diff --git a/INSTALL/INSTALL.rhel7.md b/INSTALL/INSTALL.rhel7.md
index f1a9fa7..d382618 100644
--- a/INSTALL/INSTALL.rhel7.md
+++ b/INSTALL/INSTALL.rhel7.md
@@ -121,4 +121,11 @@ Set file ownership for monarc installation
         Require all granted
     </Directory>
 
+    <IfModule mod_headers.c>
+       Header always set X-Content-Type-Options nosniff
+       Header always set X-XSS-Protection "1; mode=block"
+       Header always set X-Robots-Tag none
+       Header always set X-Frame-Options SAMEORIGIN
+    </IfModule>
+
     SetEnv APPLICATION_ENV "development"
diff --git a/INSTALL/INSTALL.ubuntu1604.md b/INSTALL/INSTALL.ubuntu1604.md
index 4789206..c74d409 100644
--- a/INSTALL/INSTALL.ubuntu1604.md
+++ b/INSTALL/INSTALL.ubuntu1604.md
@@ -42,6 +42,13 @@ Especially by setting a strong root password.
             Require all granted
         </Directory>
 
+        <IfModule mod_headers.c>
+           Header always set X-Content-Type-Options nosniff
+           Header always set X-XSS-Protection "1; mode=block"
+           Header always set X-Robots-Tag none
+           Header always set X-Frame-Options SAMEORIGIN
+        </IfModule>
+
         SetEnv APPLICATION_ENV "development"
     </VirtualHost>
 
diff --git a/INSTALL/INSTALL.ubuntu1804.md b/INSTALL/INSTALL.ubuntu1804.md
index a7c1fdd..156f409 100644
--- a/INSTALL/INSTALL.ubuntu1804.md
+++ b/INSTALL/INSTALL.ubuntu1804.md
@@ -42,6 +42,13 @@ Especially by setting a strong root password.
             Require all granted
         </Directory>
 
+        <IfModule mod_headers.c>
+           Header always set X-Content-Type-Options nosniff
+           Header always set X-XSS-Protection "1; mode=block"
+           Header always set X-Robots-Tag none
+           Header always set X-Frame-Options SAMEORIGIN
+        </IfModule>
+
         SetEnv APPLICATION_ENV "development"
     </VirtualHost>
 
diff --git a/config/autoload/local.php.dist b/config/autoload/local.php.dist
index cb698c8..4448862 100644
--- a/config/autoload/local.php.dist
+++ b/config/autoload/local.php.dist
@@ -93,6 +93,8 @@ return array(
         'from' => 'info@monarc.lu',
     ],
 
+    'mospApiUrl' => 'https://objects.monarc.lu/api/v1/',
+
     'terms' => 'https://my.monarc.lu/terms.html',
 
     'monarc' => array(
diff --git a/vagrant/bootstrap.sh b/vagrant/bootstrap.sh
index 939510c..5b3062c 100644
--- a/vagrant/bootstrap.sh
+++ b/vagrant/bootstrap.sh
@@ -82,6 +82,7 @@ done
 echo -e "\n--- Enabling mod-rewrite and ssl… ---\n"
 a2enmod rewrite > /dev/null 2>&1
 a2enmod ssl > /dev/null 2>&1
+a2enmod headers > /dev/null 2>&1
 
 echo -e "\n--- Allowing Apache override to all ---\n"
 sudo sed -i "s/AllowOverride None/AllowOverride All/g" /etc/apache2/apache2.conf
@@ -162,6 +163,13 @@ cat > /etc/apache2/sites-enabled/000-default.conf <<EOF
         Require all granted
     </Directory>
 
+    <IfModule mod_headers.c>
+       Header always set X-Content-Type-Options nosniff
+       Header always set X-XSS-Protection "1; mode=block"
+       Header always set X-Robots-Tag none
+       Header always set X-Frame-Options SAMEORIGIN
+    </IfModule>
+
     SetEnv APPLICATION_ENV $ENVIRONMENT
     SetEnv APP_DIR $PATH_TO_MONARC
 </VirtualHost>
@@ -230,9 +238,11 @@ return array(
             'from' => 'info@monarc.lu',
     ],
 
+    'mospApiUrl' => 'https://objects.monarc.lu/api/v1/',
+
     'monarc' => array(
         'ttl' => 60, // timeout
-        'salt' => '', // salt privé pour chiffrement pwd
+        'salt' => '', // private salt for password encryption
     ),
 );
 EOF