reverted:
--- b/core/modules/file/src/Tests/DownloadTest.php
+++ a/core/modules/file/src/Tests/DownloadTest.php
@@ -66,7 +66,7 @@
     file_test_set_return('download', ['x-foo' => 'Bar']);
     $this->drupalGet($url);
     $this->assertEqual($this->drupalGetHeader('x-foo'), 'Bar', 'Found header set by file_test module on private download.');
+    $this->assertFalse($this->drupalGetHeader('x-drupal-cache'), 'Page cache is disabled on private file download.');
-    $this->assertIdentical('UNCACHEABLE (no cacheability)', $this->drupalGetHeader('X-Drupal-Cache'), 'Page cache is disabled on private file download.');
     $this->assertResponse(200, 'Correctly allowed access to a file when file_test provides headers.');
 
     // Test that the file transferred correctly.
diff -u b/core/modules/rest/tests/src/Functional/EntityResource/EntityResourceTestBase.php b/core/modules/rest/tests/src/Functional/EntityResource/EntityResourceTestBase.php
--- b/core/modules/rest/tests/src/Functional/EntityResource/EntityResourceTestBase.php
+++ b/core/modules/rest/tests/src/Functional/EntityResource/EntityResourceTestBase.php
@@ -880,7 +880,7 @@
     else {
       $this->assertSame([], $response->getHeader('Location'));
     }
-    $this->assertSame(['UNCACHEABLE (request policy)'], $response->getHeader('X-Drupal-Cache'));
+    $this->assertFalse($response->hasHeader('X-Drupal-Cache'));
     // If the entity is stored, perform extra checks.
     if (get_class($this->entityStorage) !== ContentEntityNullStorage::class) {
       // Assert that the entity was indeed created, and that the response body
@@ -918,7 +918,7 @@
     else {
       $this->assertSame([], $response->getHeader('Location'));
     }
-    $this->assertFalse($response->hasHeader('X-Drupal-Cache'));
+    $this->assertSame(['UNCACHEABLE (request policy)'], $response->getHeader('X-Drupal-Cache'));
     // If the entity is stored, perform extra checks.
     if (get_class($this->entityStorage) !== ContentEntityNullStorage::class) {
       // Assert that the entity was indeed created, and that the response body
@@ -927,7 +927,7 @@
     else {
       $this->assertSame([], $response->getHeader('Location'));
     }
-    $this->assertSame(['UNCACHEABLE (request policy)'], $response->getHeader('X-Drupal-Cache'));
+    $this->assertFalse($response->hasHeader('X-Drupal-Cache'));
 
     if ($this->entity->getEntityType()->getStorageClass() !== ContentEntityNullStorage::class && $this->entity->getEntityType()->hasKey('uuid')) {
       // 500 when creating an entity with a duplicate UUID.
@@ -955,7 +955,7 @@
     else {
       $this->assertSame([], $response->getHeader('Location'));
     }
-    $this->assertFalse($response->hasHeader('X-Drupal-Cache'));
+    $this->assertSame(['UNCACHEABLE (request policy)'], $response->getHeader('X-Drupal-Cache'));
 
     if ($this->entity->getEntityType()->getStorageClass() !== ContentEntityNullStorage::class && $this->entity->getEntityType()->hasKey('uuid')) {
       // 500 when creating an entity with a duplicate UUID.
@@ -1143,7 +1143,7 @@
     // 200 for well-formed request.
     $response = $this->request('PATCH', $url, $request_options);
     $this->assertResourceResponse(200, FALSE, $response);
-    $this->assertSame(['UNCACHEABLE (request policy)'], $response->getHeader('X-Drupal-Cache'));
+    $this->assertFalse($response->hasHeader('X-Drupal-Cache'));
     // Assert that the entity was indeed updated, and that the response body
     // contains the serialized updated entity.
     $updated_entity = $this->entityStorage->loadUnchanged($this->entity->id());
@@ -1196,7 +1196,7 @@
     // 200 for well-formed request.
     $response = $this->request('PATCH', $url, $request_options);
     $this->assertResourceResponse(200, FALSE, $response);
-    $this->assertSame(['UNCACHEABLE (request policy)'], $response->getHeader('X-Drupal-Cache'));
+    $this->assertFalse($response->hasHeader('X-Drupal-Cache'));
   }
 
