diff --git a/config/apache/standardebooks.org.conf b/config/apache/standardebooks.org.conf
index dbd0d0ca..fcdfc702 100644
--- a/config/apache/standardebooks.org.conf
+++ b/config/apache/standardebooks.org.conf
@@ -66,14 +66,7 @@ Define domain standardebooks.org
 	SSLCertificateFile	/etc/letsencrypt/live/${domain}/fullchain.pem
 	SSLCertificateKeyFile	/etc/letsencrypt/live/${domain}/privkey.pem
 	Header			always set Strict-Transport-Security "max-age=15768000"
-
-	# CSP still causes a lot of problems with Firefox (can't use inline CSS debugger, etc.) so disable for now.
-	# Header			set Content-Security-Policy "default-src 'self';"
-
-	# # Below is required to fix a Firefox bug with CSP and SVG images; see https://pokeinthe.io/2016/04/09/black-icons-with-svg-and-csp/
-	# <FilesMatch "\.svg$">
-	# 	Header		set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline';"
-	# </FilesMatch>
+	Header			set Content-Security-Policy "default-src 'self';"
 
 	# Log downloads
 	SetEnvIf Request_URI "\.epub$" logdownload
@@ -132,7 +125,8 @@ Define domain standardebooks.org
 
 	# Forward all PHP requests to the php-fpm pool for this domain.
 	<FilesMatch \.php$>
-		SetHandler "proxy:unix:/run/php/${domain}.sock|fcgi://${domain}"
+		SetHandler	"proxy:unix:/run/php/${domain}.sock|fcgi://${domain}"
+		Header		set Cache-Control "no-store"
 	</FilesMatch>
 
 	# Set some proxy properties.
diff --git a/config/apache/standardebooks.test.conf b/config/apache/standardebooks.test.conf
index 5e2167a0..00509c83 100644
--- a/config/apache/standardebooks.test.conf
+++ b/config/apache/standardebooks.test.conf
@@ -65,14 +65,7 @@ Define domain standardebooks.test
 	SSLCertificateFile	/standardebooks.org/web/config/ssl/${domain}.crt
 	SSLCertificateKeyFile	/standardebooks.org/web/config/ssl/${domain}.key
 	Header			always set Strict-Transport-Security "max-age=15768000"
-
-	# CSP still causes a lot of problems with Firefox (can't use inline CSS debugger, etc.) so disable for now.
-	# Header			set Content-Security-Policy "default-src 'self';"
-
-	# # Below is required to fix a Firefox bug with CSP and SVG images; see https://pokeinthe.io/2016/04/09/black-icons-with-svg-and-csp/
-	# <FilesMatch "\.svg$">
-	# 	Header		set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline';"
-	# </FilesMatch>
+	Header			set Content-Security-Policy "default-src 'self';"
 
 	# Log downloads
 	SetEnvIf Request_URI "\.epub$" logdownload
@@ -131,7 +124,8 @@ Define domain standardebooks.test
 
 	# Forward all PHP requests to the php-fpm pool for this domain.
 	<FilesMatch \.php$>
-		SetHandler "proxy:unix:/run/php/${domain}.sock|fcgi://${domain}"
+		SetHandler	"proxy:unix:/run/php/${domain}.sock|fcgi://${domain}"
+		Header		set Cache-Control "no-store"
 	</FilesMatch>
 
 	# Set some proxy properties.