diff --git a/rootfs/nginx/sites-enabled/nginx.conf b/rootfs/nginx/sites-enabled/nginx.conf
index 96c816c..cf2f663 100644
--- a/rootfs/nginx/sites-enabled/nginx.conf
+++ b/rootfs/nginx/sites-enabled/nginx.conf
@@ -3,17 +3,17 @@ server {
         root /nextcloud;
         
         fastcgi_buffers 64 4K;
+        fastcgi_hide_header X-Powered-By;
         large_client_header_buffers 4 16k;
 
-        # https://docs.nextcloud.com/server/14/admin_manual/configuration_server/harden_server.html?highlight=security#enable-http-strict-transport-security
         add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
-        # https://docs.nextcloud.com/server/14/admin_manual/configuration_server/harden_server.html?highlight=security#serve-security-related-headers-by-the-web-server
-        add_header X-Content-Type-Options nosniff;
-        add_header X-XSS-Protection "1; mode=block";
-        add_header X-Robots-Tag none;
-        add_header X-Download-Options noopen;
-        add_header X-Permitted-Cross-Domain-Policies none;
         add_header Referrer-Policy "no-referrer" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header X-Download-Options "noopen" always;
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header X-Permitted-Cross-Domain-Policies "none" always;
+        add_header X-Robots-Tag "none" always;
+        add_header X-XSS-Protection "1; mode=block" always;
 
         location = /robots.txt {
             allow all;
@@ -41,7 +41,7 @@ server {
             deny all;
         }
 
-        location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
+        location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
             include /nginx/conf/fastcgi_params;
             fastcgi_split_path_info ^(.+\.php)(/.*)$;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
@@ -54,14 +54,14 @@ server {
             fastcgi_read_timeout 1200;
         }
 
-        location ~ ^/(?:updater|ocs-provider)(?:$|/) {
+        location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
             try_files $uri/ =404;
             index index.php;
         }
 
-        location ~* \.(?:css|js|woff2?|svg|gif)$ {
+        location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
             try_files $uri /index.php$uri$is_args$args;
-            add_header Cache-Control "public, max-age=7200";
+            add_header Cache-Control "public, max-age=15778463";
             add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
             add_header X-Frame-Options "SAMEORIGIN";
             add_header X-Content-Type-Options nosniff;
@@ -72,7 +72,7 @@ server {
             access_log off;
         }
 
-        location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
+        location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
             try_files $uri /index.php$uri$is_args$args;
             access_log off;
         }