diff --git a/xb-00-01/nginx/include/header-security.conf b/xb-00-01/nginx/include/header-security.conf
new file mode 100644
index 0000000..0db27cb
--- /dev/null
+++ b/xb-00-01/nginx/include/header-security.conf
@@ -0,0 +1,6 @@
+		add_header Strict-Transport-Security	"max-age=126200000; includeSubDomains; preload";
+		add_header X-Frame-Options				"DENY";
+		add_header X-Content-Type-Options		nosniff;
+		add_header Content-Security-Policy		"default-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'none'; connect-src 'none'; frame-src 'none'; style-src 'self'; font-src 'self'";
+		add_header Referrer-Policy				no-referrer;
+