diff --git a/templates/etc/nginx/sites-available/core.j2 b/templates/etc/nginx/sites-available/core.j2
index 31c96fe..c26abb1 100644
--- a/templates/etc/nginx/sites-available/core.j2
+++ b/templates/etc/nginx/sites-available/core.j2
@@ -49,7 +49,7 @@ server {
 {% if item.headers is defined and item.headers == 'none' %}
 {% else %}
 ## HEADERS
-{% if item.permission_policy is defined and item.permission_policy == 'none' %}
+{% if item.header_permission_policy is defined and item.header_permission_policy == 'none' %}
 {% else %}
   add_header Permissions-Policy "geolocation=(),interest-cohort=()";
 {% endif %}
@@ -58,33 +58,33 @@ server {
   add_header X-Download-Options noopen;
   add_header X-Permitted-Cross-Domain-Policies none;
 {% endif %}
-{% if item.referrer is defined and item.referrer == 'none' %}
+{% if item.header_referrer is defined and item.header_referrer == 'none' %}
 {% else %}
-  add_header Referrer-Policy "{{ item.referrer | default('no-referrer') }}";
+  add_header Referrer-Policy "{{ item.header_referrer | default('no-referrer') }}";
 {% endif %}
-{% if item.header_sameorigin is defined and item.header_sameorigin == 'none' %}
+{% if item.header_xframe is defined and item.header_xframe == 'none' %}
 {% else %}
-  add_header X-Frame-Options "SAMEORIGIN";
+  add_header X-Frame-Options "{{ item.header_xframe | default("SAMEORIGIN");
 {% endif %}
-{% if item.nginx_HSTS_policy is defined and item.nginx_HSTS_policy == 'none' %}
+{% if item.header_nginx_HSTS_policy is defined and item.header_nginx_HSTS_policy == 'none' %}
 {% else %}
   add_header Strict-Transport-Security "max-age={{ nginx_hsts_age }}; includeSubDomains; preload;" always;
 {% endif %}
-{% if item.csp is defined and item.csp == 'none' %}
+{% if item.header_csp is defined and item.header_csp == 'none' %}
 {% else %}
-  add_header Content-Security-Policy "{{ item.csp | default("default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self';") }}";
+  add_header Content-Security-Policy "{{ item.header_csp | default("default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self';") }}";
 {% endif %}
-{% if item.cto is defined and item.cto == 'none' %}
+{% if item.header_cto is defined and item.header_cto == 'none' %}
 {% else %}
-  add_header X-Content-Type-Options "{{ item.cto | default('nosniff') }}";
+  add_header X-Content-Type-Options "{{ item.header_cto | default('nosniff') }}";
 {% endif %}
-{%if item.xss is defined and item.xss == 'none' %}
+{%if item.header_xss is defined and item.header_xss == 'none' %}
 {% else %}
-  add_header X-XSS-Protection "{{ item.xss | default('1; mode=block') }}";
+  add_header X-XSS-Protection "{{ item.header_xss | default('1; mode=block') }}";
 {% endif %}
-{% if item.robots is defined and item.robot == 'none' %}
+{% if item.header_robots is defined and item.header_robot == 'none' %}
 {% else %}
-  add_header X-Robots-Tag "{{ item.robots | default('none') }}";
+  add_header X-Robots-Tag "{{ item.header_robots | default('none') }}";
 {% endif %}
 {% endif %}
 {% endblock %}