diff --git a/http/http.go b/http/http.go
index c3f51215..48717833 100644
--- a/http/http.go
+++ b/http/http.go
@@ -91,7 +91,12 @@ func expires(date, expires string) (time.Duration, bool, error) {
 		return 0, false, nil
 	}
 
-	te, err := time.Parse(time.RFC1123, expires)
+	var te time.Time
+	var err error
+	if expires == "0" {
+		return 0, false, nil
+	}
+	te, err = time.Parse(time.RFC1123, expires)
 	if err != nil {
 		return 0, false, err
 	}
diff --git a/http/http_test.go b/http/http_test.go
index dc2cabff..48e723ab 100644
--- a/http/http_test.go
+++ b/http/http_test.go
@@ -177,6 +177,13 @@ func TestExpiresPass(t *testing.T) {
 			wantTTL: 0,
 			wantOK:  false,
 		},
+		// Expires set to false
+		{
+			date:    "Thu, 01 Dec 1983 22:00:00 GMT",
+			exp:     "0",
+			wantTTL: 0,
+			wantOK:  false,
+		},
 		// Expires < Date
 		{
 			date:    "Fri, 02 Dec 1983 01:00:00 GMT",
diff --git a/oidc/provider_test.go b/oidc/provider_test.go
index 9b39f92c..b36e5ba3 100644
--- a/oidc/provider_test.go
+++ b/oidc/provider_test.go
@@ -473,8 +473,9 @@ func (g *fakeProviderConfigGetterSetter) Set(cfg ProviderConfig) error {
 }
 
 type fakeProviderConfigHandler struct {
-	cfg    ProviderConfig
-	maxAge time.Duration
+	cfg       ProviderConfig
+	maxAge    time.Duration
+	noExpires bool
 }
 
 func (s *fakeProviderConfigHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -482,6 +483,9 @@ func (s *fakeProviderConfigHandler) ServeHTTP(w http.ResponseWriter, r *http.Req
 	if s.maxAge.Seconds() >= 0 {
 		w.Header().Set("Cache-Control", fmt.Sprintf("public, max-age=%d", int(s.maxAge.Seconds())))
 	}
+	if s.noExpires {
+		w.Header().Set("Expires", "0")
+	}
 	w.Header().Set("Content-Type", "application/json")
 	w.Write(b)
 }
@@ -552,10 +556,11 @@ func TestHTTPProviderConfigGetter(t *testing.T) {
 	now := fc.Now().UTC()
 
 	tests := []struct {
-		dsc string
-		age time.Duration
-		cfg ProviderConfig
-		ok  bool
+		dsc       string
+		age       time.Duration
+		cfg       ProviderConfig
+		noExpires bool
+		ok        bool
 	}{
 		// everything is good
 		{
@@ -596,6 +601,17 @@ func TestHTTPProviderConfigGetter(t *testing.T) {
 			},
 			ok: true,
 		},
+		// An expires header set to 0
+		{
+			dsc: "https://example.com",
+			age: time.Minute,
+			cfg: ProviderConfig{
+				Issuer:    &url.URL{Scheme: "https", Host: "example.com"},
+				ExpiresAt: now.Add(time.Minute),
+			},
+			ok:        true,
+			noExpires: true,
+		},
 	}
 
 	for i, tt := range tests {