diff --git a/apache-conf/000-default.conf b/apache-conf/000-default.conf
index 960c295..08fb04e 100644
--- a/apache-conf/000-default.conf
+++ b/apache-conf/000-default.conf
@@ -6,6 +6,13 @@ TraceEnable Off
     ServerName auth.jakach.ch
     DocumentRoot /var/www/html
 
+    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+    Header always set X-Content-Type-Options "nosniff"
+    Header always set X-Frame-Options "DENY"
+    Header always set Referrer-Policy "strict-origin-when-cross-origin"
+    Header always set Permissions-Policy "camera=(), microphone=(), geolocation=(), payment=(), usb=(), publickey-credentials-get=(self)"
+    Header always set Content-Security-Policy "base-uri 'self'; object-src 'none'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests"
+
     <Directory /var/www/html>
         Options FollowSymLinks
         AllowOverride All
diff --git a/srv_dockerfile b/srv_dockerfile
index cabab47..e06ed7a 100644
--- a/srv_dockerfile
+++ b/srv_dockerfile
@@ -7,8 +7,8 @@ RUN apt-get update && \
     pecl install redis && \
     docker-php-ext-enable redis
 
-# Enable SSL module for Apache
-RUN a2enmod ssl
+# Enable Apache modules
+RUN a2enmod ssl headers
 
 # Restart Apache to apply changes
 RUN service apache2 restart