You can add the following headers in your nginx.conf or server entry to improve website security
add_header X-Frame-Options sameorigin; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection '1; mode=block'; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; add_header Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval'"; add_header Referrer-Policy strict-origin;