diff --git a/flake.lock b/flake.lock
index 5d572e3..1ca406e 100644
--- a/flake.lock
+++ b/flake.lock
@@ -125,11 +125,11 @@
         "nixpkgs": "nixpkgs_2"
       },
       "locked": {
-        "lastModified": 1777068438,
-        "narHash": "sha256-87KZIkdVRICi7BkPs50gM949qRrRBsznchVvmAAWxsY=",
+        "lastModified": 1777484430,
+        "narHash": "sha256-dnUDj6zLNhFeXkUzzKdecF7jqHhayZ4Q9+WbXJW+dnY=",
         "owner": "anotherhadi",
         "repo": "blog",
-        "rev": "e3f0fc5735b272ee518cdc579cf4fd638ee2adb5",
+        "rev": "35ac328d5ed6f701c102ab6729aa842705208e6c",
         "type": "github"
       },
       "original": {
diff --git a/server-modules/blog.nix b/server-modules/blog.nix
index d876789..6a88bd0 100644
--- a/server-modules/blog.nix
+++ b/server-modules/blog.nix
@@ -25,12 +25,19 @@ in {
                 }
               ];
               locations."/" = {
-                tryFiles = "$uri $uri/ /index.html";
+                tryFiles = "$uri $uri/ =404";
               };
               extraConfig = ''
                 port_in_redirect off;
                 absolute_redirect off;
+                error_page 403 /403.html;
+                error_page 404 /404.html;
+                error_page 500 /500.html;
+                error_page 503 /503.html;
                 add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' data: https://umami.${domain}; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://git.${domain}; connect-src 'self' https://umami.${domain};" always;
+                add_header X-Frame-Options "SAMEORIGIN" always;
+                add_header X-Content-Type-Options "nosniff" always;
+                add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
               '';
             };
             "www-redirect" = {