diff --git a/modules/gitea.nix b/modules/gitea.nix
index b140ed1..aec48e7 100644
--- a/modules/gitea.nix
+++ b/modules/gitea.nix
@@ -15,12 +15,24 @@
 				HTTP_PORT = 3000;
 			};
 			service.DISABLE_REGISTRATION = true;
+			security.INSTALL_LOCK = true;
+			session = {
+				COOKIE_SECURE = true;
+				SAME_SITE = "strict";
+			};
+			api.ENABLE_SWAGGER = false;
 		};
 	};
 
 	services.caddy = {
 		enable = true;
 		virtualHosts."git.schmatzler.com".extraConfig = ''
+			header {
+				Strict-Transport-Security "max-age=31536000; includeSubDomains"
+				X-Content-Type-Options "nosniff"
+				X-Frame-Options "DENY"
+				Referrer-Policy "strict-origin-when-cross-origin"
+			}
 			reverse_proxy localhost:3000
 		'';
 	};