diff --git a/roles/nginx_site/templates/collab.foo.sh.conf.j2 b/roles/nginx_site/templates/collab.foo.sh.conf.j2
index d338ce4..93e1c8b 100644
--- a/roles/nginx_site/templates/collab.foo.sh.conf.j2
+++ b/roles/nginx_site/templates/collab.foo.sh.conf.j2
@@ -1 +1,6 @@
     client_max_body_size 50m;
+
+    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'";
+    add_header Referrer-Policy "no-referrer";
+    add_header X-Content-Type-Options "nosniff";
+    add_header X-XSS-Protection "1; mode=block";