diff --git a/element/element.theschricks.com.conf b/element/element.theschricks.com.conf
index d6c9d07..11be12f 100644
--- a/element/element.theschricks.com.conf
+++ b/element/element.theschricks.com.conf
@@ -28,6 +28,10 @@ server {
 	add_header X-Frame-Options "SAMEORIGIN";
 	add_header Referrer-Policy "strict-origin";
 	add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";
+	add_header Set-Cookie "Path=/; HttpOnly; Secure";
+
+	# CSP
+	add_header Content-Security-Policy "frame-ancestors 'self'";
 
     	# OCSP stapling
     	ssl_stapling on;
diff --git a/element/scoring/Mozilla_Observatory.png b/element/scoring/Mozilla_Observatory.png
index e43caf9..ff6d338 100644
Binary files a/element/scoring/Mozilla_Observatory.png and b/element/scoring/Mozilla_Observatory.png differ