diff --git a/src/download.rs b/src/download.rs
index a6a8537..20ddc56 100644
--- a/src/download.rs
+++ b/src/download.rs
@@ -165,11 +165,11 @@ fn build_file_response(
         .set_content_disposition(content_disposition);
 
     let mut response = file.into_response(req);
-    add_headers(req, download, &mut response);
+    append_security_headers(&mut response, req, download);
     Ok(response)
 }
 
-fn add_headers(req: &HttpRequest, download: bool, response: &mut HttpResponse) {
+fn append_security_headers(response: &mut HttpResponse, req: &HttpRequest, download: bool) {
     // if the browser is trying to fetch this resource in a secure context pretend the reponse is
     // just binary data so it won't be executed
     let sec_fetch_mode = req
@@ -186,7 +186,7 @@ fn add_headers(req: &HttpRequest, download: bool, response: &mut HttpResponse) {
     // the reponse varies based on these request headers
     response
         .headers_mut()
-        .append(VARY, HeaderValue::from_static("accept, sec-fetch-mode"));
+        .append(VARY, HeaderValue::from_static("sec-fetch-mode"));
 }
 
 fn get_disposition_params(filename: &str) -> Vec<DispositionParam> {
@@ -229,5 +229,5 @@ fn insert_cache_headers(response: &mut HttpResponse, valid_till: OffsetDateTime)
     }
     response
         .headers_mut()
-        .insert(VARY, HeaderValue::from_name(ACCEPT));
+        .append(VARY, HeaderValue::from_name(ACCEPT));
 }