diff --git a/backend/main.py b/backend/main.py
index 7ad0439..c7b079d 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -7,6 +7,8 @@ from contextlib import asynccontextmanager
 from fastapi import FastAPI, HTTPException, Request
 from fastapi.responses import FileResponse, JSONResponse
 from fastapi.staticfiles import StaticFiles
+from starlette.middleware.base import BaseHTTPMiddleware
+from starlette.responses import Response
 from pydantic import BaseModel
 
 from backend.auth import authenticate_user, create_token, logout
@@ -93,6 +95,26 @@ app = FastAPI(
 )
 
 
+# ---------------------------------------------------------------------------
+# No-cache middleware — prevent browsers from caching static assets
+# ---------------------------------------------------------------------------
+
+class NoCacheStaticMiddleware(BaseHTTPMiddleware):
+    """Add Cache-Control: no-store to all CSS, JS, and asset responses."""
+
+    async def dispatch(self, request: Request, call_next):
+        response: Response = await call_next(request)
+        path = request.url.path
+        if path.startswith(("/css/", "/js/", "/assets/")) or path in ("/", "/desktop") or path.endswith(".html"):
+            response.headers["Cache-Control"] = "no-cache, no-store, must-revalidate"
+            response.headers["Pragma"] = "no-cache"
+            response.headers["Expires"] = "0"
+        return response
+
+
+app.add_middleware(NoCacheStaticMiddleware)
+
+
 # ---------------------------------------------------------------------------
 # Auth endpoints (not behind auth — they *create* auth)
 # ---------------------------------------------------------------------------