diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index f84275b7..e00a14ac 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -272,6 +272,13 @@ http {
             internal;
         }
 
+        location ~ "(\.html|/)$" {
+            include snippets/security-headers.conf;
+            add_header Cross-Origin-Resource-Policy "same-origin" always;
+            add_header Cache-Control "public, no-cache";
+            include snippets/preload.conf;
+        }
+
         location = /install/web {
             include snippets/security-headers-base.conf;
             add_header Content-Security-Policy "default-src 'none'; child-src 'self'; connect-src 'self' https://releases.grapheneos.org/; font-src 'self'; img-src 'self'; manifest-src 'self'; script-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'" always;
@@ -287,7 +294,7 @@ http {
             add_header Cross-Origin-Resource-Policy "same-origin" always;
             add_header Cache-Control "public, no-cache";
             include snippets/preload.conf;
-            try_files $uri $uri.html $uri/ =404;
+            try_files $uri.html $uri/ =404;
         }
     }