diff --git a/core/modules/jsonapi/src/Normalizer/HttpExceptionNormalizer.php b/core/modules/jsonapi/src/Normalizer/HttpExceptionNormalizer.php
index 73700aa0fd2aaa2bd9675bc15559d21f17669a98..6ca47ae23340fa3b6b2bc49bb10d5d7653e17c48 100644
--- a/core/modules/jsonapi/src/Normalizer/HttpExceptionNormalizer.php
+++ b/core/modules/jsonapi/src/Normalizer/HttpExceptionNormalizer.php
@@ -44,6 +44,12 @@ public function __construct(AccountInterface $current_user) {
   public function normalize($object, $format = NULL, array $context = []): array|string|int|float|bool|\ArrayObject|NULL {
     $cacheability = new CacheableMetadata();
     $cacheability->addCacheableDependency($object);
+
+    $cacheability->addCacheTags(['config:system.logging']);
+    if (\Drupal::config('system.logging')->get('error_level') === ERROR_REPORTING_DISPLAY_VERBOSE) {
+      $cacheability->setCacheMaxAge(0);
+    }
+
     return new HttpExceptionNormalizerValue($cacheability, static::rasterizeValueRecursive($this->buildErrorObjects($object)));
   }
 
@@ -82,7 +88,10 @@ protected function buildErrorObjects(HttpException $exception) {
     if ($exception->getCode() !== 0) {
       $error['code'] = (string) $exception->getCode();
     }
-    if ($this->currentUser->hasPermission('access site reports')) {
+
+    $is_verbose_reporting = \Drupal::config('system.logging')->get('error_level') === ERROR_REPORTING_DISPLAY_VERBOSE;
+    $site_report_access = $this->currentUser->hasPermission('access site reports');
+    if ($site_report_access && $is_verbose_reporting) {
       // The following information may contain sensitive information. Only show
       // it to authorized users.
       $error['source'] = [
diff --git a/core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php b/core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php
index b4b83c7ebc6104a66cf00880c23420887427ae65..3c19be8f505eb65fb7c997c9ac17b000858b3d46 100644
--- a/core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php
+++ b/core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php
@@ -221,6 +221,8 @@ protected function setUp(): void {
 
     $this->serializer = $this->container->get('jsonapi.serializer');
 
+    $this->config('system.logging')->set('error_level', ERROR_REPORTING_HIDE)->save();
+
     // Ensure the anonymous user role has no permissions at all.
     $user_role = Role::load(RoleInterface::ANONYMOUS_ID);
     foreach ($user_role->getPermissions() as $permission) {
@@ -725,7 +727,14 @@ protected function assertResourceResponse($expected_status_code, $expected_docum
     // Expected cache tags: X-Drupal-Cache-Tags header.
     $this->assertSame($expected_cache_tags !== FALSE, $response->hasHeader('X-Drupal-Cache-Tags'));
     if (is_array($expected_cache_tags)) {
-      $this->assertEqualsCanonicalizing($expected_cache_tags, explode(' ', $response->getHeader('X-Drupal-Cache-Tags')[0]));
+      $actual_cache_tags = explode(' ', $response->getHeader('X-Drupal-Cache-Tags')[0]);
+
+      $tag = 'config:system.logging';
+      if (!in_array($tag, $expected_cache_tags) && in_array($tag, $actual_cache_tags)) {
+        $expected_cache_tags[] = $tag;
+      }
+
+      $this->assertEqualsCanonicalizing($expected_cache_tags, $actual_cache_tags);
     }
 
     // Expected cache contexts: X-Drupal-Cache-Contexts header.
diff --git a/core/modules/jsonapi/tests/src/Functional/RestJsonApiUnsupported.php b/core/modules/jsonapi/tests/src/Functional/RestJsonApiUnsupported.php
index ec379ab881addd5d8935de9d5eb65d60d344ce1b..84b8b91fb8e49938f753bfac50916a98da2b4b96 100644
--- a/core/modules/jsonapi/tests/src/Functional/RestJsonApiUnsupported.php
+++ b/core/modules/jsonapi/tests/src/Functional/RestJsonApiUnsupported.php
@@ -65,6 +65,8 @@ protected function setUpAuthorization($method) {
   protected function setUp(): void {
     parent::setUp();
 
+    $this->config('system.logging')->set('error_level', ERROR_REPORTING_HIDE)->save();
+
     // Create a "Camelids" node type.
     NodeType::create([
       'name' => 'Camelids',
@@ -99,7 +101,7 @@ public function testApiJsonNotSupportedInRest() {
       400,
       FALSE,
       $response,
-      ['4xx-response', 'config:user.role.anonymous', 'http_response', 'node:1'],
+      ['4xx-response', 'config:system.logging', 'config:user.role.anonymous', 'http_response', 'node:1'],
       ['url.query_args:_format', 'url.site', 'user.permissions'],
       'MISS',
       'MISS'
diff --git a/core/modules/jsonapi/tests/src/Unit/Normalizer/HttpExceptionNormalizerTest.php b/core/modules/jsonapi/tests/src/Unit/Normalizer/HttpExceptionNormalizerTest.php
index 928fdf8514aefe5c75275c52e78a1546ab3f23d0..5c061fe519f26626e744eef5e1813f9f73bf391a 100644
--- a/core/modules/jsonapi/tests/src/Unit/Normalizer/HttpExceptionNormalizerTest.php
+++ b/core/modules/jsonapi/tests/src/Unit/Normalizer/HttpExceptionNormalizerTest.php
@@ -2,6 +2,8 @@
 
 namespace Drupal\Tests\jsonapi\Unit\Normalizer;
 
+use Drupal\Core\Config\ConfigFactory;
+use Drupal\Core\Config\ImmutableConfig;
 use Drupal\Core\Session\AccountInterface;
 use Drupal\jsonapi\Normalizer\HttpExceptionNormalizer;
 use Drupal\Tests\UnitTestCase;
@@ -26,6 +28,11 @@ public function testNormalize() {
     $request_stack->getCurrentRequest()->willReturn(Request::create('http://localhost/'));
     $container = $this->prophesize(ContainerInterface::class);
     $container->get('request_stack')->willReturn($request_stack->reveal());
+    $config = $this->prophesize(ImmutableConfig::class);
+    $config->get('error_level')->willReturn(ERROR_REPORTING_DISPLAY_VERBOSE);
+    $config_factory = $this->prophesize(ConfigFactory::class);
+    $config_factory->get('system.logging')->willReturn($config->reveal());
+    $container->get('config.factory')->willReturn($config_factory->reveal());
     \Drupal::setContainer($container->reveal());
     $exception = new AccessDeniedHttpException('lorem', NULL, 13);
     $current_user = $this->prophesize(AccountInterface::class);