diff --git a/access.lua b/access.lua
index 6476d63..caf438e 100644
--- a/access.lua
+++ b/access.lua
@@ -289,7 +289,7 @@ if permission then
 
         -- If the user is authenticated and has access to the URL, set the headers
         -- and let it be
-        if permission["auth_header"] then
+        if permission["auth_header"] and hlp.has_access(permission) then
             logger.debug("Set Headers")
             hlp.set_headers()
         end
diff --git a/debian/changelog b/debian/changelog
index b343b25..eb05b72 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+ssowat (3.7.1) stable; urgency=low
+
+  - [fix] Don't set auth headers if user don't have access (#158)
+
+  Thanks to all contributors <3 ! (Josue)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Thu, 9 April 2020 15:23:00  +0000
+
 ssowat (3.7.0.3) stable; urgency=low
 
   Bumping version number for stable release