diff --git a/backend/nginx.conf b/backend/nginx.conf
index 8074aa6..e63dcfe 100644
--- a/backend/nginx.conf
+++ b/backend/nginx.conf
@@ -36,10 +36,19 @@ http {
 
         # Serve protected media files with X-Accel-Redirect
         location /protectedMedia/ {
-            internal; # Only internal requests are allowed
-            alias /code/media/;  # This should match Django MEDIA_ROOT
-            try_files $uri =404; # Return a 404 if the file doesn't exist
-        }
+            internal;
+            alias /code/media/;
+            try_files $uri =404;
+
+            # Nested location for PDFs
+            location ~* \.pdf$ {
+                add_header Content-Security-Policy "default-src 'self'; script-src 'none'; object-src 'none'; base-uri 'none'" always;
+                add_header X-Content-Type-Options nosniff always;
+                add_header X-Frame-Options SAMEORIGIN always;
+                add_header Content-Disposition "inline" always;
+    }
+}
+
 
     }
 }