diff --git a/flake.lock b/flake.lock
index 2482b9f..350396a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -125,11 +125,11 @@
         "nixpkgs": "nixpkgs_2"
       },
       "locked": {
-        "lastModified": 1774471448,
-        "narHash": "sha256-fK0DhC17S0DJVnvnwoPXQ1UGwmOzcma2zhwncBP5UYw=",
+        "lastModified": 1774893414,
+        "narHash": "sha256-2n0foeNENf4O3ZHmsppYtecrVWwjU80A6Dohjy1BKLA=",
         "owner": "anotherhadi",
         "repo": "blog",
-        "rev": "7362feb3f58ac6f65e99315acc0101e0303862ba",
+        "rev": "cd93b16618678bbebade1ed6898f3844bf61d25d",
         "type": "github"
       },
       "original": {
@@ -308,11 +308,11 @@
         "nixpkgs": "nixpkgs_4"
       },
       "locked": {
-        "lastModified": 1774468489,
-        "narHash": "sha256-VQfXEaN08eR5rVjwF1Wk5arNhoebZQst2ommdIIAHF4=",
+        "lastModified": 1774887895,
+        "narHash": "sha256-cULnvYcj/LzUtV8Q6HyYHgKevQBZjAF4FF5YaV68fkc=",
         "owner": "anotherhadi",
         "repo": "default-creds",
-        "rev": "1c9d554b74e5acdd43cd83243fcd20671d707708",
+        "rev": "1b7c96da8f3a3923c1cfa36b01cd87b598bed5a5",
         "type": "github"
       },
       "original": {
diff --git a/server-modules/blog.nix b/server-modules/blog.nix
index 12e341d..aebda98 100644
--- a/server-modules/blog.nix
+++ b/server-modules/blog.nix
@@ -4,23 +4,41 @@
   ...
 }: {
   services = {
-    nginx.virtualHosts."blog.local" = {
-      root = "${inputs.blog.packages.${pkgs.system}.default}/share/blog";
-      listen = [
-        {
-          addr = "127.0.0.1";
-          port = 8758;
-        }
-      ];
-      locations."/" = {
-        tryFiles = "$uri $uri/ /index.html";
+    nginx.virtualHosts = {
+      "blog.local" = {
+        root = "${inputs.blog.packages.${pkgs.system}.default}/share/blog";
+        listen = [
+          {
+            addr = "127.0.0.1";
+            port = 8758;
+          }
+        ];
+        locations."/" = {
+          tryFiles = "$uri $uri/ /index.html";
+        };
+        extraConfig = ''
+          port_in_redirect off;
+          absolute_redirect off;
+          add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' data: https://umami.hadi.icu; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://git.hadi.icu; connect-src 'self' https://umami.hadi.icu;" always;
+        '';
+      };
+
+      "www.blog.local" = {
+        listen = [
+          {
+            addr = "127.0.0.1";
+            port = 8189;
+          }
+        ];
+        extraConfig = ''
+          return 301 https://hadi.icu$request_uri;
+        '';
       };
-      extraConfig = ''
-        port_in_redirect off;
-        absolute_redirect off;
-      '';
     };
-    cloudflared.tunnels."a1dfa315-7fc3-4a65-8c02-8387932c35c3".ingress."hadi.icu" = "http://127.0.0.1:8758";
-    cloudflared.tunnels."a1dfa315-7fc3-4a65-8c02-8387932c35c3".ingress."www.hadi.icu" = "http://127.0.0.1:8758";
+
+    cloudflared.tunnels."a1dfa315-7fc3-4a65-8c02-8387932c35c3".ingress = {
+      "hadi.icu" = "http://127.0.0.1:8758";
+      "www.hadi.icu" = "http://127.0.0.1:8189";
+    };
   };
 }