[VPAT-50] chore(security): add X-Frame-Options header to nginx configuration to prevent clickjacking attacks (#8507)

* [VPAT-50] chore(security): add X-Frame-Options header to nginx configuration to prevent clickjacking attacks

* [SECURITY] chore: enhance nginx configuration with additional security headers

apps/admin/nginx/nginx.conf

@@ -20,6 +20,12 @@ http {
   server {
     listen 3000;
 
+    # Security headers
+    add_header X-Frame-Options "DENY" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+
     location / {
       root   /usr/share/nginx/html;
       index  index.html index.htm;

apps/web/nginx/nginx.conf

@@ -20,6 +20,12 @@ http {
   server {
     listen 3000;
 
+    # Security headers
+    add_header X-Frame-Options "DENY" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+
     location / {
       root   /usr/share/nginx/html;
       index  index.html index.htm;