelResponse']) that is just set this header.

Normally I would set this header in our nginx.conf like this add_header Cache-Control "no-cache, no-store, must-revalidate" always; but then the nginx just add the header and the response have "Cache-Control" two times.

Example
Something like this would be nice:
framework.yml

framework:
    secret: '%env(APP_SECRET)%'
    cache_control: false // or 'no-cache, no-store, must-revalidate, private'
    [.....]

Relates to:

• [HttpKernel] cache-control header management  #7661
• [HttpFoundation][Security] Response->prepare() unsets "Cache-control: no-cache" directive #13468
• add support for appending no-cache to Cache-Control header #35720