Make Nginx security parameters configurable

roles/webserver/defaults/main.yml

@@ -10,6 +10,9 @@ with_nginx: False
 nginx_workers: 2
 nginx_ssl_strengthened: False
 nginx_http_config: Null
+nginx_security_xframeoptions: True
+nginx_security_xxssprotection: True
+nginx_security_xcontenttypeoptions: True
 
 with_modphp5: False
 

roles/webserver/templates/nginx/vhost_security.j2

@@ -6,11 +6,17 @@
 # Various security rules
 #
 
+{% if nginx_security_xframeoptions %}
 # Clickjacking protection
 add_header X-Frame-Options "sameorigin";
+{% endif %}
 
+{% if nginx_security_xxssprotection %}
 # Cross-site scripting (XSS) filter
 add_header X-XSS-Protection "1; mode=block";
+{% endif %}
 
+{% if nginx_security_xcontenttypeoptions %}
 # Prevents from MIME-sniffing a response away from the declared content-type
 add_header X-Content-Type-Options "nosniff";
+{% endif %}