diff --git a/docker-compose.yml b/docker-compose.yml
index 040ef2b..8aeb54a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -12,8 +12,6 @@ services:
     restart: on-failure
     init: true
     tty: true
-    depends_on:
-      - nginx
   nginx:
     image: nginx:1.19.2
     ports:
@@ -22,6 +20,8 @@ services:
       - staticfiles:/app/static
       - media:/app/media
       - ./docker/nginx.conf:/etc/nginx/conf.d/default.conf
+    depends_on:
+      - django
   tests:
     image: rg.fr-par.scw.cloud/crocmagnon/blog:tests
     build:
diff --git a/docker/nginx.conf b/docker/nginx.conf
index fc2bb18..02227b5 100644
--- a/docker/nginx.conf
+++ b/docker/nginx.conf
@@ -35,15 +35,17 @@ server {
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto https;
         proxy_pass http://django:8000;
         proxy_redirect off;
     }
 
-    add_header Content-Security-Policy "frame-ancestors 'none'; default-src 'none'; img-src https: 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'" always;
+    add_header Content-Security-Policy "frame-ancestors 'none'; default-src 'none'; img-src https:; script-src 'self' https://plausible.augendre.info; connect-src https://plausible.augendre.info; style-src 'self' 'unsafe-inline'; font-src 'self'" always;
     add_header X-Frame-Options "DENY" always;
     add_header X-XSS-Protection "1; mode=block" always;
     add_header X-Content-Type-Options "nosniff" always;
     add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
 
     listen [::]:80;
     listen 80;