diff --git a/server/server.go b/server/server.go
index 5e40ae5..75cca51 100644
--- a/server/server.go
+++ b/server/server.go
@@ -15,6 +15,7 @@ import (
 	"math/big"
 	"net/http"
 	"path/filepath"
+	"strconv"
 	"strings"
 	"sync"
 	"time"
@@ -523,6 +524,12 @@ func (s *Server) aiaHandler(w http.ResponseWriter, req *http.Request) {
 		return
 	}
 
+	// Set short-term caching duration of half the cert validity
+	maxAge := safetlsa.ValidityShortTerm() / 2
+	maxAgeSeconds := int(maxAge / time.Second)
+	maxAgeStr := strconv.Itoa(maxAgeSeconds)
+	w.Header().Set("Cache-Control", "max-age=" + maxAgeStr)
+
 	for _, rr := range dnsResponse.Answer {
 		tlsa, ok := rr.(*dns.TLSA)
 		if !ok {