diff --git a/nginx.conf b/nginx.conf
index bde46e2..b6abe1d 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -17,6 +17,7 @@ http {
     access_log /dev/stdout;
     access_log /var/log/nginx/access.log;
 
+    server_tokens off;
 
     sendfile on;
 
@@ -33,6 +34,12 @@ http {
         set_real_ip_from  0.0.0.0/0;
         real_ip_header X-Forwarded-For;
 
+        add_header X-Frame-Options "SAMEORIGIN";
+        add_header X-XSS-Protection "1; mode=block";
+        add_header X-Content-Type-Options "nosniff";
+        add_header Referrer-Policy "same-origin";
+        add_header Strict-Transport-Security "max-age=5184000";
+
         location ~* ^\/(_matrix|stats|js|scss|img|css|fonts|webfonts)+? {
             access_log off;
         }