diff --git a/.drone.jsonnet b/.drone.jsonnet
index f13e17f..97bcbf8 100644
--- a/.drone.jsonnet
+++ b/.drone.jsonnet
@@ -1,21 +1,23 @@
 local Volume = { name: 'site', path: '/site' };
-local NetlifyStep(env, prod) = {
-  name: 'netlify deploy ' + env,
-  image: 'internetmat/drone-netlify',
-  volumes: [Volume],
-  settings: {
-    token: { from_secret: 'netlify_token' },
-    site: { from_secret: 'netlify_site_id' },
-    path: '/site',
-    prod: prod,
-  },
-  when: if prod then {
-    event: ['promote'],
-    target: ['prod'],
-  } else {
-    target: { exclude: ['prod'] },
-  },
-};
+local NetlifyStep(env) =
+  local prod = env == 'production';
+  {
+    name: 'netlify deploy ' + env,
+    image: 'internetmat/drone-netlify',
+    volumes: [Volume],
+    settings: {
+      token: { from_secret: 'netlify_token' },
+      site: { from_secret: 'netlify_site_id' },
+      path: '/site',
+      prod: prod,
+    },
+    when: if prod then {
+      event: ['promote'],
+      target: ['production'],
+    } else {
+      target: { exclude: ['production'] },
+    },
+  };
 {
   kind: 'pipeline',
   type: 'docker',
@@ -37,7 +39,7 @@ local NetlifyStep(env, prod) = {
         'cp -r result/* /site/',
       ],
     },
-    NetlifyStep('staging', false),
-    NetlifyStep('prod', true),
+    NetlifyStep('staging'),
+    NetlifyStep('production'),
   ],
 }
diff --git a/netlify.toml b/netlify.toml
index f51f82c..9465e36 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -46,4 +46,15 @@
       allow-popups-to-escape-sandbox
     '''
 
+[context.deploy-preview]
+  [[headers]]
+      for = "/*"
+
+      [headers.values]
+        Permissions-Policy = "interest-cohort=()"
+        Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
+        X-Content-Type-Options = "nosniff"
+        X-Frame-Options = "DENY"
+        Referrer-Policy = "no-referrer"
+        Content-Security-Policy = ""