diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix
index 4aaaaa4..059434c 100644
--- a/hosts/fwminex/configuration.nix
+++ b/hosts/fwminex/configuration.nix
@@ -245,10 +245,9 @@ in
         '';
         "jakstys.lt".extraConfig = ''
           header {
-            Strict-Transport-Security "max-age=2592000"
+            Strict-Transport-Security "max-age=15768000"
             Content-Security-Policy "default-src 'self'"
             X-Content-Type-Options "nosniff"
-            Content-Security-Policy "frame-ancestors 'none'"
             X-Frame-Options "DENY"
 
             /_/* Cache-Control "public, max-age=31536000, immutable"
diff --git a/modules/services/gitea/default.nix b/modules/services/gitea/default.nix
index 8b04191..3d437d7 100644
--- a/modules/services/gitea/default.nix
+++ b/modules/services/gitea/default.nix
@@ -86,10 +86,11 @@
           }
 
           header {
-            Strict-Transport-Security "max-age=2592000"
-            Content-Security-Policy "default-src 'self'"
+            Strict-Transport-Security "max-age=15768000"
+
+            # https://github.com/go-gitea/gitea/issues/305#issuecomment-1049290764
+            Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src 'self' data:; form-action 'self'; img-src 'self' https://ga-beacon.appspot.com https://raw.githubusercontent.com https://secure.gravatar.com https://sourcethemes.com; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self';"
             X-Content-Type-Options "nosniff"
-            Content-Security-Policy "frame-ancestors 'none'"
             X-Frame-Options "DENY"
           }