diff --git a/src/main/java/com/zcloud/config/CORSFilter.java b/src/main/java/com/zcloud/config/CORSFilter.java
index bd27fe84..62fc6011 100644
--- a/src/main/java/com/zcloud/config/CORSFilter.java
+++ b/src/main/java/com/zcloud/config/CORSFilter.java
@@ -48,7 +48,12 @@ public class CORSFilter implements Filter {
 			response.setHeader("x-frame-options","SAMEORIGIN"); // ****
 			response.setHeader("X-Content-Type-Options","nosniff");
 			response.setHeader("Content-Security-Policy","default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';");
-			filterChain.doFilter(servletRequest, servletResponse);
+			// 一公司烯体哦那个系统漏洞修复
+			response.setHeader("X-XSS-Protection", "1; mode=block");
+			response.setHeader("X-Permitted-Cross-Domain-Policies", "none");
+			response.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload");
+			response.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
+		filterChain.doFilter(servletRequest, servletResponse);
 //		}
 	}
 
diff --git a/src/main/java/com/zcloud/config/EncodingFilterConfig.java b/src/main/java/com/zcloud/config/EncodingFilterConfig.java
index 007f0a55..ec60b1b1 100644
--- a/src/main/java/com/zcloud/config/EncodingFilterConfig.java
+++ b/src/main/java/com/zcloud/config/EncodingFilterConfig.java
@@ -19,6 +19,7 @@ public class EncodingFilterConfig {
         characterEncodingFilter.setForceEncoding(true);
         characterEncodingFilter.setEncoding("UTF-8");
         registrationBean.setFilter(characterEncodingFilter);
+        registrationBean.addUrlPatterns("/*");
         return registrationBean;
     }
 }