diff --git a/api/nginx.conf b/api/nginx.conf
index 4d1240554..e810e7b84 100644
--- a/api/nginx.conf
+++ b/api/nginx.conf
@@ -25,12 +25,12 @@ http {
 
         server_tokens off;
 
-        add_header 'X-Content-Type-Options' 'nosniff'; always;
-        add_header 'X-Frame-Options' 'DENY always'; always;
-        add_header 'Referrer-Policy' 'strict-origin-when-cross-origin'; always;
-        add_header 'Strict-Transport-Security' 'max-age=31536000; includeSubDomains; preload'; always;
-        add_header 'Permissions-Policy' 'fullscreen=(self), geolocation=(self), clipboard-read=(self), clipboard-write=(self)'; always;
-        add_header 'Content-Security-Policy' "default-src 'self'; upgrade-insecure-requests;"; always;
+        add_header 'X-Content-Type-Options' 'nosniff' always;
+        add_header 'X-Frame-Options' 'DENY' always;
+        add_header 'Referrer-Policy' 'strict-origin-when-cross-origin' always;
+        add_header 'Strict-Transport-Security' 'max-age=31536000; includeSubDomains; preload' always;
+        add_header 'Permissions-Policy' 'fullscreen=(self), geolocation=(self), clipboard-read=(self), clipboard-write=(self)' always;
+        add_header 'Content-Security-Policy' "default-src 'self'; upgrade-insecure-requests;" always;
 
         location / {
             if ($request_uri ~ ^/(.*)\.html) {