diff --git a/app.py b/app.py
index a3fa187..fe8d0ef 100755
--- a/app.py
+++ b/app.py
@@ -24,6 +24,7 @@ import auth
 import analytics as a
 import folder_secret_config_editor as fsce
 import helperfunctions as hf
+import fnmatch
 
 app_config = auth.return_app_config()
 BASE_DIR = os.path.realpath(app_config['BASE_DIR'])
@@ -136,7 +137,7 @@ def list_directory_contents(directory, subpath):
     music_exts = ('.mp3',)
     image_exts = ('.jpg', '.jpeg', '.png', '.gif', '.bmp')
     
-    blocked_filenames = ['Thumbs.db']
+    blocked_filenames = ['Thumbs.db', '*.mrk']
     
     try:
         with os.scandir(directory) as it:
@@ -146,12 +147,12 @@ def list_directory_contents(directory, subpath):
                 if entry.name.startswith('.'):
                     continue
                 
-                # Skip blocked_filenames
-                if entry.name in blocked_filenames:
+                # Skip blocked_filenames using fnmatch for wildcards
+                if any(fnmatch.fnmatch(entry.name, pattern) for pattern in blocked_filenames):
                     continue
 
                 if entry.is_dir(follow_symlinks=False):
-                    if entry.name in ["Transkription", "@eaDir"]:
+                    if entry.name in ["Transkription", "@eaDir", ".ai"]:
                         continue
                     rel_path = os.path.join(subpath, entry.name) if subpath else entry.name
                     
@@ -238,6 +239,7 @@ def custom_logo(filename):
     response.headers['Cache-Control'] = 'public, max-age=86400'
     return response
 
+
 @app.route('/sw.js')
 def serve_sw():
     return send_from_directory(os.path.join(app.root_path, 'static'), 'sw.js', mimetype='application/javascript')
@@ -471,17 +473,30 @@ def serve_file(subpath):
     # 6) Build response for non-image
     filesize = os.path.getsize(file_path)
     filename = os.path.basename(full_path)
+    
+    if as_attachment:
+        download_name = filename
+        mimetype = 'application/octet-stream'
+    else:
+        download_name = None
+        mimetype = mime
+        
 
     # Single send_file call with proper attachment handling
     response = send_file(
         file_path,
-        mimetype=mime,
+        mimetype=mimetype,
         conditional=True,
         as_attachment=as_attachment,
         download_name=filename if as_attachment else None
     )
-    if not as_attachment:
+    
+    if as_attachment:
+        response.headers['X-Content-Type-Options'] = 'nosniff'
+        response.headers['Content-Disposition'] = 'attachment'
+    else:
         response.headers['Content-Disposition'] = 'inline'
+
     response.headers['Cache-Control'] = 'public, max-age=86400'
 
     # 7) Logging
diff --git a/static/sw.js b/static/sw.js
index baf4cee..afb2215 100644
--- a/static/sw.js
+++ b/static/sw.js
@@ -1,30 +1,56 @@
-const cacheName = 'gottesdienste-v1.11';
+const VERSION = '1.19';
+const CACHE_NAME = `gottesdienste-v${VERSION}`;
 const assets = [
-  '/',
-  '/static/app.css',
-  '/static/app.js',
-  '/static/gallery.css',
-  '/static/gallery.js',
-  '/static/audioplayer.css',
-  '/static/audioplayer.js',
+  '/', 
+  `/static/app.css?v=${VERSION}`,
+  `/static/app.js?v=${VERSION}`,
+  `/static/gallery.css?v=${VERSION}`,
+  `/static/gallery.js?v=${VERSION}`,
+  `/static/audioplayer.css?v=${VERSION}`,
+  `/static/audioplayer.js?v=${VERSION}`,
   '/icon/logo-192x192.png',
+  '/icon/logo-300x300.png',
   '/icon/logo-512x512.png',
   '/custom_logo/logoB.png',
   '/custom_logo/logoW.png'
 ];
 
-self.addEventListener('install', e => {
-  e.waitUntil(
-    caches.open(cacheName).then(cache => {
-      return cache.addAll(assets);
+self.addEventListener('install', evt => {
+  self.skipWaiting();
+  evt.waitUntil(
+    caches.open(CACHE_NAME)
+      .then(cache => cache.addAll(assets))
+  );
+});
+
+self.addEventListener('activate', evt => {
+  self.clients.claim();
+  evt.waitUntil(
+    caches.keys().then(keys =>
+      Promise.all(
+        keys
+          .filter(k => k !== CACHE_NAME)
+          .map(k => caches.delete(k))
+      )
+    )
+    .then(() => {
+      // Reload to use new files
+      return self.clients.matchAll({ type: 'window' })
+        .then(clients =>
+          clients.forEach(client => client.navigate(client.url))
+        );
     })
   );
 });
 
-self.addEventListener('fetch', e => {
-  e.respondWith(
-    caches.match(e.request).then(response => {
-      return response || fetch(e.request);
-    })
+self.addEventListener('fetch', evt => {
+  if (evt.request.mode === 'navigate') {
+    evt.respondWith(
+      fetch(evt.request).catch(() => caches.match('/app.html'))
+    );
+    return;
+  }
+  evt.respondWith(
+    caches.match(evt.request).then(cached => cached || fetch(evt.request))
   );
-});
\ No newline at end of file
+});
diff --git a/templates/app.html b/templates/app.html
index 5a582a6..a98e78d 100644
--- a/templates/app.html
+++ b/templates/app.html
@@ -8,7 +8,7 @@
 
     <meta property="og:title" content="{{ title_long }}" />
     <meta property="og:description" content="... uns aber, die wir gerettet werden, ist es eine Gotteskraft." />
-    <meta property="og:image" content="/icon/logo-200x200.png" />
+    <meta property="og:image" content="/icon/logo-192x192.png" />
 
     <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
     <meta name="description" content="... uns aber, die wir gerettet werden, ist es eine Gotteskraft.">
@@ -23,7 +23,7 @@
     <meta name="theme-color" content="#000">
     
     <!-- Apple-specific tags -->
-    <link rel="touch-icon" href="{{ url_for('static', filename='icons/icon-192x192.png') }}">
+    <link rel="touch-icon" href="/icon/logo-192x192.png">
     <meta name="mobile-web-app-capable" content="yes">
     <meta name="mobile-web-app-status-bar-style" content="default">
     <meta name="mobile-web-app-title" content="Gottesdienste">
@@ -253,8 +253,6 @@
     if ('serviceWorker' in navigator) {
       window.addEventListener('load', () => {
         navigator.serviceWorker.register('{{ url_for("static", filename="sw.js") }}')
-          .then(reg => console.log('Service worker registered.', reg))
-          .catch(err => console.error('Service worker not registered.', err));
       });
     }
     </script>