diff --git a/caddy/bensuperpc.org/Caddyfile b/caddy/bensuperpc.org/Caddyfile
index 400fb6d..a76eef1 100644
--- a/caddy/bensuperpc.org/Caddyfile
+++ b/caddy/bensuperpc.org/Caddyfile
@@ -29,6 +29,9 @@ www.bensuperpc.org {
 
 		# clickjacking protection
 		X-Frame-Options DENY
+
+		# Disable powerful features we don't need
+        Permissions-Policy "geolocation=(), camera=(), microphone=() interest-cohort=()"
 	}
 }
 
diff --git a/docker-compose.backup.yml b/docker-compose.backup.yml
index 0a1c570..2e93e05 100644
--- a/docker-compose.backup.yml
+++ b/docker-compose.backup.yml
@@ -17,7 +17,7 @@ services:
       - caddy_config:/backup/caddy_config:ro
 #      - gitea_data:/backup/gitea_data:ro
 #      - gitea_config:/backup/gitea_config:ro
-#      - database:/backup/database:ro
+#      - wordpress_db:/backup/wordpress_db:ro
 #      - wordpress:/backup/wordpress:ro
 #      - jellyfin_config:/backup/jellyfin_config:ro
 #      - jellyfin_data:/backup/jellyfin_data:ro
diff --git a/docker-compose.caddy.yml b/docker-compose.caddy.yml
index 27f281d..7119e3e 100644
--- a/docker-compose.caddy.yml
+++ b/docker-compose.caddy.yml
@@ -18,17 +18,26 @@ services:
       - ./caddy:/etc/caddy:ro
     networks:
       - infra-network
+    env_file:
+      - env/caddy.env
+    cap_add:
+      - NET_ADMIN
     security_opt:
       - no-new-privileges:true
-#    cap_drop:
-#      - ALL
-#    cap_add:
-#      - CHOWN
-#      - FOWNER
-#      - DAC_OVERRIDE
-#      - SETGID
-#      - SETUID
-#      - NET_BIND_SERVICE
+    #    cap_drop:
+    #      - ALL
+    #    cap_add:
+    #      - CHOWN
+    #      - FOWNER
+    #      - DAC_OVERRIDE
+    #      - SETGID
+    #      - SETUID
+    #      - NET_BIND_SERVICE
+    healthcheck:
+      test: pidof caddy || exit 1
+      interval: 120s
+      timeout: 10s
+      retries: 3
 
 volumes:
   caddy_data:
diff --git a/docker-compose.wordpress.yml b/docker-compose.wordpress.yml
index faf0e39..d010a71 100644
--- a/docker-compose.wordpress.yml
+++ b/docker-compose.wordpress.yml
@@ -32,7 +32,7 @@ services:
       - caddy
     restart: on-failure
     volumes:
-      - database:/var/lib/mysql:rw
+      - wordpress_db:/var/lib/mysql:rw
     env_file:
       - env/wordpress_db.env
     command: '--default-authentication-plugin=mysql_native_password'
@@ -42,7 +42,7 @@ services:
       - no-new-privileges:true
 
 volumes:
-  database:
-    name: database
+  wordpress_db:
+    name: wordpress_db
   wordpress:
     name: wordpress
\ No newline at end of file
diff --git a/env/caddy.env b/env/caddy.env
new file mode 100644
index 0000000..e69de29