Support Forums

Netlify does not return a 304 for requests to sites with password protection


I’ve noticed a weird issue with Netlify’s caching.

When I set a global password for the site, most assets (larger than 100B from what I can see) do not return the correct 304 response even when the “e-tag” matches the “if-none-match” header.

However, Netlify serves the correct 304 response when I turn off the global password.

Any help would be much appreciated.

:dog: :dog: :dog:

Hi @henry_earlytrade,

We’ve not forgotten about this and would update the thread as soon as we’ve more info.

Hi @henry_earlytrade :wave:

Site-wide password protection does mean that every request for every asset must be authenticated at our origin, so this is expected behavior. For this reason, we wouldn’t recommend it for a user-facing application- it’s more to keep things under wraps while your application is in development.

For gating access to certain pages on a production site, we’d recommend role-based access with Netlify Identity: Authenticate users with Netlify Identity | Netlify Docs

Hope this helps!


Thanks for the reply.
I’ll pass this on to the team.