diff --git a/services/comms/helmrelease.yaml b/services/comms/helmrelease.yaml
index b907d38..406ab51 100644
--- a/services/comms/helmrelease.yaml
+++ b/services/comms/helmrelease.yaml
@@ -382,6 +382,14 @@ spec:
         url: https://call.live.bstein.dev
         participant_limit: 16
         brand: Othrys Call
+    nginxConfig: |-
+      add_header X-Frame-Options SAMEORIGIN;
+      add_header X-Content-Type-Options nosniff;
+      add_header X-XSS-Protection "1; mode=block";
+      add_header Content-Security-Policy "frame-ancestors 'self'";
+      location = /config.live.bstein.dev.json {
+        try_files /config.json =404;
+      }
 
     ingress:
       enabled: true