diff --git a/src/.htaccess b/src/.htaccess
index d04c23c..1220650 100644
--- a/src/.htaccess
+++ b/src/.htaccess
@@ -1,5 +1,6 @@
 RewriteEngine On
+
+Header always set "Content-Security-Policy" "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'"
+
 RewriteCond %{HTTPS} off
 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
-
-Header add Content-Security-Policy "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'"