   /**
@@ -1204,7 +1204,7 @@
     // 200 for well-formed request.
     $response = $this->request('PATCH', $url, $request_options);
     $this->assertResourceResponse(200, FALSE, $response);
-    $this->assertFalse($response->hasHeader('X-Drupal-Cache'));
+    $this->assertSame(['UNCACHEABLE (request policy)'], $response->getHeader('X-Drupal-Cache'));
     // Assert that the entity was indeed updated, and that the response body
     // contains the serialized updated entity.
     $updated_entity = $this->entityStorage->loadUnchanged($this->entity->id());
@@ -1248,7 +1248,7 @@
     // 200 for well-formed request.
     $response = $this->request('PATCH', $url, $request_options);
     $this->assertResourceResponse(200, FALSE, $response);
-    $this->assertFalse($response->hasHeader('X-Drupal-Cache'));
+    $this->assertSame(['UNCACHEABLE (request policy)'], $response->getHeader('X-Drupal-Cache'));
   }
 
   /**
reverted:
--- b/core/modules/user/src/Tests/UserPasswordResetTest.php
+++ a/core/modules/user/src/Tests/UserPasswordResetTest.php
@@ -98,11 +98,11 @@
     // Ensure that the current url does not contain the hash and timestamp.
     $this->assertUrl(Url::fromRoute('user.reset.form', ['uid' => $this->account->id()]));
 
+    $this->assertFalse($this->drupalGetHeader('X-Drupal-Cache'));
-    $this->assertIdentical('UNCACHEABLE (request policy)', $this->drupalGetHeader('X-Drupal-Cache'));
 
     // Ensure the password reset URL is not cached.
     $this->drupalGet($resetURL);
+    $this->assertFalse($this->drupalGetHeader('X-Drupal-Cache'));
-    $this->assertIdentical('UNCACHEABLE (request policy)', $this->drupalGetHeader('X-Drupal-Cache'));
 
     // Check the one-time login page.
     $this->assertText($this->account->getUsername(), 'One-time login page contains the correct username.');
only in patch2:
unchanged:
--- a/core/modules/file/tests/src/Functional/DownloadTest.php
+++ b/core/modules/file/tests/src/Functional/DownloadTest.php
@@ -68,7 +68,7 @@ protected function doPrivateFileTransferTest() {
     file_test_set_return('download', ['x-foo' => 'Bar']);
     $this->drupalGet($url);
     $this->assertEqual($this->drupalGetHeader('x-foo'), 'Bar', 'Found header set by file_test module on private download.');
-    $this->assertFalse($this->drupalGetHeader('x-drupal-cache'), 'Page cache is disabled on private file download.');
+    $this->assertIdentical('UNCACHEABLE (no cacheability)', $this->drupalGetHeader('X-Drupal-Cache'), 'Page cache is disabled on private file download.');
     $this->assertResponse(200, 'Correctly allowed access to a file when file_test provides headers.');
 
     // Test that the file transferred correctly.
only in patch2:
unchanged:
--- a/core/modules/user/tests/src/Functional/UserPasswordResetTest.php
+++ b/core/modules/user/tests/src/Functional/UserPasswordResetTest.php
@@ -92,11 +92,11 @@ public function testUserPasswordReset() {
     // Ensure that the current url does not contain the hash and timestamp.
     $this->assertUrl(Url::fromRoute('user.reset.form', ['uid' => $this->account->id()]));
 
-    $this->assertFalse($this->drupalGetHeader('X-Drupal-Cache'));
+    $this->assertIdentical('UNCACHEABLE (request policy)', $this->drupalGetHeader('X-Drupal-Cache'));
 
     // Ensure the password reset URL is not cached.
     $this->drupalGet($resetURL);
-    $this->assertFalse($this->drupalGetHeader('X-Drupal-Cache'));
+    $this->assertIdentical('UNCACHEABLE (request policy)', $this->drupalGetHeader('X-Drupal-Cache'));
 
     // Check the one-time login page.
     $this->assertText($this->account->getUsername(), 'One-time login page contains the correct username.');