diff --git a/nginx-serve-static.conf b/nginx-serve-static.conf
index 545534ad6..f211e54d7 100644
--- a/nginx-serve-static.conf
+++ b/nginx-serve-static.conf
@@ -1,6 +1,11 @@
 root /;
 try_files $uri =404;
 add_header 'Cache-Control' "public, max-age=3153600";
+add_header Referrer-Policy "same-origin";
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
+add_header X-Frame-Options "deny";
+add_header X-Content-Type-Options "nosniff";
+add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' challenges.cloudflare.com; connect-src 'self' tls-use1.fpapi.io api.fpjs.io 00bb6d59-7b11-4339-b1ae-b1f1259d1316.pushnotifications.pusher.com; object-src 'none';";
 
 sendfile on;
 sendfile_max_chunk 1m;