diff --git a/install.sh b/install.sh
index e6ef706..1c08faa 100644
--- a/install.sh
+++ b/install.sh
@@ -515,9 +515,9 @@ server {
     ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
     ssl_prefer_server_ciphers on;
 
-    add_header Strict-Transport-Security "max-age=15768000; preload;";
+    add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload;";
     add_header X-Content-Type-Options nosniff;
-    add_header X-XSS-Protection "1; mode=block";
+    add_header X-XSS-Protection "0";
     add_header X-Robots-Tag none;
     add_header Content-Security-Policy "frame-ancestors 'self'";
     add_header X-Frame-Options DENY;
@@ -583,9 +583,9 @@ server {
     ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
     ssl_prefer_server_ciphers on;
 
-    add_header Strict-Transport-Security "max-age=15768000; preload;";
+    add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload;";
     add_header X-Content-Type-Options nosniff;
-    add_header X-XSS-Protection "1; mode=block";
+    add_header X-XSS-Protection "0";
     add_header X-Robots-Tag none;
     add_header Content-Security-Policy "frame-ancestors 'self'";
     add_header X-Frame-Options DENY;