diff --git a/conf.d/rfmwtools-test.conf b/conf.d/rfmwtools-test.conf
index 6a59873..d1a9f70 100644
--- a/conf.d/rfmwtools-test.conf
+++ b/conf.d/rfmwtools-test.conf
@@ -19,12 +19,21 @@ server {
     access_log /var/log/nginx/rfmwtools-test.access.log;
     error_log  /var/log/nginx/rfmwtools-test.error.log;
 
+    # CSP-only framing
+    add_header Content-Security-Policy "frame-ancestors https://*.psi.ch" always;
+    add_header X-Frame-Options "" always;
+
+    location ~* \.(js|css|html|gif|png|jpg|ico)$ {
+        autoindex off;
+        try_files $uri =404;
+    }
+
     location / {
         autoindex on;
         autoindex_exact_size off;
         autoindex_localtime on;
 
-        try_files $uri $uri/ =404;
+        try_files $uri/ =404;
     }
 }