diff --git a/lib/challenge/helper.go b/lib/challenge/helper.go
index 9c5b5e5..de42e2e 100644
--- a/lib/challenge/helper.go
+++ b/lib/challenge/helper.go
@@ -8,7 +8,9 @@ import (
 	"git.gammaspectra.live/git/go-away/utils"
 	"net/http"
 	"net/url"
+	"strconv"
 	"strings"
+	"time"
 )
 
 var ErrInvalidToken = errors.New("invalid token")
@@ -47,6 +49,7 @@ const (
 	QueryArgRequestId = QueryArgPrefix + "_id"
 	QueryArgChallenge = QueryArgPrefix + "_challenge"
 	QueryArgToken     = QueryArgPrefix + "_token"
+	QueryArgBust      = QueryArgPrefix + "_bust"
 )
 
 const MakeChallengeUrlSuffix = "/make-challenge"
@@ -96,6 +99,7 @@ func VerifyUrl(r *http.Request, reg *Registration, token string) (*url.URL, erro
 	values.Set(QueryArgRedirect, redirectUrl.String())
 	values.Set(QueryArgToken, token)
 	values.Set(QueryArgChallenge, reg.Name)
+	values.Set(QueryArgBust, strconv.FormatInt(time.Now().UTC().UnixMilli(), 10))
 	uri.RawQuery = values.Encode()
 
 	return uri, nil
diff --git a/lib/challenge/resource-load/resource-load.go b/lib/challenge/resource-load/resource-load.go
index 8ffc017..be0a19d 100644
--- a/lib/challenge/resource-load/resource-load.go
+++ b/lib/challenge/resource-load/resource-load.go
@@ -23,9 +23,13 @@ func FillRegistrationHeader(state challenge.StateInterface, reg *challenge.Regis
 			return challenge.VerifyResultFail
 		}
 
+		redirectUri, err := challenge.RedirectUrl(r, reg)
+		if err != nil {
+			return challenge.VerifyResultFail
+		}
 		// self redirect!
 		//TODO: adjust deadline
-		w.Header().Set("Refresh", "2; url="+r.URL.String())
+		w.Header().Set("Refresh", "2; url="+redirectUri.String())
 
 		state.ChallengePage(w, r, state.Settings().ChallengeResponseCode, reg, map[string]any{
 			"LinkTags": []map[string]string{
diff --git a/lib/challenge/script.go b/lib/challenge/script.go
index 7abf11f..4af76d9 100644
--- a/lib/challenge/script.go
+++ b/lib/challenge/script.go
@@ -23,6 +23,7 @@ func ServeChallengeScript(w http.ResponseWriter, r *http.Request, reg *Registrat
 		//TODO: log
 		panic(err)
 	}
+
 	data.ResponseHeaders(w)
 	w.WriteHeader(http.StatusOK)
 
@@ -30,7 +31,7 @@ func ServeChallengeScript(w http.ResponseWriter, r *http.Request, reg *Registrat
 		"Id":              data.Id.String(),
 		"Path":            reg.Path,
 		"Parameters":      paramData,
-		"Random":          utils.CacheBust(),
+		"Random":          utils.StaticCacheBust(),
 		"Challenge":       reg.Name,
 		"ChallengeScript": script,
 		"Strings":         data.State.Strings(),
diff --git a/lib/challenge/wasm/registration.go b/lib/challenge/wasm/registration.go
index 0aff07f..92139ca 100644
--- a/lib/challenge/wasm/registration.go
+++ b/lib/challenge/wasm/registration.go
@@ -97,7 +97,7 @@ func FillJavaScriptRegistration(state challenge.StateInterface, reg *challenge.R
 	reg.IssueChallenge = func(w http.ResponseWriter, r *http.Request, key challenge.Key, expiry time.Time) challenge.VerifyResult {
 		state.ChallengePage(w, r, state.Settings().ChallengeResponseCode, reg, map[string]any{
 			"EndTags": []template.HTML{
-				template.HTML(fmt.Sprintf("<script async type=\"module\" src=\"%s?cacheBust=%s\"></script>", reg.Path+"/script.mjs", utils.CacheBust())),
+				template.HTML(fmt.Sprintf("<script async type=\"module\" src=\"%s?cacheBust=%s\"></script>", reg.Path+"/script.mjs", utils.StaticCacheBust())),
 			},
 		})
 		return challenge.VerifyResultNone
@@ -164,6 +164,8 @@ func FillJavaScriptRegistration(state challenge.StateInterface, reg *challenge.R
 				w.Header()[k] = v
 			}
 			w.Header().Set("Content-Length", fmt.Sprintf("%d", len(out.Data)))
+
+			data.ResponseHeaders(w)
 			w.WriteHeader(out.Code)
 			_, _ = w.Write(out.Data)
 			return nil
diff --git a/lib/template.go b/lib/template.go
index aeaced0..5442de6 100644
--- a/lib/template.go
+++ b/lib/template.go
@@ -78,7 +78,7 @@ func (state *State) ChallengePage(w http.ResponseWriter, r *http.Request, status
 	data := challenge.RequestDataFromContext(r.Context())
 	input := make(map[string]any)
 	input["Id"] = data.Id.String()
-	input["Random"] = utils.CacheBust()
+	input["Random"] = utils.StaticCacheBust()
 
 	input["Path"] = state.UrlPath()
 	input["Links"] = state.opt.Links
@@ -121,7 +121,7 @@ func (state *State) ErrorPage(w http.ResponseWriter, r *http.Request, status int
 
 	input := map[string]any{
 		"Id":        data.Id.String(),
-		"Random":    utils.CacheBust(),
+		"Random":    utils.StaticCacheBust(),
 		"Error":     err.Error(),
 		"Path":      state.UrlPath(),
 		"Theme":     "",
diff --git a/utils/http.go b/utils/http.go
index e55e263..0bb5f5c 100644
--- a/utils/http.go
+++ b/utils/http.go
@@ -167,15 +167,14 @@ func GetRemoteAddress(ctx context.Context) *netip.AddrPort {
 	return &ip
 }
 
-func CacheBust() string {
-	return cacheBust
-}
-
-var cacheBust string
-
-func init() {
-
-	buf := make([]byte, 16)
+func RandomCacheBust(n int) string {
+	buf := make([]byte, n)
 	_, _ = rand.Read(buf)
-	cacheBust = base64.RawURLEncoding.EncodeToString(buf)
+	return base64.RawURLEncoding.EncodeToString(buf)
+}
+
+var staticCacheBust = RandomCacheBust(16)
+
+func StaticCacheBust() string {
+	return staticCacheBust
 }