diff --git a/03frontends.cfg b/03frontends.cfg
index 195432b..8b379f6 100644
--- a/03frontends.cfg
+++ b/03frontends.cfg
@@ -298,16 +298,20 @@ frontend frontend_default
 
   acl letsencrypt path_beg /.well-known/acme-challenge/
 
-  acl laminar hdr(host) -i laminar.benoit.jp.net
+  acl archive hdr(host) -i blog.benpro.fr.archive.benoit.jp.net
+  acl archive hdr(host) -i lekernelpanique.fr.archive.benoit.jp.net
+  acl archive hdr(host) -i sysadmin-bookmarks.archive.benoit.jp.net
   acl forgejo hdr(host) -i forgejo.benoit.jp.net
-  acl mastodon hdr(host) -i mastodon.benoit.jp.net
+  acl laminar hdr(host) -i laminar.benoit.jp.net
   acl linkding hdr(host) -i linkding.benoit.jp.net
+  acl mastodon hdr(host) -i mastodon.benoit.jp.net
   #http-request deny if dns !JP !SG !letsencrypt
 
-  use_backend letsencrypt if letsencrypt
-  use_backend laminar if laminar
+  use_backend archive if archive
   use_backend forgejo if forgejo
-  use_backend mastodon if mastodon
+  use_backend laminar if laminar
+  use_backend letsencrypt if letsencrypt
   use_backend linkding if linkding
+  use_backend mastodon if mastodon
 
   default_backend default
diff --git a/05backends.cfg b/05backends.cfg
index e60ddae..8b68b35 100644
--- a/05backends.cfg
+++ b/05backends.cfg
@@ -44,3 +44,13 @@ backend linkding
   http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
   http-response set-header Cross-Origin-Resource-Policy "same-origin"
   server linkding linkding.incus:9090 check
+
+backend archive
+  # set HSTS for one year after all responses
+  http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+  # add some Security headers
+  http-response set-header X-Frame-Options "SAMEORIGIN"
+  http-response set-header X-Content-Type-Options "nosniff"
+  http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
+  http-response set-header Cross-Origin-Resource-Policy "same-origin"
+  server archive archive.incus:80 check