mod_http_oauth2: Add Cache-Control and Pragma headers per by RFC 6749 These are mostly for the various Client-facing endpoints, so the chance of browsers being involved is slightly lower than with the User-facing authorization endpoint, which already sent the Cache-Control header. Thanks to OAuch for pointing out.

<tr>
  <td colspan="2">
    <script src="https://hcaptcha.com/1/api.js" async defer></script>
    <div class="h-captcha" data-sitekey="{captcha_public_key}"></div>
  </td>
</tr>