diff --git a/conf/default.conf b/conf/default.conf
index 8387232..477eeec 100644
--- a/conf/default.conf
+++ b/conf/default.conf
@@ -5,14 +5,12 @@ server {
 
 # Dieser Server ist der Zugang zur "Nginx config und wird im 2. Openresty Server genutzt"
 server {
-    listen 8080;
+    listen 443 ssl;
     set $proxy_host theiaconf;
     set $proxy_port 3000;
     include ldap.conf;
-    include secure.conf;
-    add_header content-security-policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'";
-    add_header content-security-policy-report-only "default-src 'self' 'unsafe-inline' ";
-    include default_proxy.conf;
+    include ssl.conf;
+    include internal_proxy.conf;
 }
 
 
diff --git a/snippets/default_proxy.conf b/snippets/default_proxy.conf
index dba0c26..29ce06c 100644
--- a/snippets/default_proxy.conf
+++ b/snippets/default_proxy.conf
@@ -1,5 +1,6 @@
 location / {
     include proxy.conf;
+    include secure.conf;
     proxy_buffering off;
     proxy_pass http://$proxy_host:$proxy_port;
 }
\ No newline at end of file
diff --git a/snippets/internal_proxy.conf b/snippets/internal_proxy.conf
new file mode 100644
index 0000000..29406ad
--- /dev/null
+++ b/snippets/internal_proxy.conf
@@ -0,0 +1,6 @@
+location / {
+    include proxy.conf;
+    include ldap.conf;
+    proxy_buffering off;
+    proxy_pass http://$proxy_host:$proxy_port;
+}
\ No newline at end of file
diff --git a/snippets/internal_sub_proxy.conf b/snippets/internal_sub_proxy.conf
new file mode 100644
index 0000000..e32cc8c
--- /dev/null
+++ b/snippets/internal_sub_proxy.conf
@@ -0,0 +1,9 @@
+location /$proxy_location {
+    include ldap.conf;
+    rewrite_log on;
+    rewrite /$proxy_location/(.*) /$1 break;
+    rewrite ^/$proxy_location$ /$proxy_location/ permanent;
+    include proxy.conf;
+    proxy_buffering off;
+    proxy_pass http://$proxy_host:$proxy_port;
+}
\ No newline at end of file
diff --git a/snippets/secure.conf b/snippets/secure.conf
index 5e836c1..2800c86 100644
--- a/snippets/secure.conf
+++ b/snippets/secure.conf
@@ -1,6 +1,10 @@
 
-        add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'";
-        add_header X-Content-Type-Options nosniff;
-        add_header X-XSS-Protection "1; mode=block";
-        add_header Referrer-Policy "strict-origin";
-        add_header Strict-Transport-Security "max-age=31536000" always;
\ No newline at end of file
+add_header Content-Security-Policy "default-src 'none'; img-src 'self'; \
+    script-src 'self'; style-src 'self' 'unsafe-inline'; \
+    font-src 'self'; base-uri 'self'; form-action 'self';\
+     connect-src 'self'; frame-ancestors 'none'";
+add_header X-Content-Type-Options nosniff;
+add_header X-Frame-Options DENY;
+add_header X-XSS-Protection "1; mode=block" always;
+add_header Referrer-Policy "strict-origin";
+add_header Strict-Transport-Security "max-age=31536000" always;
\ No newline at end of file
diff --git a/snippets/ssl.conf b/snippets/ssl.conf
index 5f765d1..9bf28f1 100644
--- a/snippets/ssl.conf
+++ b/snippets/ssl.conf
@@ -11,4 +11,6 @@ ssl_certificate_by_lua_block {
     #   -keyout /etc/ssl/resty-auto-ssl-fallback.key \
     #   -out /etc/ssl/resty-auto-ssl-fallback.crt
 ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
-ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;
\ No newline at end of file
+ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;
+ssl_protocols TLSv1.2 TLSv1.3;
+add_header Strict-Transport-Security "max-age=31536000" always;
\ No newline at end of file