diff --git a/nginx/mailcow.conf b/nginx/mailcow.conf
index 0d586d2..a16ab42 100644
--- a/nginx/mailcow.conf
+++ b/nginx/mailcow.conf
@@ -53,9 +53,12 @@ server {
   ssl_dhparam /opt/mailcow-dockerized/data/assets/ssl/dhparams.pem;
 
   include /etc/nginx/snippets/ssl.conf;
-  ssl_trusted_certificate /opt/mailcow-dockerized/data/assets/ssl/chain.pem;
+  ssl_trusted_certificate /opt/mailcow-dockerized/data/assets/ssl/cert.pem;
 
-  include /etc/nginx/snippets/headers.conf;
+  add_header X-XSS-Protection "1; mode=block";
+  add_header Referrer-Policy "strict-origin";
+  add_header Content-Security-Policy "upgrade-insecure-requests";
+  add_header Strict-Transport-Security "max-age=31536000";  
   include /etc/nginx/snippets/letsencrypt.conf;
 
   location / {