diff --git a/README.md b/README.md
index 13d6250a..72f4f68e 100644
--- a/README.md
+++ b/README.md
@@ -153,6 +153,7 @@ Available targets:
 | attributes | Additional attributes (e.g. `1`) | list(string) | `<list>` | no |
 | bucket_domain_format | Format of bucket domain name | string | `%s.s3.amazonaws.com` | no |
 | cached_methods | List of cached methods (e.g. GET, PUT, POST, DELETE, HEAD) | list(string) | `<list>` | no |
+| caching_blacklist | Paths of objects that should never be cached for any HTTP methods | set(string) | `<list>` | no |
 | comment | Comment for the origin access identity | string | `Managed by Terraform` | no |
 | compress | Compress content for web requests that include Accept-Encoding: gzip in the request header | bool | `false` | no |
 | cors_allowed_headers | List of allowed headers for S3 bucket | list(string) | `<list>` | no |
diff --git a/docs/terraform.md b/docs/terraform.md
index 7e814862..0f6f3747 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -9,6 +9,7 @@
 | attributes | Additional attributes (e.g. `1`) | list(string) | `<list>` | no |
 | bucket_domain_format | Format of bucket domain name | string | `%s.s3.amazonaws.com` | no |
 | cached_methods | List of cached methods (e.g. GET, PUT, POST, DELETE, HEAD) | list(string) | `<list>` | no |
+| caching_blacklist | Paths of objects that should never be cached for any HTTP methods | set(string) | `<list>` | no |
 | comment | Comment for the origin access identity | string | `Managed by Terraform` | no |
 | compress | Compress content for web requests that include Accept-Encoding: gzip in the request header | bool | `false` | no |
 | cors_allowed_headers | List of allowed headers for S3 bucket | list(string) | `<list>` | no |
diff --git a/main.tf b/main.tf
index ce52552c..035a6da8 100644
--- a/main.tf
+++ b/main.tf
@@ -228,6 +228,32 @@ resource "aws_cloudfront_distribution" "default" {
     }
   }
 
+  dynamic "ordered_cache_behavior" {
+    for_each = var.caching_blacklist
+    content {
+      path_pattern     = ordered_cache_behavior.value
+      allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+      cached_methods   = ["GET", "HEAD", "OPTIONS"]
+      target_origin_id = module.distribution_label.id
+      compress         = var.compress
+      trusted_signers  = var.trusted_signers
+
+      forwarded_values {
+        query_string = var.forward_query_string
+        headers      = var.forward_header_values
+
+        cookies {
+          forward = var.forward_cookies
+        }
+      }
+
+      viewer_protocol_policy = var.viewer_protocol_policy
+      default_ttl            = 0
+      min_ttl                = 0
+      max_ttl                = 0
+    }
+  }
+
   restrictions {
     geo_restriction {
       restriction_type = var.geo_restriction_type
diff --git a/variables.tf b/variables.tf
index fc4da713..b6ca409a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -220,6 +220,12 @@ variable "viewer_protocol_policy" {
   default     = "redirect-to-https"
 }
 
+variable "caching_blacklist" {
+  type        = set(string)
+  default     = []
+  description = "Paths of objects that should never be cached for any HTTP methods"
+}
+
 variable "allowed_methods" {
   type        = list(string)
   default     = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]