diff --git a/lib/datasource/npm.js b/lib/datasource/npm.js
index 317d90f4cc89d2203cbdc48d9a8e0b5778e7d3f7..2625fe6bde943459c51e32dda9c6507c889def06 100644
--- a/lib/datasource/npm.js
+++ b/lib/datasource/npm.js
@@ -163,6 +163,16 @@ async function getDependency(name, retries = 5) {
     headers.authorization = `Bearer ${process.env.NPM_TOKEN}`;
   }
 
+  if (
+    pkgUrl.startsWith('https://registry.npmjs.org') &&
+    !pkgUrl.startsWith('https://registry.npmjs.org/@')
+  ) {
+    // Delete the authorization header for non-scoped public packages to improve http caching
+    // Otherwise, authenticated requests are not cacheable until the registry adds "public" to Cache-Control
+    // Ref: https://greenbytes.de/tech/webdav/rfc7234.html#caching.authenticated.responses
+    delete headers.authorization;
+  }
+
   // Retrieve from API if not cached
   try {
     const raw = await got(pkgUrl, {