Using Policies to insert Cache-Control Headers

We've implemented several rules into a policy which we are applying to our sites to do several functions, like inserting cache-control, pragma and removing X-powered-by, etc. We have a developer who is complaining because one site they have that they want to ensure isn't caching content, isn't working as they intended. He has noticed that not all the files are showing the cache rules on them. Here are the Rules we have in place specifically to this.

Conditions:

HTTP Header full string named 'Cache-Control' is not 'no-cache', 'no-store', 'must-revalidate', or 'no-cache, no-store, must-revalidate' at response time.

Actions:

Insert HTTP Header named 'Cache-Control' with value 'no-cache, no-store, must-revalidate' at response time.

I'm concerned that we aren't using it correctly or that it doesn't work inside of a policy. Or that there is a misunderstanding that it won't show on specific files.

FYI, to evaluate, we are opening up the page in Chrome, opening Developer tools. and then viewing the results in the Network tab. When clicking on individual named items on the left, we can see the applied Response and Request headers.