diff --git a/bundles/c3voc-addons/files/site_template b/bundles/c3voc-addons/files/site_template
index 0e10fd7..e274a90 100644
--- a/bundles/c3voc-addons/files/site_template
+++ b/bundles/c3voc-addons/files/site_template
@@ -26,9 +26,6 @@ server {
     client_max_body_size 5M;
 % endif
 
-    add_header Referrer-Policy same-origin;
-    add_header X-Content-Type-Options nosniff;
-
     location /.well-known/acme-challenge/ {
         alias /var/www/dehydrated;
     }
diff --git a/data/nginx/files/extras/voc.pretalx/pretalx b/data/nginx/files/extras/voc.pretalx/pretalx
index 8fe2d3f..372303d 100644
--- a/data/nginx/files/extras/voc.pretalx/pretalx
+++ b/data/nginx/files/extras/voc.pretalx/pretalx
@@ -11,3 +11,7 @@
         expires 365d;
         add_header Cache-Control "public";
     }
+
+    # https://github.com/pretalx/pretalx-media-ccc-de/issues/1
+    proxy_hide_header content-security-policy;
+    add_header content-security-policy "form-action 'self'; default-src 'self'; img-src 'self' data: https://www.gravatar.com; style-src 'self' 'unsafe-inline'; script-src 'self'; base-uri 'none'; frame-src https://media.ccc.de";