Clear-Site-Data is a header that we can use to tell browsers to remove some client-side state (see link for details.)

What about sending this header on logout, so that the "Back" button cannot be used to see the logged-in state after a logout?