diff --git a/modules/websites/lidarr-mb-report.nix b/modules/websites/lidarr-mb-report.nix
index 181f51f..637fa75 100644
--- a/modules/websites/lidarr-mb-report.nix
+++ b/modules/websites/lidarr-mb-report.nix
@@ -5,7 +5,7 @@
 }:
 let
   cfg = config.my.websites.lidarrMbReport;
-  mbHeaders = ''
+  mbSecurityHeaders = ''
     add_header X-Content-Type-Options "nosniff" always;
     add_header X-Frame-Options "SAMEORIGIN" always;
   '';
@@ -23,20 +23,22 @@ in
         "/" = {
           extraConfig = ''
             try_files $uri /missing_albums.html;
+            ${mbSecurityHeaders}
           '';
         };
         "~* \\.html$" = {
           extraConfig = ''
             add_header Content-Type "text/html; charset=utf-8";
+            ${mbSecurityHeaders}
           '';
         };
         "~* \\.json$" = {
           extraConfig = ''
             add_header Content-Type "application/json";
+            ${mbSecurityHeaders}
           '';
         };
       };
-      extraConfig = mbHeaders;
     };
   };
 }
diff --git a/modules/websites/portfolio.nix b/modules/websites/portfolio.nix
index 27eaae6..222fe7b 100644
--- a/modules/websites/portfolio.nix
+++ b/modules/websites/portfolio.nix
@@ -6,7 +6,7 @@
 let
   cfg = config.my.websites.portfolio;
   issoCfg = config.my.servers.isso;
-  hugoHeaders = ''
+  hugoSecurityHeaders = ''
     add_header X-Frame-Options "SAMEORIGIN" always;
     add_header X-Content-Type-Options "nosniff" always;
     add_header X-XSS-Protection "1; mode=block" always;
@@ -17,22 +17,26 @@ let
     "/" = {
       extraConfig = ''
         try_files $uri $uri/ /index.html;
+        ${hugoSecurityHeaders}
       '';
     };
     "~* \\.html$" = {
       extraConfig = ''
         try_files $uri $uri/ /index.html;
+        ${hugoSecurityHeaders}
       '';
     };
     "~* \\.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|xml)$" = {
       extraConfig = ''
         expires 1y;
         add_header Cache-Control "public, max-age=31536000, immutable";
+        ${hugoSecurityHeaders}
       '';
     };
     "~ /\\.(?!well-known).*" = {
       extraConfig = ''
         return 404;
+        ${hugoSecurityHeaders}
       '';
     };
     "= /js/script.js" = {
@@ -40,12 +44,14 @@ let
       extraConfig = ''
         proxy_set_header Host analytics.lebubu.org;
         rewrite ^ /js/script.file-downloads.hash.outbound-links.js break;
+        ${hugoSecurityHeaders}
       '';
     };
     "= /api/event" = {
       proxyPass = "https://analytics.lebubu.org";
       extraConfig = ''
         proxy_set_header Host analytics.lebubu.org;
+        ${hugoSecurityHeaders}
       '';
     };
   };
@@ -71,7 +77,6 @@ in
         enableACME = true;
         root = "/var/www/html/portfolio";
         locations = hugoLocations;
-        extraConfig = hugoHeaders;
       };
       "blog.danilo-reyes.com" = {
         forceSSL = true;
@@ -83,10 +88,10 @@ in
             extraConfig = ''
               rewrite ^/isso/?(.*)$ /$1 break;
               proxy_set_header Host $host;
+              ${hugoSecurityHeaders}
             '';
           };
         };
-        extraConfig = hugoHeaders;
       };
     };
   };