diff --git a/apps/server/AliasVault.Client/nginx.conf b/apps/server/AliasVault.Client/nginx.conf
index fd55514f8..d177ae4d6 100644
--- a/apps/server/AliasVault.Client/nginx.conf
+++ b/apps/server/AliasVault.Client/nginx.conf
@@ -6,6 +6,11 @@ http {
     include /etc/nginx/mime.types;
     default_type application/octet-stream;
 
+    # Add MIME type mapping for JavaScript modules
+    types {
+        application/javascript mjs;
+    }
+
     # Gzip Settings
     gzip on;
     gzip_vary on;
diff --git a/apps/server/nginx.conf b/apps/server/nginx.conf
index 681d54731..ccf3043c0 100644
--- a/apps/server/nginx.conf
+++ b/apps/server/nginx.conf
@@ -66,6 +66,13 @@ http {
         # by the entrypoint script.
         include /etc/nginx/ssl.conf;
 
+        # Security headers
+        add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header Cross-Origin-Resource-Policy "same-origin" always;
+        add_header Content-Security-Policy "frame-ancestors 'self'" always;
+
         # Admin interface
         location /admin {
             proxy_pass http://admin;