diff --git a/flask.conf b/flask.conf
index 3afc627..82c9ee8 100644
--- a/flask.conf
+++ b/flask.conf
@@ -2,8 +2,10 @@ server {
     listen      8080;
 
     server_name _;
+    add_header Content-Security-Policy "default-src 'self';";
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
 
-    return 301 https://asimonson.com$request_uri
+    return 301 https://asimonson.com$request_uri;
 
     location / {
         proxy_pass http://localhost:5000/;