diff --git a/README.md b/README.md
index 8e4f228..eb64007 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
 
 Mastodon is a free, open-source microblogging social network. It is a decentralized alternative to commercial platforms like Twitter and avoids the risks of a single company monopolizing your communication for commercial purposes. 
 
-**Shipped version:** 4.1.2~ynh2
+**Shipped version:** 4.1.3~ynh1
 
 **Demo:** https://joinmastodon.org/
 
diff --git a/README_fr.md b/README_fr.md
index 66b195f..51f753e 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -19,7 +19,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
 Mastodon est un réseau social de microblog auto-hébergé et open source. C'est une alternative décentralisée aux plates-formes commerciales comme Twitter. Mastodon évite ainsi les risques qu'une seule société monopolise votre communication à des fins commerciales.
 
 
-**Version incluse :** 4.1.2~ynh2
+**Version incluse :** 4.1.3~ynh1
 
 **Démo :** https://joinmastodon.org/
 
diff --git a/conf/nginx.conf b/conf/nginx.conf
index e6286ac..3cf0942 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,7 +1,5 @@
-# upload max size
-client_max_body_size 100M;
+client_max_body_size 99m;
 
-# add to v1.4 assets
 root __INSTALL_DIR__/live/public;
 
 location / {
@@ -13,23 +11,86 @@ location / {
   include conf.d/yunohost_panel.conf.inc;
 }
 
-location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
-  more_set_headers "Cache-Control: public, max-age=31536000, immutable";
-  more_set_headers "Strict-Transport-Security: max-age=31536000";
-  try_files $uri @proxy;
+location ~ /sw.js {
+  more_set_headers "Cache-Control: public, max-age=604800, must-revalidate";
+  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
+  try_files $uri =404;
 }
 
-location /sw.js {
-  more_set_headers "Cache-Control: public, max-age=0";
-  more_set_headers "Strict-Transport-Security: max-age=31536000";
-  try_files $uri @proxy;
+location ~ ^/assets/ {
+  more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
+  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
+  try_files $uri =404;
+}
+
+location ~ ^/avatars/ {
+  more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
+  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
+  try_files $uri =404;
+}
+
+location ~ ^/emoji/ {
+  more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
+  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
+  try_files $uri =404;
+}
+
+location ~ ^/headers/ {
+  more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
+  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
+  try_files $uri =404;
+}
+
+location ~ ^/packs/ {
+  more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
+  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
+  try_files $uri =404;
+}
+
+location ~ ^/shortcuts/ {
+  more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
+  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
+  try_files $uri =404;
+}
+
+location ~ ^/sounds/ {
+  more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
+  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
+  try_files $uri =404;
+}
+
+location ~ ^/system/ {
+  more_set_headers "Cache-Control: public, max-age=2419200, immutable";
+  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
+  more_set_headers "X-Content-Type-Option: nosniff";
+  more_set_headers "Content-Security-Policy: default-src 'none'; form-action 'none'";
+  try_files $uri =404;
+}
+
+location ^~ /api/v1/streaming {
+  proxy_set_header Host $host;
+  proxy_set_header X-Real-IP $remote_addr;
+  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  proxy_set_header X-Forwarded-Proto $scheme;
+  proxy_set_header Proxy "";
+
+  proxy_pass http://127.0.0.1:__PORT_STREAM__;
+  proxy_buffering off;
+  proxy_redirect off;
+  proxy_http_version 1.1;
+  proxy_set_header Upgrade $http_upgrade;
+  proxy_set_header Connection $connection_upgrade;
+
+  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
+
+  tcp_nodelay on;
 }
 
 location @proxy {
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-  proxy_set_header X-Forwarded-Proto https;
+  proxy_set_header X-Forwarded-Proto $scheme;
   proxy_set_header Proxy "";
   proxy_pass_header Server;
 
@@ -38,31 +99,13 @@ location @proxy {
   proxy_redirect off;
   proxy_http_version 1.1;
   proxy_set_header Upgrade $http_upgrade;
-  proxy_set_header Connection "upgrade";
+  proxy_set_header Connection $connection_upgrade;
 
-  #proxy_cache CACHE;
+  proxy_cache CACHE;
   proxy_cache_valid 200 7d;
   proxy_cache_valid 410 24h;
   proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
   more_set_headers "X-Cached: $upstream_cache_status";
-  more_set_headers "Strict-Transport-Security: max-age=31536000";
-
-  tcp_nodelay on;
-}
-
-location /api/v1/streaming {
-  proxy_set_header Host $host;
-  proxy_set_header X-Real-IP $remote_addr;
-  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-  proxy_set_header X-Forwarded-Proto https;
-  proxy_set_header Proxy "";
-
-  proxy_pass http://127.0.0.1:__PORT_STREAM__;
-  proxy_buffering off;
-  proxy_redirect off;
-  proxy_http_version 1.1;
-  proxy_set_header Upgrade $http_upgrade;
-  proxy_set_header Connection "upgrade";
 
   tcp_nodelay on;
 }
diff --git a/manifest.toml b/manifest.toml
index 6732c11..9d2e750 100644
--- a/manifest.toml
+++ b/manifest.toml
@@ -5,7 +5,7 @@ name = "Mastodon"
 description.en = "Libre and federated social network"
 description.fr = "Réseau social libre et fédéré"
 
-version = "4.1.2~ynh2"
+version = "4.1.3~ynh1"
 
 maintainers = ["yalh76"]
 
@@ -52,8 +52,8 @@ ram.runtime = "500M"
 [resources]
     [resources.sources]
         [resources.sources.main]
-        url = "https://github.com/tootsuite/mastodon/archive/refs/tags/v4.1.2.tar.gz"
-        sha256 = "12837c7b57acc11ebd24b23a270500c8917459ecdc2a841ba452296b02bcaf29"
+        url = "https://github.com/tootsuite/mastodon/archive/refs/tags/v4.1.3.tar.gz"
+        sha256 = "5fd18661a990d09053673bfa8bcd880ab661109eb472a9d9f22b6d5f8dbf3e37"
         autoupdate.strategy = "latest_github_release"
 
     [resources.system_user]