diff --git a/backend/main.go b/backend/main.go
index 88e6164..2c86178 100644
--- a/backend/main.go
+++ b/backend/main.go
@@ -98,6 +98,7 @@ func connect() {
 		c.Writer.Header().Set("X-Frame-Options", "DENY")
 		c.Writer.Header().Set("X-Download-Options", "noopen")
 		c.Writer.Header().Set("Referrer-Policy", "no-referrer")
+		c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';")
 		c.Writer.Header().Set("X-Server", "OCBO Server")
 
 		switch method {
@@ -434,7 +435,7 @@ func connect() {
 				"result": result,
 			})
 
-    case "get-headid":
+		case "get-headid":
 			err = db.QueryRow("SELECT IFNULL(employeeid, '') AS result FROM employee WHERE is_head = 1").Scan(&result)
 			if err != nil {
 				c.AbortWithError(http.StatusBadRequest, err)
@@ -460,6 +461,8 @@ func connect() {
 		c.Writer.Header().Set("X-Frame-Options", "DENY")
 		c.Writer.Header().Set("X-Download-Options", "noopen")
 		c.Writer.Header().Set("Referrer-Policy", "no-referrer")
+		c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';")
+		c.Writer.Header().Set("X-Server", "OCBO Server")
 
 		switch method {
 		case "check-building":
@@ -1370,6 +1373,8 @@ func connect() {
 		c.Writer.Header().Set("X-Frame-Options", "DENY")
 		c.Writer.Header().Set("X-Download-Options", "noopen")
 		c.Writer.Header().Set("Referrer-Policy", "no-referrer")
+		c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';")
+		c.Writer.Header().Set("X-Server", "OCBO Server")
 
 		switch method {
 		case "check-access":
@@ -1426,6 +1431,8 @@ func connect() {
 		c.Writer.Header().Set("X-Frame-Options", "DENY")
 		c.Writer.Header().Set("X-Download-Options", "noopen")
 		c.Writer.Header().Set("Referrer-Policy", "no-referrer")
+		c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';")
+		c.Writer.Header().Set("X-Server", "OCBO Server")
 
 		dbpost, err := db.Prepare("INSERT INTO esign (esignid, employeeid, password, signature, image) VALUES (NULL, ?, ?, ?, ?)")
 		if err != nil {
@@ -1473,6 +1480,8 @@ func connect() {
 		c.Writer.Header().Set("X-Frame-Options", "DENY")
 		c.Writer.Header().Set("X-Download-Options", "noopen")
 		c.Writer.Header().Set("Referrer-Policy", "no-referrer")
+		c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';")
+		c.Writer.Header().Set("X-Server", "OCBO Server")
 
 		dbpost, err := db.Prepare(`INSERT INTO occupancydocflowtxn (occupancydocflowtxnid, occupancyreceivingid, txndate, remarks, is_tag, tagword, is_approve, employeeid, is_compliance, comments)
                               VALUES (NULL, ?, ?, ?, ?, ?, ?, ?, 0, NULL)`)
@@ -1521,6 +1530,8 @@ func connect() {
 		c.Writer.Header().Set("X-Frame-Options", "DENY")
 		c.Writer.Header().Set("X-Download-Options", "noopen")
 		c.Writer.Header().Set("Referrer-Policy", "no-referrer")
+		c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';")
+		c.Writer.Header().Set("X-Server", "OCBO Server")
 
 		dbpost, err := db.Prepare(`INSERT INTO electricaldocflowtxn (electricaldocflowtxnid, electricalid, txndate, remarks, comments, is_tag, tagword, is_approve, employeeid, is_delete) 
                               VALUES (NULL, ?, ?, ?, NULL, ?, ?, ?, ?, 0)`)
@@ -1564,6 +1575,8 @@ func connect() {
 		c.Writer.Header().Set("X-Frame-Options", "DENY")
 		c.Writer.Header().Set("X-Download-Options", "noopen")
 		c.Writer.Header().Set("Referrer-Policy", "no-referrer")
+		c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';")
+		c.Writer.Header().Set("X-Server", "OCBO Server")
 
 		dbpost, err := db.Prepare("UPDATE occupancydocflowtxn SET is_approve = 1 WHERE remarks = ? AND occupancyreceivingid = (SELECT occupancyid FROM occupancy WHERE controlNo = ?)")
 		if err != nil {
@@ -1611,6 +1624,8 @@ func connect() {
 		c.Writer.Header().Set("X-Frame-Options", "DENY")
 		c.Writer.Header().Set("X-Download-Options", "noopen")
 		c.Writer.Header().Set("Referrer-Policy", "no-referrer")
+		c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';")
+		c.Writer.Header().Set("X-Server", "OCBO Server")
 
 		dbpost, err := db.Prepare("UPDATE electricaldocflowtxn SET is_approve = 1 WHERE remarks = ? AND electricalid = (SELECT electricalid FROM electrical WHERE electricalNo = ?)")
 		if err != nil {
@@ -1657,6 +1672,8 @@ func connect() {
 		c.Writer.Header().Set("X-Frame-Options", "DENY")
 		c.Writer.Header().Set("X-Download-Options", "noopen")
 		c.Writer.Header().Set("Referrer-Policy", "no-referrer")
+		c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';")
+		c.Writer.Header().Set("X-Server", "OCBO Server")
 
