When a static resource has Cache Control set to Public, copying the View File URL from the resource's detail page and using it directly in an Experience Cloud (Community) page causes guest users to be intermittently redirected to the Salesforce login page. This is a known behavior and is not a bug.
The View File URL is served from the Salesforce application server tier (hosted on visual.force.com). When a guest user requests this URL, one of two things happens:
visual.force.com for authenticated users. Since guest users are unauthenticated, they are redirected to the Salesforce login page.This intermittent behavior is determined by whether the resource happens to be in cache at the time of the request.
The View File link in a static resource's detail page is intended for authenticated users accessing the resource from within Salesforce. It is not designed for direct embedding in Experience Cloud pages. Regardless of the Cache Control setting being "Public," this URL format is not safe for guest user access.
The URL formats generated by the View File button follow these patterns:
<REDACTED><instance>.visual.force.com/resource/<timestamp>/<static_resource_name>https://<my-domain>--c.<instance>.visual.force.com/resource/<timestamp>/<static_resource_name>https://<namespace>.<instance>.visual.force.com/resource/<timestamp>/<namespace>__<static_resource_name>https://<my-domain>--<namespace>.<instance>.visual.force.com/resource/<timestamp>/<namespace>__<static_resource_name>These URLs are accessible to users logged in via login.salesforce.com but are not intended for direct embedding.
Instead of copying the View File URL, reference static resources using the $Resource global merge field in your Visualforce page or Lightning Web Component (LWC). This ensures the URL is generated correctly for the context of the page — whether the user is an authenticated user or a guest.
For example, in Visualforce: {!$Resource.MyStaticResource}
This approach generates the correct cache-friendly URL regardless of the user's authentication state.
000383810

We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.