diff --git a/templates/etc/nginx/sites-available/_base.j2 b/templates/etc/nginx/sites-available/_base.j2
index dd7eb5e..72d384d 100644
--- a/templates/etc/nginx/sites-available/_base.j2
+++ b/templates/etc/nginx/sites-available/_base.j2
@@ -106,7 +106,7 @@ server {
 {% block template_headers %}
 	# --> Custom headers
 {% for key, value in __headers.iteritems() %}
-	add_header {{ key }} "{{ value }}";
+	add_header {{ key }} "{{ value | regex_replace('\s+always$', '') }}"{% if value | regex_search('\s+always$') %} always{% endif %};
 {% endfor %}
 	# <-- Custom headers
 {% endblock %}
diff --git a/vars/main.yml b/vars/main.yml
index 5678fcf..3d7a7aa 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -46,6 +46,6 @@ nginx_templates_no_dir:
 nginx_servers_default_headers:
   'X-Frame-Options': 'DENY always'
   'X-Content-Type-Options': 'nosniff always'
-  'X-XSS-Protection': '1; mode=block'
+  'X-XSS-Protection': '1; mode=block always'
 
 nginx_acmesh_bin: "{{ nginx_acmesh_dir }}/acme.sh"