diff --git a/nginx/configs/security.conf b/nginx/configs/security.conf
index 9a52c14..76dcb24 100644
--- a/nginx/configs/security.conf
+++ b/nginx/configs/security.conf
@@ -1,9 +1,7 @@
 # security headers
-add_header X-XSS-Protection          "1; mode=block" always;
 add_header X-Content-Type-Options    "nosniff" always;
-add_header Referrer-Policy           "no-referrer-when-downgrade" always;
-#add_header Content-Security-Policy   "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
-add_header Permissions-Policy        "interest-cohort=()" always;
+add_header Referrer-Policy           "same-origin" always;
 add_header X-Frame-Options           "sameorigin" always;
+add_header Permissions-Policy        "interest-cohort=()" always;
 add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
 
diff --git a/nginx/configs/ssl.conf b/nginx/configs/ssl.conf
index 60eff09..876192f 100644
--- a/nginx/configs/ssl.conf
+++ b/nginx/configs/ssl.conf
@@ -1,4 +1,5 @@
-ssl_certificate /etc/ssl/certs/fullchain.pem;
-ssl_certificate_key /etc/ssl/private/privkey.pem;
+# ECDSA
+ssl_certificate /etc/ssl/nadeko.net/fullchain.ec.crt;
+ssl_certificate_key /etc/ssl/nadeko.net/nadeko.net.ec.key;
 
 include configs/sslConfig.conf;