When a page is served from the browser cache with a "304 Not Modified" response, the CSP headers may not be explicitly shown in the response because the browser relies on the original CSP headers included in the cached page. You should ensure that CSP policies are correctly set in the initial response to maintain security when pages are served from the cache.
Arun Patidar