diff --git a/Caddyfile b/Caddyfile
index 778aa0f..7e4ae89 100755
--- a/Caddyfile
+++ b/Caddyfile
@@ -286,6 +286,16 @@ motsdepasse.interstices.pro {
 }
 
 nextcloud.lucasroyer.fr {
+	# Security
+    header {
+        X-Frame-Options "SAMEORIGIN"
+        X-Content-Type-Options "nosniff"
+        X-XSS-Protection "1; mode=block"
+        Referrer-Policy "no-referrer"
+        Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
+        -Server
+    }
+
 	# Large files
 	request_body {
 		max_size 10GB
@@ -303,7 +313,9 @@ nextcloud.lucasroyer.fr {
 	reverse_proxy nextcloud-web:80 {
 		header_up Host {host}
 		header_up X-Real-IP {remote_host}
-	}
+        header_down X-Frame-Options "SAMEORIGIN"
+        header_down X-Content-Type-Options "nosniff"
+    }
 }
 
 onlyoffice.lucasroyer.fr {