From fa78003d9bb4a72dbd26d578460749892387ab31 Mon Sep 17 00:00:00 2001
From: "Patrick D. Rupp" <p.rupp@itrupp.de>
Date: Wed, 7 Feb 2024 13:16:49 +0100
Subject: [PATCH] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index e9f56bb..f08cb9e 100644
--- a/README.md
+++ b/README.md
@@ -21,7 +21,7 @@ Set the 'hCaptcha' requirement to Required by clicking the appropriate radio but
 hCaptcha Config Page
 ![Step 3](img/step-03.png)
 
-Now you have to do is to change some default HTTP response headers that Keycloak sets. Keycloak will prevent a website from including any login page within an iframe. This is to prevent clickjacking attacks. You need to authorize hCaptcha to use the registration page within an iframe. Go to the Realm Settings left menu item and then go to the Security Defenses tab. You will need to add https://newassets.hcaptcha.com to the values of both the X-Frame-Options and Content-Security-Policy headers.
+Now you have to do is to change some default HTTP response headers that Keycloak sets. Keycloak will prevent a website from including any login page within an iframe. This is to prevent clickjacking attacks. You need to authorize hCaptcha to use the registration page within an iframe. Go to the Realm Settings left menu item and then go to the Security Defenses tab. You will need to add https://newassets.hcaptcha.com to the value of the Content-Security-Policy headers. In the image they are also in the X-Frame-Options, but this is not needed (you can ignore it).
 
 Authorizing Iframes
 ![Step 4](img/step-04.png)