diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 84907c8f7dc..ecef1078b66 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -2788,6 +2788,15 @@ $wgCdnMaxAge = 18000;
  */
 $wgCdnMaxageLagged = 30;
 
+/**
+ * Cache TTL for the user agent sent as max-age, for logged out users.
+ * Only applies if wgUseCdn is false.
+ * @see $wgUseCdn
+ *
+ * @since 1.35
+ */
+$wgLoggedOutMaxAge = 0;
+
 /**
  * If set, any SquidPurge call on a URL or URLs will send a second purge no less than
  * this many seconds later via the job queue. This requires delayed job support.
diff --git a/includes/OutputPage.php b/includes/OutputPage.php
index e2c3de51639..d7e5f757ba5 100644
--- a/includes/OutputPage.php
+++ b/includes/OutputPage.php
@@ -2465,10 +2465,20 @@ class OutputPage extends ContextSource {
 					"s-maxage={$this->mCdnMaxage}, must-revalidate, max-age=0" );
 			} else {
 				# We do want clients to cache if they can, but they *must* check for updates
-				# on revisiting the page.
+				# on revisiting the page, after the max-age period.
 				wfDebug( __METHOD__ . ": private caching; {$this->mLastModified} **", 'private' );
-				$response->header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', 0 ) . ' GMT' );
-				$response->header( "Cache-Control: private, must-revalidate, max-age=0" );
+
+				if ( $response->hasCookies() || SessionManager::getGlobalSession()->isPersistent() ) {
+					$response->header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', 0 ) . ' GMT' );
+					$response->header( "Cache-Control: private, must-revalidate, max-age=0" );
+				} else {
+					$response->header(
+						'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + $config->get( 'LoggedOutMaxAge' ) ) . ' GMT'
+					);
+					$response->header(
+						"Cache-Control: private, must-revalidate, max-age={$config->get( 'LoggedOutMaxAge' )}"
+					);
+				}
 			}
 			if ( $this->mLastModified ) {
 				$response->header( "Last-Modified: {$this->mLastModified}" );