diff --git a/nginx_snippets/sv2.conf b/nginx_snippets/sv2.conf
index 3d79457f41d56a115974d5183d83c55d8f63663b..db79cb8806b88ac66a94962d40152a916f0f09db 100644
--- a/nginx_snippets/sv2.conf
+++ b/nginx_snippets/sv2.conf
@@ -2,5 +2,10 @@ location ~ /.* {
         root /opt/strudel2/spa/sv2/;
         #alias /var/www/sv2/dist/sv2/;
         try_files $uri$args $uri$args/ $uri/ /index.html;
-}
+        add_header Content-Security-Policy "default-src 'self' *.cloud.cvl.org.au; style-src 'self' fonts.googleapis.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com";
+        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
+    	add_header X-Frame-Options "SAMEORIGIN";
+    	add_header X-XSS-Protection "1; mode=block";
+    	add_header X-Content-Type-Options "nosniff";
 
+}