diff --git a/backend/src/server.js b/backend/src/server.js
index f5b38c2..3f36df4 100644
--- a/backend/src/server.js
+++ b/backend/src/server.js
@@ -52,9 +52,9 @@ app.use(morgan('dev'));
 
 // ── Logos plateformes — servis sans authentification ─────────────────────
 const logosDir = path.resolve(__dirname, '../data/logos');
-app.use('/api/logos', express.static(logosDir, { maxAge: '1d' }));
+app.use('/api/logos', express.static(logosDir, { maxAge: '1d', fallthrough: false }));
 const iconsDir2 = path.resolve(__dirname, '../data/icons');
-app.use('/api/icons-files', express.static(iconsDir2, { maxAge: '1h' }));
+app.use('/api/icons-files', express.static(iconsDir2, { maxAge: '1h', fallthrough: false }));
 
 // Basic rate-limit on auth endpoints
 const authLimiter = rateLimit({