diff --git a/styles/bootstrap/application.css b/styles/bootstrap/application.css
index 5b38e73fa..7427e89c7 100644
--- a/styles/bootstrap/application.css
+++ b/styles/bootstrap/application.css
@@ -13,6 +13,12 @@ img.mimeicon {
 	background-color: white;
 }
 
+span.list-details {
+	font-size: 85%;
+	font-style: italic;
+	color: #666;
+}
+
 .list-action a {
 	text-decoration: none;
 	color: #333;
diff --git a/views/bootstrap/class.Bootstrap.php b/views/bootstrap/class.Bootstrap.php
index 5e1bdd40c..e72242e3e 100644
--- a/views/bootstrap/class.Bootstrap.php
+++ b/views/bootstrap/class.Bootstrap.php
@@ -57,12 +57,17 @@ class SeedDMS_Bootstrap_Style extends SeedDMS_View_Common {
 			 * Content-Security-Policy since version 23+
 			 * 'worker-src blob:' is needed for cytoscape
 			 */
-			$csp_rules = "script-src 'self' 'unsafe-eval'; worker-src blob:;"; // style-src 'self';";
+			$csp_rules = "script-src 'self' 'unsafe-eval';";
+			$csp_rules .= "worker-src blob:;";
+			//$csp_rules .= "style-src 'self';";
+			/* Do not allow to embed myself into frames on foreigns pages */
+			$csp_rules .= "frame-ancestors 'self';";
 			foreach (array("X-WebKit-CSP", "X-Content-Security-Policy", "Content-Security-Policy") as $csp) {
 				header($csp . ": " . $csp_rules);
 			}
 		}
-//		header('X-Content-Type-Options: nosniff');
+		header('X-Content-Type-Options: nosniff');
+		header('Strict-Transport-Security: max-age=15768000');
 		if($httpheader) {
 			foreach($httpheader as $name=>$value) {
 				header($name . ": " . $value);