diff --git a/DeckPersonalisationApi/Controllers/MotdController.cs b/DeckPersonalisationApi/Controllers/MotdController.cs
index 19f76eb..84ebcfb 100644
--- a/DeckPersonalisationApi/Controllers/MotdController.cs
+++ b/DeckPersonalisationApi/Controllers/MotdController.cs
@@ -15,6 +15,7 @@ public class MotdController(MotdService service) : Controller
     public IActionResult Get()
     {
         var motd = service.Get();
+        Response.Headers.CacheControl = "public, max-age=86400";
         return motd == null ? new NotFoundResult() : motd.Ok();
     }
 
@@ -23,18 +24,21 @@ public record CreateMotd(string Name, string Description, MessageOfTheDaySeverit
     [HttpPost]
     [Authorize]
     [JwtRoleRequire(Permissions.ManageApi)]
+    [JwtRoleReject(Permissions.FromApiToken)]
     public IActionResult Post(CreateMotd motd)
         => service.Set(motd.Name, motd.Description, motd.Severity).Ok();
     
     [HttpPut]
     [Authorize]
     [JwtRoleRequire(Permissions.ManageApi)]
+    [JwtRoleReject(Permissions.FromApiToken)]
     public IActionResult Update(CreateMotd motd)
         => service.Update(motd.Name, motd.Description, motd.Severity).Ok();
 
     [HttpDelete]
     [Authorize]
     [JwtRoleRequire(Permissions.ManageApi)]
+    [JwtRoleReject(Permissions.FromApiToken)]
     public IActionResult Delete()
     {
         service.Delete();
diff --git a/DeckPersonalisationApi/Middleware/CacheControl/CacheControlMiddleware.cs b/DeckPersonalisationApi/Middleware/CacheControl/CacheControlMiddleware.cs
index aadb3a7..8d9cd05 100644
--- a/DeckPersonalisationApi/Middleware/CacheControl/CacheControlMiddleware.cs
+++ b/DeckPersonalisationApi/Middleware/CacheControl/CacheControlMiddleware.cs
@@ -15,18 +15,21 @@ public async Task InvokeAsync(HttpContext context)
     {
         context.Response.OnStarting(state => {
             var httpContext = (HttpContext)state;
-
+            
             try
             {
-                if (httpContext.Response.ContentType == BlobType.Jpg.GetContentType() ||
-                    httpContext.Response.ContentType == BlobType.Png.GetContentType() || 
-                    httpContext.Response.ContentType == "image/webp")
-                {
-                    httpContext.Response.Headers.CacheControl = "public, max-age=86400";
-                }
-                else
+                if (!httpContext.Response.Headers.ContainsKey("cache-control"))
                 {
-                    httpContext.Response.Headers.CacheControl = "no-store";
+                    if (httpContext.Response.ContentType == BlobType.Jpg.GetContentType() ||
+                        httpContext.Response.ContentType == BlobType.Png.GetContentType() || 
+                        httpContext.Response.ContentType == "image/webp")
+                    {
+                        httpContext.Response.Headers.CacheControl = "public, max-age=86400";
+                    }
+                    else
+                    {
+                        httpContext.Response.Headers.CacheControl = "no-store";
+                    }
                 }
             }
             catch (Exception e)