diff --git a/nginx/default b/nginx/default
index 188bbb7..43816b3 100644
--- a/nginx/default
+++ b/nginx/default
@@ -10,6 +10,11 @@ server {
 
     location / {
         return 301 https://$host$request_uri;
+        add_header Strict-Transport-Security "max-age=31536000";
+        add_header X-Content-Type-Options nosniff;
+        add_header X-XSS-Protection "1; mode=block";
+        add_header Referrer-Policy "no-referrer-when-downgrade";
+
     }
 }
 
@@ -23,7 +28,8 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/email.thelyoncompany.com/privkey.pem;
     ssl_trusted_certificate /etc/letsencrypt/live/email.thelyoncompany.com/chain.pem;  
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
-
+    include /etc/nginx/snippets/letsencrypt.conf;
+    
     if ($host !~ ^(autoconfig.thelyoncompany.com|autodiscover.thelyoncompany.com|webmail.thelyoncompany.com|email.thelyoncompany.com|matrix.thelyoncompany.com|thelyoncompany.com)$ ) {
          return 444;
     }
@@ -32,6 +38,11 @@ server {
 
     location / {
          return 301 https://$host$request_uri;
+         add_header Strict-Transport-Security "max-age=31536000";
+         add_header X-Content-Type-Options nosniff;
+         add_header X-XSS-Protection "1; mode=block";
+         add_header Referrer-Policy "no-referrer-when-downgrade";
+
     }
 }