diff --git a/src/main/java/org/genesys2/server/api/v1/RepositoryDownloadController.java b/src/main/java/org/genesys2/server/api/v1/RepositoryDownloadController.java
index e0c29d51b55c545e3ac0c7e659684aae17b00934..927c4dbcf52a967b37886d0301bf31af1bcbae80 100644
--- a/src/main/java/org/genesys2/server/api/v1/RepositoryDownloadController.java
+++ b/src/main/java/org/genesys2/server/api/v1/RepositoryDownloadController.java
@@ -25,6 +25,7 @@ import java.util.UUID;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.genesys.blocks.security.SecurityContextUtil;
 import org.genesys.filerepository.NoSuchRepositoryFileException;
 import org.genesys.filerepository.model.RepositoryFile;
 import org.genesys.filerepository.service.BytesStorageService;
@@ -83,6 +84,14 @@ public class RepositoryDownloadController {
 
 				response.setDateHeader(HttpHeaders.LAST_MODIFIED, repositoryFile.getLastModifiedDate().getTime());
 				response.setHeader(HttpHeaders.ETAG, repositoryFile.getSha1Sum());
+				response.setContentType("image/png");
+
+				// Cache for 24hrs
+				if (SecurityContextUtil.anyoneHasPermission(repositoryFile, "READ")) {
+					response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform");
+				} else {
+					response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, private, no-transform");
+				}
 
 			} catch (NoSuchRepositoryFileException e) {
 				throw new NotFoundElement("No file for thumb " + name);
@@ -93,10 +102,6 @@ public class RepositoryDownloadController {
 				throw new NotFoundElement("No thumbnail at " + path.resolve(filename));
 			}
 
-			response.setContentType("image/png");
-			// Cache for 24hrs
-			response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform");
-
 
 		} else {
 			// Regular repository file
@@ -114,7 +119,11 @@ public class RepositoryDownloadController {
 				data = this.repositoryService.getFileBytes(repositoryFile);
 
 				// Cache for 24hrs
-				response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform");
+				if (SecurityContextUtil.anyoneHasPermission(repositoryFile, "READ")) {
+					response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform");
+				} else {
+					response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, private, no-transform");
+				}
 				response.setHeader(HttpHeaders.PRAGMA, "");
 				response.setDateHeader(HttpHeaders.LAST_MODIFIED, repositoryFile.getLastModifiedDate().getTime());
 				response.setHeader(HttpHeaders.ETAG, repositoryFile.getSha1Sum());
diff --git a/src/main/java/org/genesys2/server/mvc/RepositoryDownloadController.java b/src/main/java/org/genesys2/server/mvc/RepositoryDownloadController.java
index cc992f05965b57f96f1b1e19a018904b8ac2a2b2..ecb6a1877a7ba608decc9d096db6ff42f65e017b 100644
--- a/src/main/java/org/genesys2/server/mvc/RepositoryDownloadController.java
+++ b/src/main/java/org/genesys2/server/mvc/RepositoryDownloadController.java
@@ -25,6 +25,7 @@ import java.util.UUID;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.genesys.blocks.security.SecurityContextUtil;
 import org.genesys.filerepository.NoSuchRepositoryFileException;
 import org.genesys.filerepository.model.RepositoryFile;
 import org.genesys.filerepository.service.BytesStorageService;
@@ -78,6 +79,14 @@ public class RepositoryDownloadController extends BaseController {
 
 				response.setDateHeader(HttpHeaders.LAST_MODIFIED, repositoryFile.getLastModifiedDate().getTime());
 				response.setHeader(HttpHeaders.ETAG, repositoryFile.getSha1Sum());
+				response.setContentType("image/png");
+
+				// Cache for 24hrs
+				if (SecurityContextUtil.anyoneHasPermission(repositoryFile, "READ")) {
+					response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform");
+				} else {
+					response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, private, no-transform");
+				}
 
 			} catch (NoSuchRepositoryFileException e) {
 				throw new NotFoundElement("No file for thumb " + name);
@@ -88,11 +97,6 @@ public class RepositoryDownloadController extends BaseController {
 				throw new NotFoundElement("No thumbnail at " + path.resolve(filename));
 			}
 
-			response.setContentType("image/png");
-			// Cache for 24hrs
-			response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform");
-
-
 		} else {
 			// Regular repository file
 			try {
@@ -109,7 +113,11 @@ public class RepositoryDownloadController extends BaseController {
 				data = this.repositoryService.getFileBytes(repositoryFile);
 
 				// Cache for 24hrs
-				response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform");
+				if (SecurityContextUtil.anyoneHasPermission(repositoryFile, "READ")) {
+					response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform");
+				} else {
+					response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, private, no-transform");
+				}
 				response.setHeader(HttpHeaders.PRAGMA, "");
 				response.setDateHeader(HttpHeaders.LAST_MODIFIED, repositoryFile.getLastModifiedDate().getTime());
 				response.setHeader(HttpHeaders.ETAG, repositoryFile.getSha1Sum());