diff --git a/cluster/prod/app/garage/deploy/garage.hcl b/cluster/prod/app/garage/deploy/garage.hcl
index 6e33346..34eb0cc 100644
--- a/cluster/prod/app/garage/deploy/garage.hcl
+++ b/cluster/prod/app/garage/deploy/garage.hcl
@@ -99,9 +99,11 @@ job "garage" {
             "garage-web",
             "tricot * 1",
             #"tricot-add-header Content-Security-Policy default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://code.jquery.com/; frame-ancestors 'self'",
+            "tricot-add-header Content-Security-Policy default-src https: 'unsafe-inline'",
             "tricot-add-header Strict-Transport-Security max-age=63072000; includeSubDomains; preload",
             "tricot-add-header X-Frame-Options SAMEORIGIN",
             "tricot-add-header X-XSS-Protection 1; mode=block",
+            "tricot-add-header X-Content-Type-Options nosniff",
             "tricot-site-lb",
         ]
         port = 3902