diff --git a/changelog.d/5-internal/smallstep-accomp-no-client-side-caching b/changelog.d/5-internal/smallstep-accomp-no-client-side-caching
new file mode 100644
index 00000000000..a70d4e0496a
--- /dev/null
+++ b/changelog.d/5-internal/smallstep-accomp-no-client-side-caching
@@ -0,0 +1,2 @@
+To ensure certificate revocations get active in a short time frame, disable
+caching of proxy results on client side by setting respective HTTP headers.
diff --git a/charts/smallstep-accomp/templates/server-block-configmap.yaml b/charts/smallstep-accomp/templates/server-block-configmap.yaml
index a6765595d31..59c423d3345 100644
--- a/charts/smallstep-accomp/templates/server-block-configmap.yaml
+++ b/charts/smallstep-accomp/templates/server-block-configmap.yaml
@@ -26,6 +26,11 @@ data:
         proxy_set_header Host $backend;
         proxy_hide_header Content-Type;
         add_header Content-Type application/pkix-crl;
+        # Prevent caching on client side
+        add_header Cache-Control 'no-cache, no-store, must-revalidate';
+        add_header Pragma 'no-cache';
+        add_header Expires '0';
+
         proxy_pass "https://$backend/crl";
       }