Expand my Community achievements bar.

Submissions are now open for the 2026 Adobe Experience Maker Awards.
Apply Now
SOLVED

CSP headers not coming when status is 304(Not Modified)

Avatar

Level 4
Level 4
10/12/23 2:58:41 AM

Hello All,

 

We have implemented (Content Security Policy)CSP headers in our project in custom .vhost file I can see CSP headers when page status is 200. But if we refresh the same page it shows page status as 304 Not modified. In this case CSP headers are not loading and page is served from cache. But our client is having concern will it be a security threat if we reload page and CSP headers wont be there. Can anyone please provide some info on this?

Views

987

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
10/12/23 4:42:15 AM

When a page is served from the browser cache with a "304 Not Modified" response, the CSP headers may not be explicitly shown in the response because the browser relies on the original CSP headers included in the cached page. You should ensure that CSP policies are correctly set in the initial response to maintain security when pages are served from the cache.

Arun Patidar

AEM LinksLinkedIn

View solution in original post

Views

975

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Correct answer by
Community Advisor
Community Advisor
10/12/23 4:42:15 AM

When a page is served from the browser cache with a "304 Not Modified" response, the CSP headers may not be explicitly shown in the response because the browser relies on the original CSP headers included in the cached page. You should ensure that CSP policies are correctly set in the initial response to maintain security when pages are served from the cache.

Arun Patidar

AEM LinksLinkedIn

Views

976

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Administrator
Administrator
10/13/23 3:32:40 AM

@supriya-hande  Did you find the suggestions from Arun helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.



Kautuk Sahni

Views

942

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
OSGi config(Environment variable) not picked up in cloud Solved

Views

1.1K

Likes

0

Replies

7
org,apache.sling.servlet-helpers Bundle is missing in the AEM version 6.5.21 system console

Views

466

Likes

0

Replies

6
Adobe Core Bundle (cq-dam-cfm-graphql) Not Starting After Rolling Restart

Views

376

Likes

0

Replies

2
Impact on Dispatcher cache when 10k pages are deleted

Views

456

Likes

0

Replies

5
405 Error: Method Not Allowed While Submitting Form in Adobe Edge Delivery Services

Views

483

Likes

0

Replies

2