diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 1cd44f32..aef2064f 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -325,6 +325,12 @@ http {
         location = /allowed_signers.sig {}
         location = /allowed_signers.asc {}
 
+        location = /manifest.webmanifest {
+            include snippets/security-headers.conf;
+            add_header Cross-Origin-Resource-Policy "same-origin" always;
+            add_header Cache-Control "public, max-age=604800";
+        }
+
         location = /favicon.ico {
             if ($http_accept ~ "image/svg\+xml") {
                 rewrite ^ /favicon.svg last;
@@ -408,12 +414,6 @@ http {
             add_header Cache-Control "public, max-age=31536000, immutable";
         }
 
-        location ~ "\.webmanifest$" {
-            include snippets/security-headers.conf;
-            add_header Cross-Origin-Resource-Policy "same-origin" always;
-            add_header Cache-Control "public, max-age=604800";
-        }
-
         location ~ "\.svg$" {
             include snippets/security-headers.conf;
             add_header Cross-Origin-Resource-Policy "same-origin" always;