diff --git a/lib/Conch/Controller/Login.pm b/lib/Conch/Controller/Login.pm
index a8ffbdf0f..bd98c6d34 100644
--- a/lib/Conch/Controller/Login.pm
+++ b/lib/Conch/Controller/Login.pm
@@ -38,6 +38,9 @@ sub _respond_with_jwt ($c, $user_id, $expires_delta = undef) {
     );
 
     return if $c->res->code;
+
+    $c->res->headers->last_modified(Mojo::Date->new($session_token->created->epoch));
+    $c->res->headers->expires(Mojo::Date->new($session_token->expires->epoch));
     return $c->status(200, { jwt_token => $jwt });
 }
 
@@ -220,6 +223,8 @@ sub session_login ($c) {
         ->search({ user_id => $c->stash('user_id') })
         ->search(\[ '(expires - now()) >= (now() - created)' ]);
     if (my $token = $token_rs->order_by({ -desc => 'created' })->rows(1)->single) {
+        $c->res->headers->last_modified(Mojo::Date->new($token->created->epoch));
+        $c->res->headers->expires(Mojo::Date->new($token->expires->epoch));
         return $c->status(200, { jwt_token => $c->generate_jwt_from_token($token) });
     }
 
diff --git a/lib/Conch/Controller/User.pm b/lib/Conch/Controller/User.pm
index f3e76f19a..4538035cf 100644
--- a/lib/Conch/Controller/User.pm
+++ b/lib/Conch/Controller/User.pm
@@ -615,6 +615,8 @@ sub create_api_token ($c) {
     my ($token, $jwt) = $c->generate_jwt($user->id, $expires_abs, $input->{name});
     return if $c->res->code;
 
+    $c->res->headers->last_modified(Mojo::Date->new($token->created->epoch));
+    $c->res->headers->expires(Mojo::Date->new($token->expires->epoch));
     $c->res->headers->location($c->url_for('/user/'
         .($user->id eq $c->stash('user_id') ? 'me' : $user->id)
         .'/token/'.$input->{name}));
diff --git a/t/integration/users.t b/t/integration/users.t
index 2ce732bc3..d0fae726c 100644
--- a/t/integration/users.t
+++ b/t/integration/users.t
@@ -355,7 +355,11 @@ subtest 'Log out' => sub {
 
 subtest 'JWT authentication' => sub {
     $t->authenticate(email => $ro_user->email, bailout => 0)
-        ->json_has('/jwt_token');
+        ->status_is(200)
+        ->header_exists('Last-Modified')
+        ->header_exists('Expires')
+        ->json_schema_is('Login')
+        ->json_cmp_deeply({ jwt_token => re(qr/\..*\./) });
 
     my $jwt_token = $t->tx->res->json->{jwt_token};
 
@@ -617,11 +621,15 @@ subtest 'modify another user' => sub {
     $t2->get_ok('/me')->status_is(204);
 
     $t2->post_ok('/user/me/token', json => { name => 'my api token' })
+        ->header_exists('Last-Modified')
+        ->header_exists('Expires')
         ->status_is(201)
         ->location_is('/user/me/token/my api token');
     my $api_token = $t2->tx->res->json->{token};
 
     $t2->post_ok('/user/me/token', json => { name => 'my second api token' })
+        ->header_exists('Last-Modified')
+        ->header_exists('Expires')
         ->status_is(201)
         ->location_is('/user/me/token/my second api token');