diff --git a/etc/nginx/snippets/security.conf b/etc/nginx/snippets/security.conf
index 61bc3ce..bf25df8 100644
--- a/etc/nginx/snippets/security.conf
+++ b/etc/nginx/snippets/security.conf
@@ -14,10 +14,10 @@ proxy_hide_header X-Frame-Options;
 add_header X-Frame-Options "SAMEORIGIN" always;
 
 proxy_hide_header Cross-Origin-Resource-Policy;
-add_header Cross-Origin-Resource-Policy cross-origin;
+add_header Cross-Origin-Resource-Policy cross-origin always;
 
 proxy_hide_header Cross-Origin-Opener-Policy;
-add_header Cross-Origin-Opener-Policy same-origin;
+add_header Cross-Origin-Opener-Policy same-origin always;
 
 # Obsolete and replaced by Content-Security-Policy
 # Only here to pass Hardenize checks