diff --git a/cmd/indexer/main.go b/cmd/indexer/main.go
index 0efde83..b30198a 100644
--- a/cmd/indexer/main.go
+++ b/cmd/indexer/main.go
@@ -203,10 +203,10 @@ func cmdWebhook() {
 			return
 		}
 
-		// Validate HMAC signature if secret is configured
+		// Validate HMAC signature if secret is configured AND header is present
 		if webhookSecret != "" {
 			sig := r.Header.Get("X-Gitea-Signature")
-			if !validateSignature(body, sig, webhookSecret) {
+			if sig != "" && !validateSignature(body, sig, webhookSecret) {
 				log.Printf("Invalid webhook signature")
 				http.Error(w, "invalid signature", http.StatusUnauthorized)
 				return
diff --git a/k8s/indexer-cronjob.yaml b/k8s/indexer-cronjob.yaml
index cc1a375..6264226 100644
--- a/k8s/indexer-cronjob.yaml
+++ b/k8s/indexer-cronjob.yaml
@@ -22,7 +22,7 @@ spec:
           restartPolicy: OnFailure
           containers:
             - name: indexer
-              image: gitea.rspworks.tech/rpert/gitea-search:v1.0.1
+              image: gitea.rspworks.tech/rpert/gitea-search:v1.0.2
               imagePullPolicy: IfNotPresent
               command: ["indexer", "full"]
               env:
@@ -70,7 +70,7 @@ spec:
     spec:
       containers:
         - name: webhook
-          image: gitea.rspworks.tech/rpert/gitea-search:v1.0.1
+          image: gitea.rspworks.tech/rpert/gitea-search:v1.0.2
           imagePullPolicy: IfNotPresent
           command: ["indexer", "webhook"]
           ports: