diff --git a/changelog.md b/changelog.md
index 7aa04de..a6e544f 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,12 @@
 # Changelog
 
+## 2025-02-04 - 3.0.64 - fix(serviceworker)
+Improve cache handling and response header management in service worker.
+
+- Addressed issue preventing caching of certain responses due to missing CORS headers.
+- Added 'Vary: Origin' header to ensure proper response handling.
+- Included 'Access-Control-Expose-Headers' for better CORS support.
+
 ## 2025-02-04 - 3.0.63 - fix(core)
 Refactored caching strategy for service worker to improve compatibility and performance.
 
diff --git a/ts/00_commitinfo_data.ts b/ts/00_commitinfo_data.ts
index ce204d4..f03c648 100644
--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@api.global/typedserver',
-  version: '3.0.63',
+  version: '3.0.64',
   description: 'A TypeScript-based project for easy serving of static files with support for live reloading, compression, and typed requests.'
 }
diff --git a/ts_web_serviceworker/classes.cachemanager.ts b/ts_web_serviceworker/classes.cachemanager.ts
index a767513..9c2b8de 100644
--- a/ts_web_serviceworker/classes.cachemanager.ts
+++ b/ts_web_serviceworker/classes.cachemanager.ts
@@ -124,7 +124,7 @@ export class CacheManager {
         });
 
         // If the response status is an error or the response is opaque, do not cache it.
-        if (newResponse.status > 299 || newResponse.type === 'opaque') {
+        if (newResponse.status > 299 || newResponse.type === 'opaque' || (newResponse.headers.get('access-control-allow-origin') === null && !matchRequest.url.startsWith(this.losslessServiceWorkerRef.serviceWindowRef.location.origin))) {
           logger.log(
             'error',
             `NOTCACHED: not caching response for ${matchRequest.url} due to status ${newResponse.status} and type ${newResponse.type}`
@@ -155,6 +155,10 @@ export class CacheManager {
           if (!headers.has('Access-Control-Allow-Origin')) {
             headers.set('Access-Control-Allow-Origin', '*');
           }
+          headers.set('Vary', 'Origin');
+          if (!headers.has('Access-Control-Expose-Headers')) {
+            headers.set('Access-Control-Expose-Headers', '*')
+          }
           if (!headers.has('Access-Control-Allow-Methods')) {
             headers.set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
           }