{% if ansible_controlled is defined and ansible_controlled != "" %}
#
# {{ ansible_controlled }}
#
{% endif %}
#
# Various security rules
#

{% if nginx_security_xframeoptions %}
# Clickjacking protection
add_header X-Frame-Options "sameorigin";
{% endif %}

{% if nginx_security_xxssprotection %}
# Cross-site scripting (XSS) filter
add_header X-XSS-Protection "1; mode=block";
{% endif %}

{% if nginx_security_xcontenttypeoptions %}
# Prevents from MIME-sniffing a response away from the declared content-type
add_header X-Content-Type-Options "nosniff";
{% endif %}