diff --git a/roles/nginx/templates/vhosts/medias.nupes.social.conf.j2 b/roles/nginx/templates/vhosts/medias.nupes.social.conf.j2
index d5df829..fc3e499 100644
--- a/roles/nginx/templates/vhosts/medias.nupes.social.conf.j2
+++ b/roles/nginx/templates/vhosts/medias.nupes.social.conf.j2
@@ -49,5 +49,7 @@ server {
 		add_header Cache-Control public;
 		add_header 'Access-Control-Allow-Origin' '*';
 		add_header X-Cache-Status $upstream_cache_status;
+		add_header X-Content-Type-Options nosniff;
+		add_header Content-Security-Policy "default-src 'none'; form-action 'none'";
 	}
 }