diff --git a/nginx/snippets/security.conf b/nginx/snippets/security.conf
index 08e2c56..df772a8 100644
--- a/nginx/snippets/security.conf
+++ b/nginx/snippets/security.conf
@@ -1,7 +1,14 @@
-add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
-add_header X-Frame-Options SAMEORIGIN;
-add_header X-Content-Type-Options nosniff;
-add_header X-XSS-Protection "1; mode=block";
-add_header Referrer-Policy "no-referrer, strict-origin-when-cross-origin";
+
+
+add_header Strict-Transport-Security 'max-age=31536000';
+
+proxy_hide_header X-XSS-Protection;
+proxy_hide_header X-Powered-By;
+      
+add_header X-Frame-Options 'SAMEORIGIN';
+add_header X-Content-Type-Options 'nosniff';
+add_header X-Permitted-Cross-Domain-Policies 'none';
+add_header X-XSS-Protection '1; mode=block';
+add_header Referrer-Policy 'same-origin';
 add_header Content-Security-Policy "upgrade-insecure-requests" always;
 add_header Feature-policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'self';focus-without-user-activation 'none'; geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb '*';vr 'none'";