diff --git a/modules/server/vaultwarden/default.nix b/modules/server/vaultwarden/default.nix
index 877ecc62..5bcdd887 100644
--- a/modules/server/vaultwarden/default.nix
+++ b/modules/server/vaultwarden/default.nix
@@ -30,13 +30,18 @@ in {
     };
 
     services.caddy.virtualHosts."vault.cnst.dev".extraConfig = ''
-      reverse_proxy ${vcfg.ROCKET_ADDRESS}:${toString vcfg.ROCKET_PORT}
-      header {
-        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
-        X-Content-Type-Options "nosniff"
-        X-Frame-Options "SAMEORIGIN"
-        Referrer-Policy "strict-origin-when-cross-origin"
-        Permissions-Policy "geolocation=(), microphone=(), camera=()"
+      log {
+        level INFO
+        output file {$LOG_FILE} {
+          roll_size 10MB
+          roll_keep 10
+        }
+      }
+
+      encode zstd gzip
+
+      reverse_proxy ${vcfg.ROCKET_ADDRESS}:${toString vcfg.ROCKET_PORT} {
+        header_up X-Real-IP {remote_host}
       }
     '';