diff --git a/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthTemplateController.java b/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthTemplateController.java
index f23ae4c19..2d895a3f3 100644
--- a/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthTemplateController.java
+++ b/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthTemplateController.java
@@ -51,7 +51,7 @@ public class ShopifyAuthTemplateController {
             throw new ShopifyRequestVerifyException("This request parameters is invalid");
         }
         ShopifyPermissionURL shopifyPermissionURL = shopifyMerchantAuthApplication.getShopifyPermissionUrl(shop);
-        response.setHeader("content-security-policy", "frame-ancestors https://" + shop + ".myshopify.com https://admin.shopify.com");
+        response.setHeader("Content-Security-Policy", "frame-ancestors https://" + shop + ".myshopify.com https://admin.shopify.com");
         return "redirect:" + shopifyPermissionURL.getUrl();
     }
 
@@ -97,7 +97,7 @@ public class ShopifyAuthTemplateController {
         }
 
         String redirectUri = PlatformEnvironment.getEnv().concatUrl("/auth.html#/shopify/login?code=" + code + "&hmac=" + hmac + "&host=" + host + "&state=" + state + "&shop=" + shop + "&timestamp=" + timestamp);
-        response.setHeader("content-security-policy", "frame-ancestors https://" + shop + ".myshopify.com https://admin.shopify.com");
+        response.setHeader("Content-Security-Policy", "frame-ancestors https://" + shop + ".myshopify.com https://admin.shopify.com");
         return "redirect:" + redirectUri;
     }
 
diff --git a/src/main/java/au/com/royalpay/payment/manage/shopify/hooks/ShopifyWebhooksController.java b/src/main/java/au/com/royalpay/payment/manage/shopify/hooks/ShopifyWebhooksController.java
index 05e2bb31a..17146091f 100644
--- a/src/main/java/au/com/royalpay/payment/manage/shopify/hooks/ShopifyWebhooksController.java
+++ b/src/main/java/au/com/royalpay/payment/manage/shopify/hooks/ShopifyWebhooksController.java
@@ -11,6 +11,7 @@ import au.com.royalpay.payment.manage.shopify.support.ShopifyHttpUtils;
 import com.alibaba.fastjson.JSONObject;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 
 import javax.servlet.http.HttpServletRequest;
@@ -40,7 +41,7 @@ public class ShopifyWebhooksController {
             throw new ShopifyRequestVerifyException("Unauthorized");
         }
         ShopifyCustomerRequestCommand shopifyCustomerRequestCommand = JSONObject.parseObject(requestBody, ShopifyCustomerRequestCommand.class);
-        response.setHeader("content-security-policy", "frame-ancestors https://" + shopifyCustomerRequestCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com");
+        response.setHeader("Content-Security-Policy", "frame-ancestors https://" + shopifyCustomerRequestCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com");
     }
 
     /**
@@ -48,15 +49,16 @@ public class ShopifyWebhooksController {
      *
      */
     @PostMapping("/customer/erasure")
-    public void customerRedact(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac,
-                               HttpServletRequest request,
-                               HttpServletResponse response) {
+    public ResponseEntity<Void> customerRedact(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac,
+                                         HttpServletRequest request,
+                                         HttpServletResponse response) {
         String requestBody = ShopifyHttpUtils.getRequestBody(request);
         if (!shopifyRequestValidator.verify(requestBody, hmac)) {
             throw new ShopifyRequestVerifyException("Unauthorized");
         }
         ShopifyCustomerRedactCommand shopifyCustomerRedactCommand = JSONObject.parseObject(requestBody, ShopifyCustomerRedactCommand.class);
-        response.setHeader("content-security-policy", "frame-ancestors https://" + shopifyCustomerRedactCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com");
+        return ResponseEntity.ok().header("Content-Security-Policy", "frame-ancestors https://" + shopifyCustomerRedactCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com")
+                        .build();
     }
 
     /**
@@ -77,6 +79,6 @@ public class ShopifyWebhooksController {
             return;
         }
         shopifyStoreService.modifyShopifyStore(shopifyShop.setStatus(0));
-        response.setHeader("content-security-policy", "frame-ancestors https://" + shopifyShopRedactCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com");
+        response.setHeader("Content-Security-Policy", "frame-ancestors https://" + shopifyShopRedactCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com");
     }
 }