 		dbpost, err := db.Prepare("UPDATE occupancy_orderofpayment SET popstransmitted = 1, is_release = 1 WHERE occupancyid = ? AND for_approval = 1 AND is_paid = 0 AND is_approve = 1")
 		if err != nil {
@@ -1697,6 +1714,8 @@ func connect() {
 		c.Writer.Header().Set("X-Frame-Options", "DENY")
 		c.Writer.Header().Set("X-Download-Options", "noopen")
 		c.Writer.Header().Set("Referrer-Policy", "no-referrer")
+		c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';")
+		c.Writer.Header().Set("X-Server", "OCBO Server")
 
 		dbpost, err := db.Prepare("UPDATE electrical_orderofpayment_new SET popstransmitted = 1, is_release = 1 WHERE electricalid = ? AND for_approval = 1 AND is_paid = 0 AND is_approve = 1")
 		if err != nil {
@@ -1737,6 +1756,8 @@ func connect() {
 		c.Writer.Header().Set("X-Frame-Options", "DENY")
 		c.Writer.Header().Set("X-Download-Options", "noopen")
 		c.Writer.Header().Set("Referrer-Policy", "no-referrer")
+		c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';")
+		c.Writer.Header().Set("X-Server", "OCBO Server")
 
 		dbpost, err := db.Prepare("UPDATE electrical_orderofpayment_new SET popstransmitted = 1, is_release = 1 WHERE electricalid = ? AND for_approval = 1 AND is_paid = 0 AND is_approve = 1")
 		if err != nil {
@@ -1779,6 +1800,8 @@ func connect() {
 		c.Writer.Header().Set("X-Frame-Options", "DENY")
 		c.Writer.Header().Set("X-Download-Options", "noopen")
 		c.Writer.Header().Set("Referrer-Policy", "no-referrer")
+		c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';")
+		c.Writer.Header().Set("X-Server", "OCBO Server")
 
 		dbpost, err := db.Prepare("INSERT INTO esign_transactions (esign_transactionsid, esignid, referenceNo, date_signed) VALUES (NULL, ?, ?, ?)")
 		if err != nil {
@@ -1831,6 +1854,8 @@ func connect() {
 		c.Writer.Header().Set("X-Frame-Options", "DENY")
 		c.Writer.Header().Set("X-Download-Options", "noopen")
 		c.Writer.Header().Set("Referrer-Policy", "no-referrer")
+		c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';")
+		c.Writer.Header().Set("X-Server", "OCBO Server")
 
 		dbpost, err := dbpop.Prepare(`INSERT INTO orderpaydetail (OrderPayId, OPRefId, OPSysId, OPDate, AcctRefId, AcctFullName, AcctAddress, AccountCode, AmountBasic, OPPostedBy, OPPostDate, OfficeCode, Amt_GFLGU, Amt_GFDPWH, Amt_TFBO, TranRefId)
                                   VALUES (NULL, ?, 'IIPS', ?, ?, ?, ?, ?, ?, ?, ?, 8751, ?, ?, ?, ?)`)
@@ -1873,6 +1898,8 @@ func connect() {
 		c.Writer.Header().Set("X-Frame-Options", "DENY")
 		c.Writer.Header().Set("X-Download-Options", "noopen")
 		c.Writer.Header().Set("Referrer-Policy", "no-referrer")
+		c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';")
+		c.Writer.Header().Set("X-Server", "OCBO Server")
 
 		dbpost, err := db.Prepare("UPDATE occupancy_orderofpayment SET is_approve = 1 WHERE occupancyid = ? AND for_approval = 1 AND is_paid = 0")
 		if err != nil {
@@ -1920,6 +1947,8 @@ func connect() {
 		c.Writer.Header().Set("X-Frame-Options", "DENY")
 		c.Writer.Header().Set("X-Download-Options", "noopen")
 		c.Writer.Header().Set("Referrer-Policy", "no-referrer")
+		c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';")
+		c.Writer.Header().Set("X-Server", "OCBO Server")
 
 		dbpost, err := db.Prepare("UPDATE building_orderofpayment SET is_approve = 1 WHERE occupancyid = ? AND for_approval = 1 AND is_paid = 0")
 		if err != nil {
@@ -1967,6 +1996,8 @@ func connect() {
 		c.Writer.Header().Set("X-Frame-Options", "DENY")
 		c.Writer.Header().Set("X-Download-Options", "noopen")
 		c.Writer.Header().Set("Referrer-Policy", "no-referrer")
+		c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';")
+		c.Writer.Header().Set("X-Server", "OCBO Server")
 
 		dbpost, err := db.Prepare("UPDATE electrical_orderofpayment_new SET is_approve = 1 WHERE electricalid = ? AND for_approval = 1 AND is_paid = 0")
 		if err != nil {
@@ -2014,6 +2045,8 @@ func connect() {
 		c.Writer.Header().Set("X-Frame-Options", "DENY")
 		c.Writer.Header().Set("X-Download-Options", "noopen")
 		c.Writer.Header().Set("Referrer-Policy", "no-referrer")
+		c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';")
+		c.Writer.Header().Set("X-Server", "OCBO Server")
 
 		dbpost, err := db.Prepare("UPDATE employee SET employeename = ? WHERE employeeid = ?")
 		if err != nil {
@@ -2058,6 +2091,8 @@ func connect() {
 		c.Writer.Header().Set("X-Frame-Options", "DENY")
 		c.Writer.Header().Set("X-Download-Options", "noopen")
 		c.Writer.Header().Set("Referrer-Policy", "no-referrer")
+		c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';")
+		c.Writer.Header().Set("X-Server", "OCBO Server")
 
 		dbpost, err := db.Prepare("UPDATE esign SET password = ? WHERE employeeid = ?")
 		if err != nil {