diff --git a/.buildpacks b/.buildpacks
index eb37ea6bad6..e66e2c9af3c 100644
--- a/.buildpacks
+++ b/.buildpacks
@@ -1,5 +1,5 @@
 https://github.com/rcaught/heroku-buildpack-cmake#e4e2c9e
 https://github.com/emk/heroku-buildpack-rust#578d630
 https://codon-buildpacks.s3.amazonaws.com/buildpacks/heroku/emberjs.tgz
-https://github.com/ryandotsmith/nginx-buildpack.git#af813ba
+https://github.com/travis-ci/nginx-buildpack.git#2fbde35
 https://github.com/sgrif/heroku-buildpack-diesel#f605edd
diff --git a/app.json b/app.json
index 82646a94de3..5ed46433101 100644
--- a/app.json
+++ b/app.json
@@ -56,19 +56,7 @@
   ],
   "buildpacks": [
       {
-        "url": "https://github.com/rcaught/heroku-buildpack-cmake.git#e4e2c9e"
+        "url": "https://github.com/heroku/heroku-buildpack-multi"
       },
-      {
-        "url": "https://github.com/emk/heroku-buildpack-rust.git#578d630"
-      },
-      {
-        "url": "https://codon-buildpacks.s3.amazonaws.com/buildpacks/heroku/emberjs.tgz"
-      },
-      {
-        "url": "https://github.com/ryandotsmith/nginx-buildpack.git#af813ba"
-      },
-      {
-        "url": "https://github.com/sgrif/heroku-buildpack-diesel.git#f605edd"
-      }
   ]
 }
diff --git a/config/nginx.conf.erb b/config/nginx.conf.erb
index b2caaf17fa5..35c64d45120 100644
--- a/config/nginx.conf.erb
+++ b/config/nginx.conf.erb
@@ -9,11 +9,11 @@ events {
 }
 
 http {
-        gzip on;
-        gzip_comp_level 2;
-        gzip_proxied any;
-        gzip_min_length 512;
-        gzip_types text/plain text/css application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+xml application/rdf+xml image/svg+xml;
+	gzip on;
+	gzip_comp_level 2;
+	gzip_proxied any;
+	gzip_min_length 512;
+	gzip_types text/plain text/css application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+xml application/rdf+xml image/svg+xml;
 
 	server_tokens off;
 
@@ -26,7 +26,7 @@ http {
 	sendfile on;
 
 	client_body_timeout 30;
-        client_max_body_size 50m;
+	client_max_body_size 50m;
 
 	upstream app_server {
 		server localhost:8888 fail_timeout=0;
@@ -36,20 +36,23 @@ http {
 		listen <%= ENV["PORT"] %>;
 		server_name _;
 		keepalive_timeout 5;
-                add_header Strict-Transport-Security "max-age=31536000";
 
-                location ~ ^/assets/ {
-                        add_header Cache-Control public;
-                        root dist;
-                        expires max;
-                }
+		location ~ ^/assets/ {
+			add_header Strict-Transport-Security "max-age=31536000" always;
+			add_header X-Content-Type-Options nosniff;
+			add_header Cache-Control public;
+			root dist;
+			expires max;
+		}
+
 		location / {
+			add_header Strict-Transport-Security "max-age=31536000" always;
 			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 			proxy_set_header Host $http_host;
 			proxy_redirect off;
-                        if ($http_x_forwarded_proto != 'https') {
-                            rewrite ^ https://$host$request_uri? permanent;
-                        }
+			if ($http_x_forwarded_proto != 'https') {
+				rewrite ^ https://$host$request_uri? permanent;
+			}
 			proxy_pass http://app_server;
 		}
 	}