diff --git a/hosts/VEGAS/services/cdn-shield/default.nix b/hosts/VEGAS/services/cdn-shield/default.nix
new file mode 100644
index 0000000..808550f
--- /dev/null
+++ b/hosts/VEGAS/services/cdn-shield/default.nix
@@ -0,0 +1,11 @@
+{ config, lib, toolsets, ... }:
+
+let
+  tools = toolsets.nginx {
+    inherit lib config;
+    domain = "cdn-shield.${toolsets.meta.domain}";
+  };
+in
+{
+  services.nginx.virtualHosts = tools.mappers.mapSubdomains (import ./shields.nix { inherit tools; });
+}
diff --git a/hosts/VEGAS/services/cdn-shield/shields.nix b/hosts/VEGAS/services/cdn-shield/shields.nix
new file mode 100644
index 0000000..cb2b67e
--- /dev/null
+++ b/hosts/VEGAS/services/cdn-shield/shields.nix
@@ -0,0 +1,7 @@
+{ tools }:
+with tools.vhosts;
+{
+  "fonts-googleapis-com" = proxyGhost "https" "fonts.googleapis.com";
+  "fonts-gstatic-com" = proxyGhost "https" "fonts.gstatic.com";
+  "cdnjs-cloudflare-com" = proxyGhost "https" "cdnjs.cloudflare.com";
+}
diff --git a/hosts/VEGAS/system.nix b/hosts/VEGAS/system.nix
index 1e371e4..b7e455d 100644
--- a/hosts/VEGAS/system.nix
+++ b/hosts/VEGAS/system.nix
@@ -17,6 +17,7 @@
       # Services
       ./services/backbone-routing
       ./services/bitwarden
+      ./services/cdn-shield
       ./services/dns
       ./services/fbi
       ./services/bitwarden
diff --git a/tools/nginx.nix b/tools/nginx.nix
index 73a93ba..cdf8360 100644
--- a/tools/nginx.nix
+++ b/tools/nginx.nix
@@ -43,6 +43,16 @@ let
         '';
       };
 
+      proxyGhost = scheme: target: basic // {
+        locations."/".extraConfig = ''
+          proxy_pass ${scheme}://${target};
+          proxy_set_header Host ${target};
+          proxy_set_header Referer ${scheme}://${target};
+          proxy_cookie_domain ${target} domain.invalid;
+          proxy_set_header Cookie "";
+        '';
+      };
+
     };
   }) tools;
 in tools