diff --git a/~config/httpd.conf b/~config/httpd.conf
index 627b13b..5d7748c 100644
--- a/~config/httpd.conf
+++ b/~config/httpd.conf
@@ -205,12 +205,44 @@ TraceEnable off
 </IfModule>
 
 <IfModule headers_module>
-    # Execute as PHP file
+    <IfModule setenvif_module>
+        # Prevent clickjacking, block display in <frame>, <iframe> and <object>
+        Header set X-Frame-Options DENY
+
+        # Force IE in highest available mode https://msdn.microsoft.com/en-us/library/ff955275(v=vs.85).aspx
+        BrowserMatch MSIE ie
+        Header set X-UA-Compatible IE=edge env=ie
+
+        # Remove cross-site scripting attacks on IE8 and IE9 http://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx
+        BrowserMatch "MSIE [8-9]" ie89
+        Header set X-XSS-Protection "1; mode=block" env=ie89
+
+        # Stop Microsoft Edge requesting /browserconfig.xml https://msdn.microsoft.com/library/dn320426(v=vs.85).aspx#code-snippet-3
+        BrowserMatch Edge edge
+        Header set msapplication-config none env=edge
+
+        # <FilesMatch \.(eot|gif|ico|jpe?g|otf|png|svg|ttf|webp|woff|woff2)$>
+        #     # CORS file access from all domains
+        #     SetEnvIf Origin ":" IS_CORS
+        #     Header set Access-Control-Allow-Origin "*" env=IS_CORS
+        # </FilesMatch>
+    </IfModule>
+    <FilesMatch \.(appcache|crx|css|eot|gif|ico|jpe?g|js|mp4|oga|ogg|ogv|otf|pdf|png|svg|ttf|txt|vcard|vcf|nex|webapp|webm|webmanifest|webp|woff|woff2|xml|xsl)$>
+        # Unset only-HTML related headers
+        Header unset Strict-Transport-Security env=SSL
+
+        <IfModule setenvif_module>
+            Header unset X-Frame-Options
+            Header unset X-UA-Compatible env=ie
+            Header unset X-XSS-Protection env=ie89
+        </IfModule>
+    </FilesMatch>
     <FilesMatch ^(humans\.txt|manifest\.appcache|manifest\.json|robots\.txt|sitemap\.xml|sitemap\.xsl)$>
+        # Execute as PHP file
         SetHandler application/x-httpd-php
     </FilesMatch>
-    # Correct MIME type
     <FilesMatch ^(humans|robots)\.txt$>
+        # Correct MIME type
         Header set Content-Type "text/plain"
     </FilesMatch>
     <FilesMatch ^manifest\.appcache$>
@@ -227,24 +259,15 @@ TraceEnable off
     <FilesMatch ^sitemap\.(xml|xsl)$>
         Header set Content-Type "application/xml"
     </FilesMatch>
-
-    # Do not show a snippet in the search results for this files
     <FilesMatch \.(css|js|json|txt|xml|xsl)$>
+        # Do not show a snippet in the search results for this files
         # CSS and JS files must stay indexable/crawlable in order to allow search engines to render the pages like a modern browser http://googlewebmastercentral.blogspot.com/2014/05/understanding-web-pages-better.html
         Header set X-Robots-Tag nosnippet
     </FilesMatch>
 
-    # # CORS file access from all domains
-    # <IfModule setenvif_module>
-    #     <FilesMatch \.(eot|gif|ico|jpe?g|otf|png|svg|ttf|webp|woff|woff2)$>
-    #         SetEnvIf Origin ":" IS_CORS
-    #         Header set Access-Control-Allow-Origin "*" env=IS_CORS
-    #     </FilesMatch>
-    # </IfModule>
-
     Header unset ETag
 
-    # No need for Vary header till served different code/URLs to different User-Agent's https://developers.google.com/webmasters/mobile-sites/mobile-seo/overview/select-config
+    # No need for Vary header till served different code/URLs to different User-Agent's https://developers.google.com/webmasters/mobile-sites/mobile-seo/configurations/dynamic-serving
     Header unset Vary
 </IfModule>
 
@@ -292,36 +315,6 @@ EnableMMAP Off
 # Load config files
 Include httpd-*.conf
 
-<IfModule headers_module>
-    <IfModule setenvif_module>
-        # Prevent clickjacking, block display in <frame>, <iframe> and <object>
-        Header set X-Frame-Options DENY
-
-        # Force IE in highest available mode https://msdn.microsoft.com/en-us/library/ff955275(v=vs.85).aspx
-        BrowserMatch MSIE ie
-        Header set X-UA-Compatible IE=edge env=ie
-
-        # Remove cross-site scripting attacks on IE8 and IE9 http://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx
-        BrowserMatch "MSIE [8-9]" ie89
-        Header set X-XSS-Protection "1; mode=block" env=ie89
-
-        # Stop Microsoft Edge requesting /browserconfig.xml https://msdn.microsoft.com/library/dn320426(v=vs.85).aspx#code-snippet-3
-        BrowserMatch Edge edge
-        Header set msapplication-config none env=edge
-    </IfModule>
-    <FilesMatch \.(appcache|crx|css|eot|gif|ico|jpe?g|js|mp4|oga|ogg|ogv|otf|pdf|png|svg|ttf|txt|vcard|vcf|nex|webapp|webm|webmanifest|webp|woff|woff2|xml|xsl)$>
-        # Unset only HTML document related headers
-        #
-        Header unset X-Frame-Options
-        Header unset Strict-Transport-Security env=SSL
-
-        <IfModule setenvif_module>
-            Header unset X-UA-Compatible env=ie
-            Header unset X-XSS-Protection env=ie89
-        </IfModule>
-    </FilesMatch>
-</IfModule>
-
 # Configures optimizations for a Protocol's Listener Sockets
 AcceptFilter http none
 # AcceptFilter https none