diff --git a/deploy/nginx/nginx.conf b/deploy/nginx/nginx.conf
index 843a6ec913215af3ca9eca6f5a8e2747763befce..d75e7881cc5f942807c05cf781e3ea39a80dedb8 100644
--- a/deploy/nginx/nginx.conf
+++ b/deploy/nginx/nginx.conf
@@ -60,7 +60,7 @@ http {
     add_header X-Frame-Options DENY;
     add_header X-Content-Type-Options nosniff;
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
-    add_header Content-Security-Policy "script-src 'self' * 'unsafe-inline' 'unsafe-eval' ; object-src 'none'; frame-src 'none'";
+    add_header Content-Security-Policy "script-src 'self' * 'unsafe-inline' 'unsafe-eval'; object-src 'none'; frame-src 'none'";
     add_header Pragma no-cache;
     add_header Expires 0;
 
@@ -93,7 +93,6 @@ http {
     }
 
     location / {
-
       limit_req zone=ratelimit burst=5 nodelay;
       proxy_set_header X-Forwarded-For $http_x_real_ip;
       proxy_set_header Host $host;
@@ -120,6 +119,7 @@ http {
       add_header X-XSS-Protection "1; mode=block";
       add_header X-Frame-Options DENY;
       add_header X-Content-Type-Options nosniff;
+      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
       add_header Content-Security-Policy "script-src 'self'; object-src 'none'; frame-src 'none'";
       add_header Cache-Control "no-cache,no-store,must-revalidate";
       add_header Pragma no-cache;
@@ -133,6 +133,7 @@ http {
       add_header X-XSS-Protection "1; mode=block";
       add_header X-Frame-Options DENY;
       add_header X-Content-Type-Options nosniff;
+      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
       add_header Content-Security-Policy "script-src 'self'; object-src 'none'; frame-src 'none'";
       add_header Cache-Control "no-cache,no-store,must-revalidate";
       add_header Pragma no-cache;
@@ -146,6 +147,7 @@ http {
       add_header X-XSS-Protection "1; mode=block";
       add_header X-Frame-Options DENY;
       add_header X-Content-Type-Options nosniff;
+      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
       add_header Content-Security-Policy "script-src 'self'; object-src 'none'; frame-src 'none'";
       add_header Cache-Control "no-cache,no-store,must-revalidate";
       add_header Pragma no-cache;
@@ -154,15 +156,9 @@ http {
       proxy_pass https://doc-search.test.osinfra.cn/;
     }
 
-
     error_page 401 402 403 405 406 407 413 414 /error.html;
-    error_page 404 /404.html;
     error_page 500 501 502 503 504 505 /error.html;
-
-
-    location = /404.html {
-      root /usr/share/nginx/www;
-    }
+    error_page 404 /index.html;
 
     location = /error.html {
       root /usr/share/nginx/www;