diff --git a/nginx/mailcow.conf b/nginx/mailcow.conf
index e43bda4..8ac5bfa 100644
--- a/nginx/mailcow.conf
+++ b/nginx/mailcow.conf
@@ -1,10 +1,3 @@
-server {
-  listen 80;
-  listen [::]:80;
-  server_name email.* webmail.* autodiscover.* autoconfig.*;
-  return 301 https://$host$request_uri;
-}
-
 server {
   listen 443 ssl http2;
   listen [::]:443 ssl http2;
@@ -68,9 +61,6 @@ server {
   include /etc/nginx/snippets/ssl.conf;
   ssl_trusted_certificate /opt/mailcow-dockerized/data/assets/ssl/cert.pem;
  
-  add_header Strict-Transport-Security "max-age=16070400";
-  add_header Content-Security-Policy "upgrade-insecure-requests";
-  
   include /etc/nginx/snippets/letsencrypt.conf;
 
   if ($http_referer ~ "semalt\.com|badsite\.net|example\.com")  {
@@ -79,5 +69,10 @@ server {
 
   location / {
     return 301 https://email.thelyoncompany.com/SOGo;
+    add_header Strict-Transport-Security "max-age=31536000";
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+    add_header Referrer-Policy "no-referrer-when-downgrade";
+    add_header Content-Security-Policy "upgrade-insecure-requests";
   }
 }