how to patch security headers vulnerability