It seems that default CUBA portal template has enabled Spring Security for /resources url and Spring Security prevents resources from caching by sending “Pragma: no-cache” header.
For now you can simply disable Spring security for static resources. In your portal-security-spring.xml add http tag for /resources path with security=“none” and remove intercept-url with pattern="/resources":
<http pattern="/api/**" security="none"></http>
<http pattern="/resources/**" security="none"></http>
<http auto-config="true">
<!-- login & registration -->
<intercept-url pattern="/login" access="permitAll"></intercept>
<!-- index page -->
<intercept-url pattern="/" access="permitAll"></intercept>
<intercept-url pattern="/**" access="hasRole('ROLE_USER')"></intercept>
<form-login login-page='/login'
username-parameter="login"
password-parameter="password"
login-processing-url="/login"
default-target-url='/'
always-use-default-target='true'
authentication-failure-url="/login?error"></form>
<!--logout, do not invalidate session, it makes cuba_PortalLogoutHandler-->
<logout invalidate-session="false"
logout-url="/logout"
success-handler-ref="cuba_PortalLogoutHandler"></logout>
</http>
And then you can use cache-period attribute for paths in portal-dispatcher-spring.xml: