diff --git a/CHANGELOG.md b/CHANGELOG.md
index 56be0ab..bd63833 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,8 @@
 ## CHANGELOG
 
+### [24.6.2] - Jun 20, 2024
+- The ETag hash is now across all additional headers including `Content-Type` and `Content-Security-Policy` as well as the content itself
+
 ### [24.6.1] - Jun 20, 2024
 - Updated `Content-Security-Policy` to explicitly allow `data:` scheme for `img-src` as `*` doesn't permit it
 
@@ -312,6 +315,7 @@
 ### 21.11.0 - Nov 29, 2021
 - Initial release
 
+[24.6.2]: https://github.com/cmason3/jinjafx_server/compare/24.6.1...24.6.2
 [24.6.1]: https://github.com/cmason3/jinjafx_server/compare/24.6.0...24.6.1
 [24.6.0]: https://github.com/cmason3/jinjafx_server/compare/24.5.0...24.6.0
 [24.5.0]: https://github.com/cmason3/jinjafx_server/compare/24.3.0...24.5.0
diff --git a/jinjafx_server.py b/jinjafx_server.py
index 89e5828..7c4dcda 100755
--- a/jinjafx_server.py
+++ b/jinjafx_server.py
@@ -28,7 +28,7 @@
 import re, argparse, hashlib, traceback, glob, hmac, uuid, struct, binascii, gzip, requests, ctypes, subprocess
 import cmarkgfm, emoji
 
-__version__ = '24.6.1'
+__version__ = '24.6.2'
 
 llock = threading.RLock()
 rlock = threading.RLock()
@@ -390,7 +390,13 @@ def do_GET(self, head=False, cache=True, versioned=False):
         else:
           r = [ 'text/plain', 404, '404 Not Found\r\n'.encode('utf-8'), sys._getframe().f_lineno ]
 
-      etag = '"' + hashlib.sha256(r[2]).hexdigest() + '"'
+      headers = {
+        'X-Content-Type-Options': 'nosniff',
+        'Content-Security-Policy': "default-src 'self'; style-src 'self' https://cdnjs.cloudflare.com 'unsafe-inline'; script-src 'self' https://cdnjs.cloudflare.com; img-src data: *; frame-ancestors 'none'",
+        'Referrer-Policy': 'strict-origin-when-cross-origin'
+      }
+      etag = '"' + hashlib.sha224(repr(headers).encode('utf-8') + b'|' + r[0].encode('utf-8') + b'; ' + r[2]).hexdigest() + '"'
+
       if 'If-None-Match' in self.headers:
         if self.headers['If-None-Match'] == etag:
           head = True
@@ -415,9 +421,8 @@ def do_GET(self, head=False, cache=True, versioned=False):
 
       elif r[1] == 200 or r[1] == 304:
         if r[1] == 200:
-          self.send_header('X-Content-Type-Options', 'nosniff')
-          self.send_header('Content-Security-Policy', "default-src 'self'; style-src 'self' https://cdnjs.cloudflare.com 'unsafe-inline'; script-src 'self' https://cdnjs.cloudflare.com; img-src data: *; frame-ancestors 'none'")
-          self.send_header('Referrer-Policy', 'strict-origin-when-cross-origin')
+          for h in headers:
+            self.send_header(h, headers[h])
 
         self.send_header('Cache-Control', 'max-age=0, must-revalidate')
         self.send_header('ETag', etag)